Cannot Update Databases

[scrackernyc]

Greets.

I see that I'm not alone:

   1. "Databases out of Date"

   2. cannot update the databases

 

Program Detail:

   Malwarebytes Anti-Malware 2.0.2.1012

   Build Date: 2014-05-12

.   .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   .

 

Malwarebytes runs when system is started.

After some length of time, Malwarebytes reports scanning is complete.

One 'hit' each time (I don't recall the file name), which is auto-quarantined.

 

FRST64 logs attached.

I've Disabled (in Windows Firewall) the peer-to-peer programs that I recognize.

   (Although I've installed & played with such programs, I use None of them.)

Have enabled option "Follow this topic".

I cannot find option 'Immediate e-Mail Notification'.

 

Kindly advise.  Thanks in advance.

.   .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   .

 

N.B.:  Creating a post such as this would be A Lot faster & easier if one could Paste text in the message field.   ;o

FRST.txt

[scrackernyc]

Failed to attach the Addition log.  Please see here.

Addition.txt

[MrCharlie]

Welcome to the forum.

General P2P/Piracy Warning:

 

1. If you're using Peer 2 Peer software such uTorrent, BitTorrent or similar you must either fully uninstall it or completely disable it from running while being assisted here.

2. If you have illegal/cracked software (MS Office, Adobe Products), cracks, keygens, custom (Adobe) host file, etc. on the system, please remove or uninstall them now and read the policy on Piracy.

Failure to remove such software will result in your topic being closed and no further assistance being provided.

Please run a Quick Scan with Malwarebytes

For Malwarebytes ver: 1.75

Open up Malwarebytes > Settings Tab > Scanner Settings > Under action for PUP > Select: Show in Results List and Check for removal.

Please Update and run a Quick Scan with Malwarebytes Anti-Malware, post the report.

Make sure that everything is checked, and click Remove Selected.

For Malwarebytes 2.0, please run a Threat Scan

Click on Settings > Detection and Protection > Non-Malware Protection > PUP (Potentially Unwanted Program) detections > Make sure it's set to Treat detections as malware

Same for PUM (Potentially Unwanted Modifications)

Quarantine all that's found

Then.......

Please download and run RogueKiller 32 bit to your desktop.

RogueKiller<---use this one for 64 bit systems

Which system am I using?

Quit all running programs.

For Windows XP, double-click to start.

For Vista or Windows 7-8, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system.

When the scan completes > Close out the program > Don't Fix anything!

Don't run any other options, they're not all bad!!!!!!!

Post back the report which should be located on your desktop.

(please don't put logs in code or quotes and use the default font)

MrC

Note:

Please read all of my instructions completely including these.

Make sure system restore is turned on and running. Create a new restore point

Make sure you're subscribed to this topic: Click on the Follow This Topic Button (at the top right of this page), make sure that the Receive notification box is checked and that it is set to Instantly

Removing malware can be unpredictable...unlikely but things can go very wrong! Backup any files that cannot be replaced. You can copy them to a CD/DVD, external drive or a pen drive

<+>Please don't run any other scans, download, install or uninstall any programs while I'm working with you.

<+>The removal of malware isn't instantaneous, please be patient.

<+>When we are done, I'll give to instructions on how to cleanup all the tools and logs

<+>Please stick with me until I give you the "all clear" and Please don't waste my time by leaving before that.

------->Your topic will be closed if you haven't replied within 3 days!<--------

If I don't respond within 24 hours, please send me a PM

[scrackernyc]

Greets, MrCharlie.

I've attached the RogueKiller scan log (file = "RKreport_SCN_07172014_083111.log").

 

Note:

  1. I did create a new Restore Point.

  2. I have Not Yet restarted my machine since running the Malwarebytes scan.

      (I gather, a "Threat Scan" is a regular scan.  In any case, I've Quaranteened all items reported.)

 

Please advise next steps.

Thanks in advance for your help.

Rgds.

      Geo. Hughan

      scrackernyc

RKreport_SCN_07172014_083111.log

[MrCharlie]

Make sure you have created a restore point and.....
Download Delfix from Here and save it to your desktop.

• Place a check mark in front of .......
• Create registry backup <---only!
• Uncheck the rest!
• Click the Run button.
  
  Close the tool out when it's done....we'll use it later.
  
  -------------------------------------------
  
  Did you install this program: (if not please uninstall it)
  C:\Program Files (x86)\Social Privacy DNS
  (should be removed:
• http://www.enigmasoftware.com/socialprivacydns-removal/)
  -------------------------
  
  Please uninstall all of these...... (adware)
  7-zip v9.20
  BFlix
  File Type Assistant
  Final Media Player 2012
  
  -----------------------------------------------
  
  Download the attached fixlist.txt to the same folder as FRST.exe/FRST64.exe.
  Run FRST.exe/FRST64.exe and click Fix only once and wait
  The tool will create a log (Fixlog.txt) in the folder, please post it to your reply.
  
