Jump to content

So is there a universal fix for the malware that won't let malwarebytes or other programs to run?


Recommended Posts

Hi,

I see there must have been some widespread malware out in the last 48 hours with all these posts indicating folks can't run malwarebytes or several other programs. Malwarebytes has always worked for me previously, but I must admit this is the nastiest bug I have had to deal with. Some of the things I have tried might work for others. It only partially worked for me (no pop ups for the annoying ransomware fake antivirus programs).

Suggestions culled from the other mssgs here, all tried in safe mode and regular mode:

When malwarebytes stops running after a few seconds -->Rename mbam.exe -->Seems this has worked for a few lucky ones

-Unfortunately the same thing happens with the renamed executable for me and others

-I redownload and change the names before running it the first time and it will still quit out after a few seconds and then won't run again

-Uninstalling/redownloading/reinstalling to different directories gives the same problem

Download process explorer and rename it to winlogon.exe.

-The process explorer works for me, but I find nothing to delete. (I had previously killed processes and deleted files as mentioned under task manager)

Other googled suggestions

-Ran task manager and killed the following processes and removed their files

msa.exe, b.exe, svchast.exe (Meant to look like svchost.exe)

-Ran msconfig

-Disabled AntipyPro_12 from services (not a mispelling, its AntpyPro_12 with no s in it)

-Could NOT KILL tahidazu.dll in startup. I get an error message. I manually deleted the file c:\windows\system32\tahidazu.dll but i get a dialogue box that

the specified module can't be found on the next startup

-Ccleaner

-I thought surely ccleaner startup tool would do the trick but it won't disable or delete detokadafe which is the program associated with the

run32dll.exe "c:\Windows\System32\tahidazu.dll",s

-Ccleaner Registry scan keeps finding the tahidazu registry entry and fixes it but it comes right back

-Manual REGEDIT to delete any instance of detokadafe fails as well as it keeps coming back with (system restore previously turned off)

-Ran services.msc

-AntipyPro_12 is indded disabled and the svchast.exe it points to has been deleted

-Can't turn on windows defender error 5: access is denied

Is there a network mode that lets malwarebytes scan another computers harddrive over a network? I thought of just pulling the hard drive out and plugging it into the working computer but am afraid the bug could spread and it still wouldn't clean out registry errors and the like.

Well, I got one more suggestion I will try tonight. Since windows defender won't run, I will uninstall and reinstall it. I don't hold high hopes because this malware interrupts the installation and/or running of malwarebytes, spybot, mcAfee and windows defender. It didn't seem to interfere with Ad-Aware 2008 but all adaware found the first time were cookies

I guess I could try a windows xp reinstall but I don't think it will take without reformatting as the CD is a few service packs old. I will leave files backing up to an external drive and hope I see a solution on this forum for how to get mbam.exe working when it keeps getting stopped by the bug assuming the simple solutions like renaming, killing processes don't do the trick.

Kai

Link to post
Share on other sites

Hi,

Man, it is soooooo aggravating to have malwarebytes start cooking for a few seconds then stop and close shop. I then can't run it again unless I copy the backup mbam.exe and rename it and drop in the directory. I am sure its one of these programs stopping it, but can't tell which one. I know the second winlogon.exe is the renamed process explorer launch program. I am suspicious of all those svchost.exe but some of them when deleted force a computer reboot.

I previously had and killed wiawow32.sys (known malware).

Process PID CPU Description Company Name

System Idle Process 0 98.46

Interrupts n/a Hardware Interrupts

DPCs n/a Deferred Procedure Calls

System 4

smss.exe 848 Windows NT Session Manager Microsoft Corporation

csrss.exe 908 Client Server Runtime Process Microsoft Corporation

winlogon.exe 944 Windows NT Logon Application Microsoft Corporation

services.exe 992 1.54 Services and Controller app Microsoft Corporation

ati2evxx.exe 1160 ATI External Event Utility EXE Module ATI Technologies Inc.

svchost.exe 1172 Generic Host Process for Win32 Services Microsoft Corporation

svchost.exe 1312 Generic Host Process for Win32 Services Microsoft Corporation

svchost.exe 1440 Generic Host Process for Win32 Services Microsoft Corporation

incdsrv.exe 1464 incdsrv Nero AG

svchost.exe 1708 Generic Host Process for Win32 Services Microsoft Corporation

svchost.exe 1976 Generic Host Process for Win32 Services Microsoft Corporation

IreIKE.exe 1996 IreIke Service Application SafeNet

aawservice.exe 340 Ad-Aware Service Lavasoft

spoolsv.exe 616 Spooler SubSystem App Microsoft Corporation

svchost.exe 2244 Generic Host Process for Win32 Services Microsoft Corporation

AppleMobileDeviceService.exe 2364 Apple Mobile Device Service Apple Inc.

CTSVCCDA.EXE 2548 Creative Service for CDROM Access Creative Technology Ltd

svchost.exe 2640 Generic Host Process for Win32 Services Microsoft Corporation

IPSecMon.exe 2824 IPSecMon Service Application SafeNet

jqs.exe 2860 Java Quick Starter Service Sun Microsystems, Inc.

mcmscsvc.exe 2984 McAfee Services McAfee, Inc.

McNASvc.exe 3068 McAfee Network Agent McAfee, Inc.

McProxy.exe 3148 McAfee Proxy Service Module McAfee, Inc.

Mcshield.exe 3200 On-Access Scanner service McAfee, Inc.

mdm.exe 3256 Machine Debug Manager Microsoft Corporation

svchost.exe 3468 Generic Host Process for Win32 Services Microsoft Corporation

MsPMSPSv.exe 3632 WMDM PMSP Service Microsoft Corporation

alg.exe 3936 Application Layer Gateway Service Microsoft Corporation

mcsysmon.exe 2728 McAfee SystemGuards Service McAfee, Inc.

MpfSrv.exe 2096 McAfee Personal Firewall Service McAfee, Inc.

lsass.exe 1004 LSA Shell (Export Version) Microsoft Corporation

ati2evxx.exe 1528 ATI External Event Utility EXE Module ATI Technologies Inc.

taskmgr.exe 2432 Windows TaskManager Microsoft Corporation

explorer.exe 264 Windows Explorer Microsoft Corporation

CTHELPER.EXE 1600 CtHelper MFC Application Creative Technology Ltd

InCD.exe 1888 InCD Nero AG

mcagent.exe 2016 McAfee Integrated Security Platform McAfee, Inc.

wcescomm.exe 1260 ActiveSync Connection Manager Microsoft Corporation

winlogon.exe 3512 Sysinternals Process Explorer Sysinternals - www.sysinternals.com

CCleaner.exe 452 CCleaner Piriform Ltd

ctfmon.exe 3828 CTF Loader Microsoft Corporation

Kai

Link to post
Share on other sites

  • 3 weeks later...
  • Root Admin

Since you appear to no longer be monitoring this post we will assume that you've already addressed the issue and no logner require assistance and we will close the post now.

If however you do still require assistance please send a private message to open the post again.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.