Jump to content

Malware preventing MBAM database update?

tryingtowork

By tryingtowork
in Resolved Malware Removal Logs

 Share

Recommended Posts

tryingtowork

tryingtowork

Posted
Posted

Following last Firefox update, Firefox was terribly sluggish. As time went on I could no longer even load web sites in any browser including IE. So, I turned to my trusty tool, MBAM. Problem is, it no longer works. Here is what I tried:

 

Logged in as admin under Win 8.1, I've done the following on my desktop:

 

-run mbam-clean-2.1.1.1001

-turned off Windows firewall and Avast

-installed mban-setup-2.1.9.1057

 

When the program tries to update, I'm given the message "unable to access update server" and the Database Version remains at v2015.06.03.03.

 

A scan will run and detect PUPs (I ran it in normal Windows mode--should I be in Safe mode?), but following the scan the Database Version remains the same.

 

Meanwhile, my Win 8.1 laptop, which is not running Avast, has no problem updating the database and running a scan.

 

So, I tried copying all the update files from my laptop to my infected desktop, but did not get any different behavior.

 

Please help!

 

I've attached log files.

Addition.txt

CheckResults.txt

FRST.txt

Link to post
Share on other sites
TwinHeadedEagle

TwinHeadedEagle

Posted
Posted

Hello,

    

 

They call me TwinHeadedEagle around here, and I'll try to help your with your issue.

 

     

    

Before we start please read and note the following:

  • We're primarily oriented on malware removal here, so you must know that some issues just cannot be solved and you must be prepared for this. Some tools we use here will remove your browser search history, so backup your important links and all the files whose loss is unacceptable.
  • Note that we may live in totally different time zones, what may cause some delays between answers.
  • Don't run any scripts or tools on your own, unsupervised usage may cause more harm than good.
  • Do not paste the logs in your posts, attachments make my work easier. There is a More reply options button, that gives you Upload Files option below which you can use to attach your reports. Always attach reports from all tools.
  • Always execute my instructions in given order. If for some reason you cannot completely follow one instruction, inform me about that.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
:excl: I can't foresee everything, so if anything not covered in my instructions happens, please stop and inform me!

:excl: There are no silly questions. Never be afraid to ask if in doubt!

 

 

 

  warning.gif Rules and policies

 

We won't support any piracy.

That being told, if any evidence of illegal OS, software, cracks/keygens or any other will be revealed, any further assistance will be suspended. If you are aware that there is this kind of stuff on your machine, remove it before proceeding!

The same applies to any use of P2P software: uTorrent, BitTorrent, Vuze, Kazaa, Ares... We don't provide any help for P2P, except for their removal. All P2P software has to be uninstalled or at least fully disabled before proceeding!

 

Failure to follow these guidelines will result with closing your topic and withdrawning any assistance.

 

 

2eyjdoj.png Check Disk

  • Press the WindowsKey.png + R on your keyboard at the same time. Type cmd and click OK.
  • Copy/Enter the command below and press Enter:
  • chkdsk C: /r
  • You should get a message to schedule Check Disk at next system restart. Please type Y and press Enter.
  • All you should do now is to restart your PC and let the Check Disk process finish uninterrupted.
Check Disk report:
  • Press the WindowsKey.png + R on your keyboard at the same time. Type eventvwr and click OK.
  • In the left panel, expand Windows Logs and then click on Application.
  • Now, on the right side, click on Filter Current Log.
  • Under Event Sources, check only Wininit and click OK.
  • Now you'll be presented with one or multiple Wininit logs.
  • Click on an entry corresponding to the date and time of the disk check.
  • On the top main menu, click Action > Copy > Copy Details as Text.
  • Paste the contents into your next reply.
Link to post
Share on other sites
TwinHeadedEagle

TwinHeadedEagle

Posted
Posted

I see a lot of errors, so Check Disk must be performed.

Error: (09/12/2015 08:37:15 PM) (Source: Ntfs) (EventID: 55) (User: NT AUTHORITY)

Description: A corruption was discovered in the file system structure on volume ??.

The Master File Table (MFT) contains a corrupted file record. The file reference number is 0x5000000000005. The name of the file is "<unable to determine file name>".