  ----------------------------------------------
  
  
  Please download AdwCleaner from HERE or HERE to your desktop.
  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select Run As Administrator
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • When it's done you'll see: Pending: Please uncheck elements you don't want removed.
  • Now click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • Look over the log especially under Files/Folders for any program you want to save.
  • If there's a program you may want to save, just uncheck it from AdwCleaner.
  • If you're not sure, post the log for review. (all items found are either adware/spyware/foistware)
  • If you're ready to clean it all up.....click the Clean button.
  • After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.
  • Items that are deleted are moved to the Quarantine Folder: C:\AdwCleaner\Quarantine
  • To restore an item that has been deleted:
  • Go to Tools > Quarantine Manager > check what you want restored > now click on Restore.
  Next..................
  
  Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
  Next.........
  
  Do a clean re-install of Malwarebytes:
  https://forums.malwarebytes.org/index.php?showtopic=146017
  
  ---------------------------------------
  
  These Chrome setting have to be set manually:
  
  

  CHR RestoreOnStartup: "hxxp://search.conduit.com/?ctid=CT3289075&SearchSource=48&CUI=UN36052597023833215&UM=2", "hxxp://search.yahoo.com/?type=402027&fr=spigot-yhp-ch"

   

  
  https://support.google.com/chrome/answer/95421?hl=en CHR StartupUrls:
  
  
  

  CHR HomePage: hxxp://search.yahoo.com/?type=402027&fr=spigot-yhp-ch

   

  
  https://support.google.com/chrome/answer/95314?hl=en <<<----Home page reset
  
  ------------------------
  
  If you're using Malwarebytes 2.0, please run a Threat Scan
  Click on settings > Detection and Protection > Non-Malware Protection > PUP (Potentially Unwanted Program) detections > Make sure it's set to Treat detections as malware
  Same for PUM (Potentially Unwanted Modifications)
  Quarantine All that's found
  
  MrC

[scrackernyc]

Hello, MrC.

Regret that it's taking so long to work through the routines you've described.

Am working on it, however, and will get back to you with results in a day or two.

 

Meanwhile, here's the current situation.
 

1. You said to remove "Social Privacy DNS" and pointed to a (bad) link to EnigmaSoftware for instructions.

         a. I used the "Social Privacy DNS" Uninstall option.  But, then I ran SpyHunter scan.

         b. The wretched program says it found 2,856 Threats but offers no way to either copy the results or save a report.

         c. It does have a Log that's unreadable, but which I've attach here in case you have a way to decipher it.

 

2. I ran the FRST scan using the "fixlist.txt" file.

         • I've attached file "Fixlog.txt" as instructed.

 

3. Then, I ran the AdwCleaner scan per your instructions. 

         a. The scan reports 108 items "Found".

         b. I need to review the output and select the stuff I want to keep.

         c. Although you didn't ask for one, I've attached a copy of the report for your reference.

 

4. Just now, I got another Malwarebytes scan-complete notice (which scan I don't remember launching). 

         •  That scan reported 1 item, "PUP.Optional.PriceGong.A" file, which I Quarantined.

.   .   .   .   .   .

 

Right.  That's it for now.

Want to send this reply before the rotten message UI times out again.

 

Thanks for your patience.

Rgds.

Geo. Hughan

 

SpyHunter4_20140720_160031.log

Fixlog.txt

AdwCleanerR0.txt

[MrCharlie]

You can have AdwCleaner delete all of those.

 

Did you do a clean install of Malwarebytes???

 

Can you update now Malwarebytes now??

 

MrC

[MrCharlie]

How are we doing??

Do you still need help or can I close this post??

MrC

[scrackernyc]

!!_J*F*Xp _!! 

This interface is one full-figured, mangy, flea-bitten D*O*G.

 

   » Had completed my message and enlarged the screen to find the 'Preview' option (where I believe the 'Attach File'.  And "Hey, presto!": the text was G*O*N*E.

This was the Second Time I had the pleasure.

____________

 

Right.  Assuming this ROTTEN thing doesn't hose me a Third time....

____________

 

Greets, MrCharlie.

 

Have completed all step & think the prob's resolved.

 

Malwarebytes clean-install

Haven't found my Cleverbridge documentation, but worked around the License Key problem:

Exported the RegKey you'd pointed to; restored the entry before reinstalling Malwarebytes.

All seems well.

 

JunkRemovalTool

Had to run this scan after Malwarebytes was back on line.

Started the first scan incorrectly (i.e., not As Administrator); was then unable to do anything because some Temp file was in use.

The problem file went away after one or another Restarts.

!!_Will attach the log as you requested, if I can find the ROTTEN link.

 

SpyHunter

This app is still installed and doing its thing.

For grins, I've run another scan – and the program still reports 2k+ bad or dubious objects.

