Jump to content

Malwarebytec cannot find the path specified


Recommended Posts

Hello! Here's the summary.

I was infected, dunno if it was worm,malware or something 3rd.

I completely reinstalled my Windows not from the image but from delete everything menu in windows 10 recovery.

When i got back, I thought there were no problems,but now I see I was wrong.

The info of what infection did - it was using 50-90% of my CPU and my memory.

Service local host(18) did that, and I think antimalware service executable.

Antimalware is still using the same amount of data as when infected (60mb) and I dont know what it is.

But lets get to the problem. I can't install antimalware("The system cannot find the path specified")

What do I do? Is it possible the infection survived the reinstall or it just caused problems on my PC and how do I fix it?

 

I was following every step of https://forums.malwarebytes.org/index.php?/topic/135522-malwarebytes-not-installing-possible-virus/ 

rootkit showed no infections,and when i started repair ("Unable to open archive file").

I tried running portable version is safe mode and when I click repair - it closes and says program has stopped working.

Link to post
Share on other sites

Hello and welcome to Malwarebytes,

Please be aware the following P2P/Piracy Warning is a standard opening reply made here at Malwarebytes, we make no accusations but do make you aware of Forum Protocol....

If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here.Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.If you have illegal/cracked software, cracks, keygens etc. on the system, please remove or uninstall them now and read the policy on Piracy.

 

Next,

 

Download RKill from here: http://www.bleepingcomputer.com/download/rkill/

There are three buttons to choose from with different names on, select the first one and save it to your desktop.

  • Double-click on the Rkill desktop icon to run the tool.
  • If using Vista or Windows 7/8/10, right-click on it and Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • A log pops up at the end of the run. This log file is located at C:\rkill.log. Please post this in your next reply.
  • If you do not see the black box flash on the screen delete the icon from the desktop and go back to the link for the download, select the next button and try to run the tool again, continue to repeat this process using the remaining buttons until the tool runs. You will find further links if you scroll down the page with other names, try them one at a time.
  • If the tool does not run from any of the links provided, please let me know.


Next,
 
Download Malwarebytes Anti-Malware to your desktop.
  • Double-click mbam-setup and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:
  • Launch Malwarebytes Anti-Malware
  • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
  • Click Finish.
  • On the Dashboard, click the 'Update Now >>' link
  • After the update completes Select > Settings > Detection and Protection > Enable Scan for rootkit and Under Non Malware Protection set both PUP and PUM to Treat detections as malware.
  • Now select > Scan > Threat scan > Scan now
  • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
  • In most cases, a restart will be required.
  • Wait for the prompt to restart the computer to appear, then click on Yes.



To get the log from Malwarebytes do the following:

  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click Export > From export you have three options:

      Copy to Clipboard - if seleted right click to your reply and select "Paste" log will be pasted to your reply
      Text file (*.txt)        - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply
      XML file (*.xml)      - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply
  • Please use "Copy to Clipboard, then Right click to your reply > select "Paste" that will copy the log to your reply…

 

Next,

 

Please download RogueKiller and save it to your desktop from the following link: http://www.bleepingcomputer.com/download/roguekiller/

  • Quit all running programs.
  • For Windows XP, double-click to start.
  • For Vista,Windows 7/8/8.1/10, Right-click on the program and select Run as Administrator to start and when prompted allow it to run.
  • Read and accept the EULA (End User Licene Agreement)
  • Click Scan to scan the system.
  • When the scan completes select "Report",in the next window select "Export txt" the log will open as a text file post that log... Also save to your Desktop for reference. log will open.
  • Close the program > Don't Fix anything!

 

Let me see those logs in your reply....

 

One other point, Tcpip\Parameters: [DhcpNameServer] 83.139.104.2 83.139.105.2  -  IP Location hr.gif Croatia Zagreb B.net Hrvatska   Is that correct, known and trusted?

 

Thank you,

 

Kevin
 

Link to post
Share on other sites

Go to this link: http://downloads.malwarebytes.org/file/mbam_clean  download mbam-clean.exe, run that cleaner twice, reboot after each run....

 

Next,

 

Download Malwarebytes Anti-Malware to your desktop.

  • Double-click mbam-setup and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:
  • Launch Malwarebytes Anti-Malware
  • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
  • Click Finish.
  • On the Dashboard, click the 'Update Now >>' link
  • After the update completes Select > Settings > Detection and Protection > Enable Scan for rootkit and Under Non Malware Protection set both PUP and PUM to Treat detections as malware.
  • Now select > Scan > Threat scan > Scan now
  • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
  • In most cases, a restart will be required.
  • Wait for the prompt to restart the computer to appear, then click on Yes.


To get the log from Malwarebytes do the following:

  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click Export > From export you have three options:

      Copy to Clipboard - if seleted right click to your reply and select "Paste" log will be pasted to your reply
      Text file (*.txt)        - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply
      XML file (*.xml)      - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply
  • Please use "Copy to Clipboard, then Right click to your reply > select "Paste" that will copy the log to your reply…


 

Thanks,

 

Kevin...

Link to post
Share on other sites

Startup Repair diagnosis and repair log
---------------------------
Number of repair attempts: 1

Session details
---------------------------
System Disk = \Device\Harddisk0
Windows directory = D:\Windows
AutoChk Run = 0
Number of root causes = 1

Test Performed: 
---------------------------
Name: Check for updates
Result: Completed successfully. Error code =  0x0
Time taken = 0 ms

Test Performed: 
---------------------------
Name: System disk test
Result: Completed successfully. Error code =  0x0
Time taken = 0 ms

Test Performed: 
---------------------------
Name: Disk failure diagnosis
Result: Completed successfully. Error code =  0x0
Time taken = 140 ms

Test Performed: 
---------------------------
Name: Disk metadata test
Result: Completed successfully. Error code =  0x0
Time taken = 16 ms

Test Performed: 
---------------------------
Name: Target OS test
Result: Completed successfully. Error code =  0x0
Time taken = 16 ms

Test Performed: 
---------------------------
Name: Volume content check
Result: Completed successfully. Error code =  0x0
Time taken = 203 ms

Root cause found: 
---------------------------
The operating system version is incompatible with Startup Repair

---------------------------
---------------------------
 


this is what I got when tried to repair within windows

Link to post
Share on other sites

Not sure what you did but couple of entries from that scan seem odd, if you look at the given root cause, then look at the given Windows directory. The OS directory in FRST scan is  C:\
 
Root cause found:
---------------------------
The operating system version is incompatible with Startup Repair
 
Windows directory = D:\Windows

 

Lets try Malwarebytes through Chameleon....

 

Go here: https://support.malwarebytes.org/customer/portal/articles/1833351-how-do-i-use-malwarebytes-chameleon-to-install-malwarebytes-anti-malware-on-an-infected-system-?b_id=6447  and follow the instructions.

 

Download and save the zip file, unzip the file to your Desktop... Open the unzipped folder, double click on the help file, is named chameleon.chm it will have a question mark against it. A new window will open, try each entry in turn until one of them runs......

Link to post
Share on other sites

You could try a system "Refresh", that way all personal data is retained. Any software that was pre-installed, or installed from the "Store" will be retained. Any other software will be erazed, a list will be saved to the desktop.

 

If you want to go down that road go here: http://www.tenforums.com/tutorials/4090-refresh-windows-10-a.html There are two options, use which ever you are comfortable with.. Both do work

 

Let me know what you decide, also the outcome.

 

Thank you,

 

Kevin

Link to post
Share on other sites

  • Root Admin

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.