Error: (09/12/2015 08:37:12 PM) (Source: Ntfs) (EventID: 55) (User: NT AUTHORITY)

Description: A corruption was discovered in the file system structure on volume ??.

The Master File Table (MFT) contains a corrupted file record. The file reference number is 0x5000000000005. The name of the file is "<unable to determine file name>".

Error: (09/12/2015 08:36:36 PM) (Source: Ntfs) (EventID: 55) (User: NT AUTHORITY)

Description: A corruption was discovered in the file system structure on volume ??.

The Master File Table (MFT) contains a corrupted file record. The file reference number is 0x5000000000005. The name of the file is "<unable to determine file name>".

Error: (09/12/2015 08:36:32 PM) (Source: Ntfs) (EventID: 55) (User: NT AUTHORITY)

Description: A corruption was discovered in the file system structure on volume ??.

The Master File Table (MFT) contains a corrupted file record. The file reference number is 0x5000000000005. The name of the file is "<unable to determine file name>".

Error: (09/12/2015 08:35:11 PM) (Source: Ntfs) (EventID: 55) (User: NT AUTHORITY)

Description: A corruption was discovered in the file system structure on volume ??.

The Master File Table (MFT) contains a corrupted file record. The file reference number is 0x5000000000005. The name of the file is "<unable to determine file name>".

Error: (09/12/2015 08:33:11 PM) (Source: Ntfs) (EventID: 55) (User: NT AUTHORITY)

Description: A corruption was discovered in the file system structure on volume ??.

The Master File Table (MFT) contains a corrupted file record. The file reference number is 0x5000000000005. The name of the file is "<unable to determine file name>".

Error: (09/12/2015 08:31:11 PM) (Source: Ntfs) (EventID: 55) (User: NT AUTHORITY)

Description: A corruption was discovered in the file system structure on volume ??.

The Master File Table (MFT) contains a corrupted file record. The file reference number is 0x5000000000005. The name of the file is "<unable to determine file name>".

Error: (09/12/2015 08:29:11 PM) (Source: Ntfs) (EventID: 55) (User: NT AUTHORITY)

Description: A corruption was discovered in the file system structure on volume ??.

The Master File Table (MFT) contains a corrupted file record. The file reference number is 0x5000000000005. The name of the file is "<unable to determine file name>".

Error: (09/12/2015 08:27:11 PM) (Source: Ntfs) (EventID: 55) (User: NT AUTHORITY)

Description: A corruption was discovered in the file system structure on volume ??.

The Master File Table (MFT) contains a corrupted file record. The file reference number is 0x5000000000005. The name of the file is "<unable to determine file name>".

Error: (09/12/2015 08:25:11 PM) (Source: Ntfs) (EventID: 55) (User: NT AUTHORITY)

Description: A corruption was discovered in the file system structure on volume ??.

The Master File Table (MFT) contains a corrupted file record. The file reference number is 0x5000000000005. The name of the file is "<unable to determine file name>".

Link to post
Share on other sites
tryingtowork

tryingtowork

Posted
  • Author
Posted

No change: still getting Database Version v2015.06.03.03 and then after clicking 'Update Now', MWB says 'Updating Database' but the progress bar stays empty for 30 s and then it looks like it's updating with a bit of progress color in it (like 5%), but then it switches to  'Unable to access update server'.

 

Do you think Check Disk and/or MWB is being canceled by malware?

 

Do I need to take the drives out of RAID for Check Disk to work correctly?

 

Thanks,

Link to post
Share on other sites
TwinHeadedEagle

TwinHeadedEagle

Posted
Posted

I don't think this is caused by malware.

  • Download the MBAM-Check tool from this page.
  • Run the MBAM-Check tool.
  • A black command prompt window will open briefly, then close. Afterwards a log file will open.
  • A new log file, CheckResults.txt, will be created on your desktop.
Once the CheckResults.txt file is created, please attach it here.

FRST.gif Scan with Farbar Recovery Scan Tool

 

Please re-run Farbar Recovery Scan Tool to give me a fresh look at your system.