     » Do you recommend I keep & register  SpyHunter, and then let it work its magick?

_____________

 

 

Thanks very much for bearing with me.  I appreciate you support!

 

Today's last steps took 4+ hr; I figured it would be a long session. 

Hope you'll understand that I couldn't bring myself to starting picking up your script on a weekday, after 8+ hr on my Work machine.

 

Please do write one last time in re. SpyHunter.

If you have any info or thoughts on the Irony of needing so many 'third-party' tools to remove malware from Malwarebytes, I'd like to know.

 

Best Rgds.

     Geo. Hughan

     'scrackernyc'

     North Miami, Florida

 

 

 

 

 

JRT.txt

[MrCharlie]

I'm not familiar with SpyHunter and don't know anyone who uses it.

I suggest you stick with Malwarebytes.

So if everything is OK....

Lets check your computers security before you go and we have a little cleanup to do also:

Download Security Check by screen317 from HERE or HERE.

• Save it to your Desktop.
• Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
• If you get Unsupported operating system. Aborting now, just reboot and try again.
• A Notepad document should open automatically called checkup.txt.
• Please Post the contents of that document.
• Do Not Attach It!!!

MrC

[scrackernyc]

Greets. 

I have the TXT file – but I cannot Paste anything into this interface.

This restriction seems to be an IE setting.  Any idea which one/where?

 

Here's the log.  Happily, only 23 lines.

Text inserted using a work-around (a skill for which I'm known in my company).

 

Will update Java and Firefox after I send you this reply.

Till next....

.   .   .   .   .   .   .   .   .   .   .   .   .   .

 

Results of screen317's Security Check version 0.99.86

Windows 7 Service Pack 1 x64

Internet Explorer 11

``````````````Antivirus/Firewall Check:``````````````

Windows Firewall Enabled!

Avira Desktop

Antivirus up to date! (On Access scanning disabled!)

`````````Anti-malware/Other Utilities Check:`````````

Java 7 Update 55

Java version out of Date!

Adobe Flash Player 14.0.0.145

Adobe Reader XI

Mozilla Firefox 29.0.1 Firefox out of Date!

````````Process Check: objlist.exe by Laurent````````

Malwarebytes Anti-Malware mbamservice.exe

Malwarebytes Anti-Malware mbam.exe

Avira Antivir avgnt.exe

Avira Antivir avguard.exe

Malwarebytes Anti-Malware mbamscheduler.exe

scracker Desktop Malwarebytes Security Check\SecurityCheck.exe

`````````````````System Health check`````````````````

Total Fragmentation on Drive C: 0%

````````````````````End of Log``````````````````````

[MrCharlie]

I have the TXT file – but I cannot Paste anything into this interface.
This restriction seems to be an IE setting. Any idea which one/where?

People have had the same problem, I believe it's related to the forum software.

Update you Java and FF.

Java: Go to control panel > Java > Update Tab > Update Now
Uncheck the box to install the Ask toolbar!!!, McAfee Security Scan Plus or any other free "stuff".

If there's no update tab in Java, uninstall it and Download and install the latest version from Here
Uncheck the box to install the Ask toolbar!!!, McAfee Security Scan Plus or any other free "stuff".

-----------------------------

FF:
https://support.mozilla.org/en-US/kb/update-firefox-latest-version

---------------------------

A little clean up to do....

Please Uninstall ComboFix: (if you used it)

Press the Windows logo key + R to bring up the "run box"

Copy and paste next command in the field:

ComboFix /uninstall

Make sure there's a space between Combofix and /



Then hit enter. (it may look like CF is re-installing but it's not)
This will uninstall Combofix, delete its related folders and files, hide file extensions, hide the system/hidden files and clears System Restore cache and create new Restore point

(If that doesn't work.....you can simply rename ComboFix.exe to Uninstall.exe and double click it to complete the uninstall or download and run the uninstaller)

---------------------------------

Download Delfix from here and save it to your desktop. (you may already have this)

• Ensure Remove disinfection tools is checked.
• Click the Run button.
• Reboot

Any other programs or logs that are still remaining, you can manually delete. (right click.....Delete)
IE: RogueKiller.exe, RKreport.txt, RK_Quarantine folder, C:\FRST folder, FRST-OlderVersion folder, MBAR folder, etc....AdwCleaner > just run the program and click uninstall.

Note:
If you used FRST and can't delete the quarantine folder:
Download the fixlist.txt to the same folder as FRST.exe.
Run FRST.exe and click Fix only once and wait
That will delete the quarantine folder created by FRST.
The rest you can manually delete.

-------------------------------

Any questions...please post back.

If you think I've helped you, please leave a comment > click on my avatar picture > click Profile Feed.

Take a look at My Preventive Maintenance to avoid being infected again.

Good Luck and Thanks for using the forum, MrC

[AdvancedSetup]

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!