babyrichard Posted September 18, 2014 ID:880237 Share Posted September 18, 2014 Hey all! I have a bit of an issue, both Malware Bytes and Malware Bytes Anti-Rootkit are crashing on startup (or in the case of MBAR never starts). I've tried clean installs using mbam-clean and even tried reverting to version 1.75 and they all crash on update seems like.. Hoping for the best, but fear i have contracted something. Please excuse English is not very strong. Thank you! Link to post Share on other sites More sharing options...
kevinf80 Posted September 18, 2014 ID:880257 Share Posted September 18, 2014 Hello and P2P/Piracy Warning: If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here.Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.If you have illegal/cracked software, cracks, keygens etc. on the system, please remove or uninstall them now and read the policy on Piracy. Download Farbar Recovery Scan Tool and save it to your desktop. Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.Double-click to run it. When the tool opens click Yes to disclaimer.Press Scan button.It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply. Next, Please download RogueKiller and save it to your desktop from the following link: http://www.bleepingcomputer.com/download/roguekiller/ Quit all running programs.For Windows XP, double-click to start.For Vista,Windows 7/8, Right-click on the program and select Run as Administrator to start and when prompted allow it to run.Read and accept the EULA (End User Licene Agreement)Click Scan to scan the system.When the scan completes select "Report" save to desktop. Close the program > Don't Fix anything!Post back the report which should be located on your desktop. Let me see those logs in your next reply.. Kevin Link to post Share on other sites More sharing options...
babyrichard Posted September 19, 2014 Author ID:880593 Share Posted September 19, 2014 Thanks! The logs are attached. No other AV finds anything as well :/RKreport_SCN_09182014_100658.logAddition.txtFRST.txt Link to post Share on other sites More sharing options...
kevinf80 Posted September 19, 2014 ID:880681 Share Posted September 19, 2014 Download attached fixlist.txt file and save it to the Desktop, or the folder you saved FRST into.NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work. Run FRST and press the Fix button just once and wait.The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply. Next, Please run a Threat Scan with MBAM. If you're unable to run or complete the scan as shown below please see the following: MBAM Clean Removal Process 2xFollow the relevant steps and ensure to run mbam-clean tool after UNinstalling Malwarebytes. When reinstalling the program please try the latest version from here: http://www.malwarebytes.org/mwb-download/Right click and choose "Run as administrator" to open Malwarebytes Anti-Malware and from the Dashboard please Check for Updates by clicking the Update Now... linkOpen up Malwarebytes > Settings > Detection and Protection > Enable Scan for rootkit and Under Non Malware Protection set both PUP and PUM to Treat detections as malware.Click on the SCAN button and run a Threat Scan with Malwarebytes Anti-Malware by clicking the Scan Now>> button.Once completed please click on the History > Application Logs and find your scan log and open it and then click on the "copy to clipboard" button and post back the results on your next reply. Kevin... fixlist.txt Link to post Share on other sites More sharing options...
babyrichard Posted September 20, 2014 Author ID:881061 Share Posted September 20, 2014 Hello, malware bytes still closes immediately after opening.. Seems that it's checking for updates and just exits. Link to post Share on other sites More sharing options...
kevinf80 Posted September 20, 2014 ID:881077 Share Posted September 20, 2014 As you are unable to update Malwarebytes Anti-Malware's database, please follow the steps below : 1: Download the netconf replacement tool from the link below https://malwarebytes.app.box.com/s/vmg0am1plzyl4m73l75o 2: Unzip the zip file to Extract the "Net Conf Fix" folder on your desktop.3: Once extracted, open the **Net Conf Fix** folder.4: Double click on the net-replacement.bat file. If you are using Windows Vista or higher, please Right-click the net-replacement.bat file and click Run as Administrator from the menu.5: After the tool has run, launch Malwarebytes Anti-Malware and click Update Now... Please let me know if you are able to update the database after running this tool. Kevin.... Link to post Share on other sites More sharing options...
babyrichard Posted September 20, 2014 Author ID:881211 Share Posted September 20, 2014 It stayed open a lot longer, now i clicked update and it said "Checking for updates" for a while, and then closed. Upon re-opening it said i was up to date, so i go to threat scan. It says "Checking for updates" then closes again. Link to post Share on other sites More sharing options...
kevinf80 Posted September 20, 2014 ID:881221 Share Posted September 20, 2014 Select Windows key and R key together. Into the run box type regedit tap enter, Registry Editor will open..... Expand the following key :-HKEY_LOCAL_MACHINE >SOFTWARE > Policies > Microsoft > Windows > safer > codeidentifiers > 0 Do not expand the folder 0 Right click on that folder and choose "Export" save that to your desktop. From the desktop right click on the reg file > select > send to > compressed (zipped) folder....Attach to next reply, Link to post Share on other sites More sharing options...
babyrichard Posted September 21, 2014 Author ID:881568 Share Posted September 21, 2014 I have no folders under codeidentifiers it is the last node in the tree Link to post Share on other sites More sharing options...
