Jump to content

Malwarebytes crashes on scan


Recommended Posts

Hey all!

 

I have a bit of an issue, both Malware Bytes and Malware Bytes Anti-Rootkit are crashing on startup (or in the case of MBAR never starts). I've tried clean installs using mbam-clean and even tried reverting to version 1.75 and they all crash on update seems like..

 

Hoping for the best, but fear i have contracted something.

 

Please excuse English is not very strong.

 

Thank you!

Link to post
Share on other sites

Hello and post-32477-1261866970.gif

 

P2P/Piracy Warning:

 

If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here.Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.If you have illegal/cracked software, cracks, keygens etc. on the system, please remove or uninstall them now and read the policy on Piracy.

 

Download Farbar Recovery Scan Tool and save it to your desktop.

 

Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.


Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

 

Next,

 

Please download RogueKiller and save it to your desktop from the following link: http://www.bleepingcomputer.com/download/roguekiller/

 


Quit all running programs.
For Windows XP, double-click to start.
For Vista,Windows 7/8, Right-click on the program and select Run as Administrator to start and when prompted allow it to run.
Read and accept the EULA (End User Licene Agreement)
Click Scan to scan the system.
When the scan completes select "Report" save to desktop. Close the program > Don't Fix anything!
Post back the report which should be located on your desktop.

 

Let me see those logs in your next reply..

 

Kevin

Link to post
Share on other sites

Download attached fixlist.txt file and save it to the Desktop, or the folder you saved FRST into.

NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

 

Run FRST and press the Fix button just once and wait.

The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply.

 

Next,

 

Please run a Threat Scan with MBAM.  If you're unable to run or complete the scan as shown below please see the following:  MBAM Clean Removal Process 2x

Follow the relevant steps and ensure to run mbam-clean tool after UNinstalling Malwarebytes.

 

When reinstalling the program please try the latest version from here:

http://www.malwarebytes.org/mwb-download/

Right click and choose "Run as administrator" to open Malwarebytes Anti-Malware and from the Dashboard please Check for Updates by clicking the Update Now... link

Open up Malwarebytes > Settings > Detection and Protection > Enable Scan for rootkit and Under Non Malware Protection set both PUP and PUM to Treat detections as malware.

Click on the SCAN button and run a Threat Scan with Malwarebytes Anti-Malware by clicking the Scan Now>> button.

Once completed please click on the History > Application Logs and find your scan log and open it and then click on the "copy to clipboard" button and post back the results on your next reply.

 

Kevin...

 

 

 

fixlist.txt

Link to post
Share on other sites

As you are unable to update Malwarebytes Anti-Malware's database, please follow the steps below :

 

1: Download the netconf replacement tool from the link below

 

https://malwarebytes.app.box.com/s/vmg0am1plzyl4m73l75o

 

2: Unzip the zip file to Extract the "Net Conf Fix" folder on your desktop.

3: Once extracted, open the **Net Conf Fix** folder.

4: Double click on the net-replacement.bat file. If you are using Windows Vista or higher, please Right-click the net-replacement.bat file and click Run as Administrator from the menu.

5: After the tool has run, launch Malwarebytes Anti-Malware and click Update Now...

 

Please let me know if you are able to update the database after running this tool.

 

Kevin....

Link to post
Share on other sites

Select Windows key and R key together. Into the run box type regedit tap enter, Registry Editor will open.....

 

Expand the following key :-

HKEY_LOCAL_MACHINE >SOFTWARE > Policies > Microsoft > Windows > safer > codeidentifiers > 0

 

Do not expand the folder 0 Right click on that folder and choose "Export" save that to your desktop.

 

From the desktop right click on the reg file > select > send to > compressed (zipped) folder....

