Jump to content

Suspected malwre - Malwarebytes only runs in safemode


Recommended Posts

Hi

I'm running Win 7, AVAST Free AV.

Last week, I noticed a few odd things with the PC, nothing serious, but AVAST had intecepted a nasty donwload from a legitmate site and legitimate software (not going to mention the site or software). I decided to run the free version of Malwarebytes but found it wouldn't run, no window, nothing. Running in administartor mode didn't produce anything. Googling revealed this as a possible sign of infection. I download Chameleon but that didn't run properly. What it did do was create files of the form \xxxvf\xxxvf\xxxvf nested 30 or more times, each of them denying me access (I think this was in the MB folder but can't be sure). MB ran in windows safemode but didn't revaeal anything, AVAST didn't find anything either.

I tried a few other pieces of software - Spybot; Adwcleaner; Zemana; Something hero? I've uninstalled them now but nothing found wrong. I also used process kill software before scanning.

When I saw what was involved in eliminating any infection, and the time required, I decided to do a fresh install of Win 7 because I could have my basic working system in a few hours, and I felt that any malware would be removed by the process.

As I rebuilt the system, I did AV scans and MB scans to ensure everything was ok, and it was. Then MB stopped working again. Pretty much the same as before. I cannot get the main interface no  matter how I try, desktop icon, start menu, clicking MBAM.exe, running as admin. I've uninstalled and reinstalled several times, I've used mb-clean-3.1.0.1031.exe which installed v3.4.4.2398 which I think is the very latest. I've uninstalled and gone through the registry removing anything related to MB that's been left behind, and then reinstalling. Nothing.

I've done scans with AVAST which is up to date and tried with ADAWARE AV which took nearly 4 hours to scan every file on every disk and didn't find anything.

At this point, I'd like to think the system is safe and there is a bug in MB but I don't leave anything to chance. I need to know for sure.

 

Summary of Symptoms:

Unable to run MB or obtain the main interface

Right clicking taskbar icon shows all 4 protection running, option to hide, quit, check for updates (which does not appear to do anything, maybe because it's up to date)

Right clicking to scan a file does produce a success pop up agter about 8 seconds which seems a loing time for a small text file. However, clicking the button to see the report does not show anything

MBAM.exe*32 & MBAMTRAY.exe*32 are running in taskmgr

MB will scan in win safe mode, but does not find anything.

Malwarebytes Anti-Rootkit BETA 1.10.3.1001 also does not find anything

I've done the prelim scans FRST and the reports are attached. I'ver attached a *.json file from the scanresults folder as I don't know any other way of getting the results of the MB threat scan (I've added txt extension), I've also added other logs that might help.

If need be, I'll reinstall from the Win 7 DVD, but my concern is that the same thing might happen again. Thanking you in advance and hope you can solve the puzzle becaue I've run out of ideas.

 

ROOTKIT LOG system-log.txt

ROOTKIT LOG mbar-log-2018-03-07 (23-38-04).txt

ROOTKIT LOG mbar-log-2018-03-07 (23-43-23).txt

SCAN RESULTS 696b085a-2267-11e8-99ff-94de800ffdcb.json.TXT

SCAN RESULTS 9f6c73cf- 2269-11e8-8749-000000000000.json.TXT

mb-clean-results.txt

Addition.txt

FRST.txt

Link to post
Share on other sites

  • Root Admin

Hello @cecr and  :welcome:

Sorry to hear you're having issues running Malwarebytes. Based on your logs and your description I'd like you to please create a new user profile with Admin rights. Restart the computer and logon to that profile and let me know if you're still unable to run Malwarebytes or not.

If it's still not running try to start in Safe Mode and run a Threat Scan and post back that log as a Text file, not as a .json   file 

Thanks

Ron

 

Link to post
Share on other sites

Hello Advanced Setup glad to have you on board.

I've done as you said, and after logon as Test Admin, I went to read the email again on my tablet to check your instructions, and it seems that MBAM ran on its own. I've included that log as well as the one made after I restarted the PC and runningMBAM. I've also attached the Threat Scan from a few days ago as a txt file this time rather than the json.txt. Last time, I didn't know how to export the scan logs as a txt file :) so I copied the jso files from the mBAM folder.

In my own profile, MBA< still won't run.

 

Threat Scan 2018 03 08 - Unattended.txt

Threat Scan 2018 03 10 After New Logon.txt

Threat Scan 2018 03 10.txt

Edited by cecr
Link to post
Share on other sites

  • Root Admin

Thanks for the logs and information. Yes, profile corruption is fairly common, even in Windows 10. Not much you can really do about it easily except create a new user profile and move your old data into that new user profile.

Fix a corrupted user profile in Windows 7
https://support.microsoft.com/en-us/help/14039/windows-7-fix-corrupted-user-profile

Create a new account or keep using the test one. I would not recommend using your real name for any profiles.

Give that a try and let me know how things go

Ron

 

Link to post
Share on other sites

Hi

So are you saying there is no malware, definitely (to the best of knowledge) and the problem is entirely due to profile corruption?

Any idea how corruption could have occurred? The profile is new, less than one week old, after the complete reinstall. Any ideas would be appreciated because I've never experienced it before.

Link to post
Share on other sites

  • Root Admin

I've been doing computer support now for over 25 years and have never personally had a corrupt profile but I've had to fix hundreds of them for other users over the years. If you do a google search for "corrupt profile" there are almost 4 million hits.

Way too many things that can cause it. A forced shutdown can cause it, malware can cause it, bad memory, bad hard drive, software conflicts, bad drivers, etc.

Run a full disk check on your drive, then a hard drive test from the manufacturer software to test the hard drive, run a memory test http://www.memtest.org

Make sure you perform good data backups and hopefully it's the last time you see this again or at least not again for a while.

Backup Software

 

Thanks

Ron

 

Edited by AdvancedSetup
Link to post
Share on other sites

  • Root Admin

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this thread.Other members who need assistance please start your own topic in a new thread.

Thanks

 

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.