kevinf80 Posted September 21, 2014 ID:881571 Share Posted September 21, 2014 Thanks for the update, run the following: Read the following link before we continue and run Combofix:ComboFix usage, Questions, Help? - Look hereNext,Delete any versions of Combofix that you may have on your Desktop, download a fresh copy from either of the following links :-http://download.bleepingcomputer.com/sUBs/ComboFix.exehttp://www.infospyware.net/antimalware/combofix/ Ensure that Combofix is saved directly to the Desktop <--- Very important Disable all security programs as they will have a negative effect on Combofix, instructions available here http://www.bleepingcomputer.com/forums/topic114351.html if required. Be aware the list may not have all programs listed, if you need more help please ask. Close any open browsers and any other programs you might have running Double click the icon to run the tool (Vista or Windows 7 users right click and select "Run as Administrator) Instructions for running Combofix available here http://www.bleepingcomputer.com/combofix/how-to-use-combofix if required. If you are using windows XP It might display a pop up saying that "Recovery console is not installed, do you want to install?" Please select yes & let it download the files it needs to do this. Once the recovery console is installed Combofix will then offer to scan for malware. Select continue or yes. When finished, it will produce a report for you. Please post the "C:\ComboFix.txt" for further review****Note: Do not mouseclick combofix's window while it's running. That may cause it to stall or freeze ****Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell us when you reply. Read here http://thespykiller.co.uk/index.php?page=20 why disabling autoruns is recommended.*EXTRA NOTES* If Combofix detects any Rootkit/Bootkit activity on your system it will give a warning and prompt for a reboot, you must allow it to do so. If Combofix reboot's due to a rootkit, the screen may stay black for several minutes on reboot, this is normal If after running Combofix you receive any type of warning message about registry key's being listed for deletion when trying to open certain items, reboot the system and this will fix the issue (Those items will not be deleted)Post the log in next reply please...Kevin Link to post Share on other sites More sharing options...
babyrichard Posted September 27, 2014 Author ID:883929 Share Posted September 27, 2014 I had to rename the file, kept getting Upload Skipped (No file was selected for upload)ComboFix.log.txt Link to post Share on other sites More sharing options...
kevinf80 Posted September 27, 2014 ID:883943 Share Posted September 27, 2014 Thanks for the log, can you also attach the two following logs from Combofix: C:\QooBox\ComboFix-quarantined-files.txtC:\QooBox\ComboFix2.txt Thanks, Kevin.. Link to post Share on other sites More sharing options...
babyrichard Posted September 28, 2014 Author ID:884241 Share Posted September 28, 2014 Attached, Again ComboFix2.log was renamed due to the error on the forums.. Not sure.ComboFix-quarantined-files.txtcfix2 - Copy.log Link to post Share on other sites More sharing options...
kevinf80 Posted September 28, 2014 ID:884249 Share Posted September 28, 2014 Thanks for the logs, run the following: Please download RogueKiller and save it to your desktop from the following link: http://www.bleepingcomputer.com/download/roguekiller/ Quit all running programs.For Windows XP, double-click to start.For Vista,Windows 7/8, Right-click on the program and select Run as Administrator to start and when prompted allow it to run.Read and accept the EULA (End User Licene Agreement)Click Scan to scan the system.When the scan completes select "Report" save to desktop. Close the program > Don't Fix anything!Post back the report which should be located on your desktop. next, TDSSKiller Scan Please download TDSSKiller and save the file to your Desktop. Right-Click TDSSKiller.exe and select Run as Administrator to run the programme. Click Change parameters. Place a checkmark next to Detect TDLFS file system and Verify file digital signatures. Click Start Scan. Do not use the computer during the scan. If objects are found, change the action to Skip. Click Continue and close the window. A log will be created and saved to the root directory (usually C:\). Copy the contents of the log and paste in your next reply. Let me see those logs....... Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted October 5, 2014 Root Admin ID:886585 Share Posted October 5, 2014 Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread. Thanks! Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted November 1, 2014 Root Admin ID:900513 Share Posted November 1, 2014 Topic reopened per user request Link to post Share on other sites More sharing options...
babyrichard Posted November 4, 2014 Author ID:902467 Share Posted November 4, 2014 Hello again! Attached.RKreport_SCN_11042014_081848.logtds_report.txt Link to post Share on other sites More sharing options...
kevinf80 Posted November 4, 2014 ID:902487 Share Posted November 4, 2014 Thanks for the logs, what issues or concerns are remaining... Do you know of and trust this - ProxyServer : 221.7.145.42:8080 Link to post Share on other sites More sharing options...
babyrichard Posted November 5, 2014 Author ID:902896 Share Posted November 5, 2014 I have a bit of an issue, both Malware Bytes and Malware Bytes Anti-Rootkit are crashing on startup (or in the case of MBAR never starts). I've tried clean installs using mbam-clean and even tried reverting to version 1.75 and they all crash on update seems like.. Hoping for the best, but fear i have contracted something. Same as before unfortunately. No! I dont recognize this setting! What does this mean? Link to post Share on other sites More sharing options...