Attach to next reply,

Link to post
Share on other sites

Thanks for the update, run the following:

 

Read the following link before we continue and run Combofix:

ComboFix usage, Questions, Help? - Look here

Next,

Delete any versions of Combofix that you may have on your Desktop, download a fresh copy from either of the following links :-

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

http://www.infospyware.net/antimalware/combofix/

  • Ensure that Combofix is saved directly to the Desktop <--- Very important
  • Disable all security programs as they will have a negative effect on Combofix, instructions available here  http://www.bleepingcomputer.com/forums/topic114351.html if required. Be aware the list may not have all programs listed, if you need more help please ask.
  • Close any open browsers and any other programs you might have running
  • Double click the combofix.gif icon to run the tool (Vista or Windows 7 users right click and select "Run as Administrator)
  • Instructions for running Combofix available here http://www.bleepingcomputer.com/combofix/how-to-use-combofix if required.
  • If you are using windows XP It might display a pop up saying that "Recovery console is not installed, do you want to install?" Please select yes & let it download the files it needs to do this. Once the recovery console is installed Combofix will then offer to scan for malware. Select continue or yes.
  • When finished, it will produce a report for you. Please post the "C:\ComboFix.txt" for further review



****Note: Do not mouseclick combofix's window while it's running. That may cause it to stall or freeze ****

Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell us when you reply. Read here  http://thespykiller.co.uk/index.php?page=20 why  disabling autoruns is recommended.

*EXTRA NOTES*


  •    
  • If Combofix detects any Rootkit/Bootkit activity on your system it will give a warning and prompt for a reboot, you must allow it to do so.
       
  • If Combofix reboot's due to a rootkit, the screen may stay black for several minutes on reboot, this is normal
       
  • If after running Combofix you receive any type of warning message about registry key's being listed for deletion when trying to open certain items, reboot the system and this will fix the issue (Those items will not be deleted)



Post the log in next reply please...

Kevin
 

Link to post
Share on other sites

Thanks for the logs, run the following:

 

Please download RogueKiller and save it to your desktop from the following link: http://www.bleepingcomputer.com/download/roguekiller/

 


Quit all running programs.
For Windows XP, double-click to start.
For Vista,Windows 7/8, Right-click on the program and select Run as Administrator to start and when prompted allow it to run.
Read and accept the EULA (End User Licene Agreement)
Click Scan to scan the system.
When the scan completes select "Report" save to desktop. Close the program > Don't Fix anything!
Post back the report which should be located on your desktop.

 

next,

 

YARWD1t.png.pagespeed.ce.nvhmVeYDe3.png TDSSKiller Scan

  • Please download TDSSKiller and save the file to your Desktop.
  • Right-Click TDSSKiller.exe and select  Run as Administrator to run the programme.
  • Click Change parameters. Place a checkmark next to Detect TDLFS file system and Verify file digital signatures.
  • Click Start Scan. Do not use the computer during the scan.
  • If objects are found, change the action to Skip.
  • Click Continue and close the window.

 

A log will be created and saved to the root directory (usually C:\). Copy the contents of the log and paste in your next reply.

 

Let me see those logs.......

Link to post
Share on other sites

  • Root Admin

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

  • 4 weeks later...

I have a bit of an issue, both Malware Bytes and Malware Bytes Anti-Rootkit are crashing on startup (or in the case of MBAR never starts). I've tried clean installs using mbam-clean and even tried reverting to version 1.75 and they all crash on update seems like..

 

Hoping for the best, but fear i have contracted something.

 

Same as before unfortunately.

 

No! I dont recognize this setting!

 

What does this mean?

Link to post
Share on other sites

The proxy settings are addressed to China, basically when you connect to the internet the connection from your computer will go through the proxy. If you did not set this proxy or know of its existance we must assume it is malicious...

 

Run RogueKiller one more time,

 

·  Quit all running programs.

·  Start RogueKiller.exe by double clicking on the icon.

·  Wait until Prescan has finished.

·  Ensure all boxes are ticked under "Report" tab.

·  Click on Scan.