  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.

    (XP users click run after receipt of Windows Security Warning - Open File).

  • Make sure that Addition option is checked.
  • Press Scan button and wait.
  • The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.
Please upload them into your next reply.
Link to post
Share on other sites
tryingtowork

tryingtowork

Posted
  • Author
Posted

Before I submit the logs, here are more observations:

 

-all desktops connected to router via Ethernet are displaying the same behavior: I

       -can't load web pages such as gmail and youtube

       -updates for all applications (e.g. vpn client, malwarebytes, Windows) fail

 

-devices connected to router via Wifi don't have this problem

 

I phoned my ISP and they confirmed that there's no proxy set up and no static settings have been overridden in the Ethernet adapter.

They do suspect that a malware infection has spread to all machines through Ethernet. They actually pointed me back to using

the Malwarebytes tool . . .

 

These are work machines i.e. nobody is downloading anything that should cause this. . . I don't know what to do at this point.

Link to post
Share on other sites
tryingtowork

tryingtowork

Posted
  • Author
Posted

All right, here are the logs for the two machines that use Ethernet.

 

M1 runs Windows 8.1 on ASUS/Intel with 2 drives in RAID. I did a cleanup on it about 6 months ago. But after updating Firefox in July, the browser got to the point where I couldn't even type into web forms without severe lags and loss of characters, let alone it not being able to handle heavy websites like gmail, youtube, bitbucket, etc. So, I uninstalled it this past weekend.

 

M2 runs Windows 7 Home on ASUS/Intel with a single drive. A cleanup hasn't been done on it in a while, but it's seldom used at all.

 

The network is just a home network with one router.

 

Thanks,

Addition_M1.txt

Addition_M2.txt

FRST_M1.txt

FRST_M2.txt

Link to post
Share on other sites
TwinHeadedEagle

TwinHeadedEagle

Posted
Posted

I see nothing serious, only Ask Toolbar on second PC.

Please run this tool on both computers:

51a612a8b27e2-Zoek.png Scan with ZOEK

Please download ZOEK by Smeenk and save it to your desktop (preferred version is the *.exe one)

Temporary disable your AntiVirus and AntiSpyware protection - instructions here.

  • Right-click on 51a612a8b27e2-Zoek.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Wait patiently until the main console will appear, it may take a minute or two.
  • In the main box please paste in the following script:

    createsrpoint;autoclean;emptyalltemp;ipconfig /flushdns >>"%temp%\log.txt";b
  • Make sure that Scan All Users option is checked.
  • Push Run Script and wait patiently. The scan may take a couple of minutes.
  • When the scan completes, a zoek-results logfile should open in notepad.
  • If a reboot is needed, it will be opened after it. You may also find it at your main drive (usually C:\ drive)
Post its content into your next reply.
Link to post
Share on other sites
tryingtowork

tryingtowork

Posted
  • Author
Posted

The symptoms this morning on the Win 8.1 PC are even worse. Very slow after startup and neither the start button nor the charms would come up at all, ever. I started the zoek program and once the console came up I closed it because I had forgotten to turn off Avast and firewall. Because I couldn't get to the firewall to turn it off, I decided to shut the machine down using WinKey-R. After selecting Shutdown, the system hung at a purple screen. After about 10 minutes I decided to hard shut down, so I held the on/off down for a couple of seconds. I heard the machine turn off. Then about a second later it rebooted itself, which has never, ever happened before. I shut it off hard again and the same thing happened. The only way to keep it off is to flip off the power supply. Help!

Link to post
Share on other sites
TwinHeadedEagle

TwinHeadedEagle

Posted
Posted

Okay, we will forget about Zoek.

adwcleaner_new.png Fix with AdwCleaner

Please download AdwCleaner by Xplode and save the file to your Desktop.

  • Right-click on adwcleaner_new.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Wait until the database is updated.
  • Accept the Terms of use and click Scan.
  • When finished, please click Clean.
  • Upon completion, click Report. A log (AdwCleaner[C*].txt) will open.
Please include the contents of that file in your reply.

Note: Reports will be saved in your system partition, usually at C:\Adwcleaner

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.