kevinf80 Posted November 5, 2014 ID:902940 Share Posted November 5, 2014 The proxy settings are addressed to China, basically when you connect to the internet the connection from your computer will go through the proxy. If you did not set this proxy or know of its existance we must assume it is malicious... Run RogueKiller one more time, · Quit all running programs. · Start RogueKiller.exe by double clicking on the icon. · Wait until Prescan has finished. · Ensure all boxes are ticked under "Report" tab. · Click on Scan. · When the scan has completed click on ProxyFix Button. · Click on Report when the Deletion completes. Copy/paste the contents of the report into your next reply. Next, Download RKill from here: http://www.bleepingcomputer.com/download/rkill/ There are three buttons to choose from with different names on, select the first one and save it to your desktop. Double-click on the Rkill desktop icon to run the tool. If using Vista or Windows 7/8, right-click on it and Run As Administrator. A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully. A log pops up at the end of the run. This log file is located at C:\rkill.log. Please post this in your next reply. If you do not see the black box flash on the screen delete the icon from the desktop and go back to the link for the download, select the next button and try to run the tool again, continue to repeat this process using the remaining buttons until the tool runs. You will find further links if you scroll down the page with other names, try them one at a time. If the tool does not run from any of the links provided, please let me know. Next, Please run a Threat Scan with MBAM. If you're unable to run or complete the scan as shown below please see the following: MBAM Clean Removal Process 2xFollow the relevant steps and ensure to run mbam-clean tool after UNinstalling Malwarebytes. When reinstalling the program please try the latest version from here: http://www.malwarebytes.org/mwb-download/Right click and choose "Run as administrator" to open Malwarebytes Anti-Malware and from the Dashboard please Check for Updates by clicking the Update Now... linkOpen up Malwarebytes > Settings > Detection and Protection > Enable Scan for rootkit and Under Non Malware Protection set both PUP and PUM to Treat detections as malware.Click on the SCAN button and run a Threat Scan with Malwarebytes Anti-Malware by clicking the Scan Now>> button.Once completed please click on the History > Application Logs and find your scan log and open it and then click on the "copy to clipboard" button and post back the results on your next reply. Kevin... Link to post Share on other sites More sharing options...
babyrichard Posted November 5, 2014 Author ID:903085 Share Posted November 5, 2014 Sorry i dont see ProxyFix button? Link to post Share on other sites More sharing options...
kevinf80 Posted November 5, 2014 ID:903091 Share Posted November 5, 2014 Yes the interface for RogueKiller is changed, need to upload and run myself to have a look at the new layout, back shortly... Link to post Share on other sites More sharing options...
kevinf80 Posted November 5, 2014 ID:903092 Share Posted November 5, 2014 Double-click RogueKiller.exe to run again. (Vista/7/8 right-click and select Run as Administrator) When the pre-scan completes press the Scan button, When the scan completes click the Registry tab and locate these detections: [suspicious.Path] (X64) HKEY_USERS\RK_Jesus_ON_E_A231\Software\Microsoft\Windows\CurrentVersion\Run | SearchProtect : C:\Users\Jesus\AppData\Roaming\SearchProtect\bin\cltmng.exe -> FOUND[suspicious.Path] (X86) HKEY_USERS\RK_Jesus_ON_E_A231\Software\Microsoft\Windows\CurrentVersion\Run | SearchProtect : C:\Users\Jesus\AppData\Roaming\SearchProtect\bin\cltmng.exe -> FOUND[PUM.Proxy] (X64) HKEY_USERS\RK_Jesus_ON_E_A231\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : 221.7.145.42:8080 -> FOUND[PUM.Proxy] (X86) HKEY_USERS\RK_Jesus_ON_E_A231\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : 221.7.145.42:8080 -> FOUND[PUM.HomePage] (X64) HKEY_USERS\RK_Jesus_ON_E_A231\Software\Microsoft\Internet Explorer\Main | Start Page : http://search.conduit.com/?ctid=CT3310511&octid=CT3310511&SearchSource=61&CUI=UN39072975251842450&UM=2&UP=SPD058E5EB-095A-49E3-B2E2-7DADD7C42D9A -> FOUND[PUM.HomePage] (X86) HKEY_USERS\RK_Jesus_ON_E_A231\Software\Microsoft\Internet Explorer\Main | Start Page : http://search.conduit.com/?ctid=CT3310511&octid=CT3310511&SearchSource=61&CUI=UN39072975251842450&UM=2&UP=SPD058E5EB-095A-49E3-B2E2-7DADD7C42D9A -> FOUND Make sure those entries are checkmarked (ticked) and all other entries are clear. When ready select the Delete button... When the delete function is completed select "Report" and post that log.... Link to post Share on other sites More sharing options...
babyrichard Posted November 8, 2014 Author ID:904817 Share Posted November 8, 2014 Done, thanks.RKreport_DEL_11082014_113803.log Link to post Share on other sites More sharing options...
kevinf80 Posted November 8, 2014 ID:904838 Share Posted November 8, 2014 Were you able to run Malwarebytes, can I see that log? Kevin. Link to post Share on other sites More sharing options...
Recommended Posts