·  When the scan has completed click on ProxyFix Button.

·  Click on Report when the Deletion completes. Copy/paste the contents of the report into your next reply.

 

Next,

 

Download RKill from here: http://www.bleepingcomputer.com/download/rkill/

 

There are three buttons to choose from with different names on, select the first one and save it to your desktop.

 


Double-click on the Rkill desktop icon to run the tool.
If using Vista or Windows 7/8, right-click on it and Run As Administrator.
A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
A log pops up at the end of the run. This log file is located at C:\rkill.log. Please post this in your next reply.
If you do not see the black box flash on the screen delete the icon from the desktop and go back to the link for the download, select the next button and try to run the tool again, continue to repeat this process using the remaining buttons until the tool runs. You will find further links if you scroll down the page with other names, try them one at a time.
If the tool does not run from any of the links provided, please let me know.

 

Next,

 

Please run a Threat Scan with MBAM.  If you're unable to run or complete the scan as shown below please see the following:

MBAM Clean Removal Process 2x

Follow the relevant steps and ensure to run mbam-clean tool after UNinstalling Malwarebytes.

 

When reinstalling the program please try the latest version from here:

http://www.malwarebytes.org/mwb-download/

Right click and choose "Run as administrator" to open Malwarebytes Anti-Malware and from the Dashboard please Check for Updates by clicking the Update Now... link

Open up Malwarebytes > Settings > Detection and Protection > Enable Scan for rootkit and Under Non Malware Protection set both PUP and PUM to Treat detections as malware.

Click on the SCAN button and run a Threat Scan with Malwarebytes Anti-Malware by clicking the Scan Now>> button.

Once completed please click on the History > Application Logs and find your scan log and open it and then click on the "copy to clipboard" button and post back the results on your next reply.

 

Kevin...

Link to post
Share on other sites

Double-click RogueKiller.exe to run again. (Vista/7/8 right-click and select Run as Administrator)

 

When the pre-scan completes press the Scan button,

 

When the scan completes click the Registry tab and locate these detections:

 

[suspicious.Path] (X64) HKEY_USERS\RK_Jesus_ON_E_A231\Software\Microsoft\Windows\CurrentVersion\Run | SearchProtect : C:\Users\Jesus\AppData\Roaming\SearchProtect\bin\cltmng.exe  -> FOUND

[suspicious.Path] (X86) HKEY_USERS\RK_Jesus_ON_E_A231\Software\Microsoft\Windows\CurrentVersion\Run | SearchProtect : C:\Users\Jesus\AppData\Roaming\SearchProtect\bin\cltmng.exe  -> FOUND

[PUM.Proxy] (X64) HKEY_USERS\RK_Jesus_ON_E_A231\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : 221.7.145.42:8080  -> FOUND

[PUM.Proxy] (X86) HKEY_USERS\RK_Jesus_ON_E_A231\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : 221.7.145.42:8080  -> FOUND

[PUM.HomePage] (X64) HKEY_USERS\RK_Jesus_ON_E_A231\Software\Microsoft\Internet Explorer\Main | Start Page : http://search.conduit.com/?ctid=CT3310511&octid=CT3310511&SearchSource=61&CUI=UN39072975251842450&UM=2&UP=SPD058E5EB-095A-49E3-B2E2-7DADD7C42D9A  -> FOUND

[PUM.HomePage] (X86) HKEY_USERS\RK_Jesus_ON_E_A231\Software\Microsoft\Internet Explorer\Main | Start Page : http://search.conduit.com/?ctid=CT3310511&octid=CT3310511&SearchSource=61&CUI=UN39072975251842450&UM=2&UP=SPD058E5EB-095A-49E3-B2E2-7DADD7C42D9A  -> FOUND

 

Make sure those entries are checkmarked (ticked) and all other entries are clear. When ready select the Delete button...

 

When the delete function is completed select "Report" and post that log....

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.