Jump to content

Can't run MalwareBytes on probably infected computer


Recommended Posts

Hi, I have been attempting to clean my office after I found Locky ransomware on one of our computers and ran into the issue of being completely unable to run MalwareBytes on our shared drive. It's not connected to the internet, so I copied over the ProgramData files rules.ref and Configuration, but when I attempt to run Malwarebytes, it always cancels itself after 3 seconds with nothing to show other than "Threat Scan Cancelled."

When I try to run Chameleon, I usually get a mbam-killer integrity verification failed message, followed immediately by can't connect to update server. Mbam then continues to get a Threat Scan Cancelled after about 3 seconds.

I've done clean uninstalls and reinstalls, and I've noticed that after running MalwareBytes for the first time after the reinstalls, all the files in the ProgramData are deleted except exclusions.dat and a whole bunch of files with filenames like S-1-5-21-2485923492-1362937541-382461718-1004-0-ntuser. Including rules.ref - which doesn't seem like default behavior... I've attached my FRST/addition logs, and any assistance would be awesome.

Link to post
Share on other sites

Hello and :welcome:

 

51a612a8b27e2-Zoek.png Scan with ZOEK

Please download ZOEK by Smeenk and save it to your desktop (preferred version is the *.exe one)
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.

  • Right-click on 51a612a8b27e2-Zoek.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Wait patiently until the main console will appear, it may take a minute or two.
  • In the main box please paste in the following script:
    createsrpoint;
    	autoclean;
    	emptyclsid;
    	emptyalltemp;
    	ipconfig /flushdns >>"%temp%\log.txt";b
  • Make sure that Scan All Users option is checked.
  • Push Run Script and wait patiently. The scan may take a couple of minutes.
  • When the scan completes, a zoek-results logfile should open in notepad.
  • If a reboot is needed, it will be opened after it. You may also find it at your main drive (usually C:\ drive)

Post its content into your next reply.

Link to post
Share on other sites

mbam-old.png Uninstall outdated/damaged Malwarebytes' Anti-Malware

Please download MBAM-clean and save it to your desktop.

  • Right-click on mbam-clean.exe icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • It will ask you to reboot the machine - please do so.

After that follow my next instructions to download & install the latest MBAM version.

51a46ae42d560-malwarebytes_anti_malware. Scan with Malwarebytes' Anti-Malware

Please download Malwarebytes Anti-Malware and save it to your desktop.

  • Install the progam and select update.
  • Once updated, click the Settings tab, in the left panel choose Detctions & protection and tick Scan for rootkits.
  • In the same tab, under PUP and PUM detections make sure it is set to Treat detections as malware.
  • Click the Scan tab, choose Threat Scan is checked and click Start Scan.
  • If threats are detected, click the Apply Actions button. You will now be prompted to reboot. Click Yes.
  • Upon completion of the scan (or after the reboot), click the History tab.
  • Click Application Logs and double-click the Scan Log.
  • At the bottom click Export and choose Text file.


Save the file to your desktop and include its content in your next reply.

Link to post
Share on other sites

That was kind of the original problem though... I came up with the same issues as stated in my original post when I tried just now. 

  1. Ran mbam-clean.
  2. Restarted.
  3. Installed mbam.
  4. Instead of updating, because I have no internet connection on the possibly infected computer, copied rules.ref and database.conf from C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\Configuration on a computer with an internet connection.
  5. Enabled [Scan for Rootkits]
  6. Tried Threat Scan, which gives me Threat Scan Cancelled in less than a second.
  7. Save results literally gives me nothing more than the Malwarebytes url.

And then when I check back on the C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\ directory, I get the attached files, which is missing like all the rules and other reference files that exist on my working computer's installation.

IMG_3095.JPG

IMG_3096.JPG

Link to post
Share on other sites

Please uninstall MalwareBytes using Clean tool and do not install it until I tell you.

FRST.gif Scan with Farbar Recovery Scan Tool
 
Please re-run Farbar Recovery Scan Tool to give me a fresh look at your system.

  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
    (XP users click run after receipt of Windows Security Warning - Open File).
  • Make sure that Addition option is checked.
  • Press Scan button and wait.
  • The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.


Please upload them into your next reply.

Link to post
Share on other sites

  • 2 weeks later...
  • Root Admin

Glad we could help. :)If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.