Jump to content

Malware blocking Malwarebytes


WillP
 Share

Recommended Posts

Problem:

I posted this earlier in the wrong forum, and after some drinking, I'm ready to tackle it again. I'm helping a friend remove malware from his computer that took over the system 3 days ago. The malware removed the icons and start menu from the desktop and I can only function in the admin. account through the task manager. It is also preventing me from being able to do a system restore, access the control panel, edit the registry (at times, but not always), access the internet (at times, but currently available), enter safe mode (which freezes), and access the task manager on any account other than the admin. account.

I read some forum posts from people with the malware that I found, and tried to change the group policy to stop the malware from preventing system restore, and cleared the registry of the entry that was blocking restore, and it still won't restore. I also checked the processes running in task manager, and haven't been able to find any processes running that have names other than normal Windows processes. I was suspicious of iexplorer running the other day when the program wasn't open, but I didn't do anything about it then, and it seems to have stopped. Here are the details:

Scan Info:

I ran Spyware Dr., which still seems to work. It told me that I have the following on the computer:

Adware advertising (38 infections)

Application Tracking Cookies (77 infections)

Trojan-spy.zbot.YETH (4 infections)

Trojan-spy.zbot.A (6 infections)

Trojan.Virtumonde (10 infections)

Trojan-Downloader.Agent.OGP (1 infection)

Adware.Component.Unrelated (2 infections)

Non-functioning Security Programs:

I downloaded the following anti-malware programs that it has prevented from functioning:

Kaspersky

Norton

SUPER Antispyware

Malwarebytes

Hijack This

I have even tried renaming the files and moving them to other locations to fool the program, but it doesn't seem to be working anymore. I was only able to get SUPER Antispyware to function this way after I reinstall it. It did remove several malware files, but there are more in there.

Functioning Security Programs:

The following programs have been able to scan the machine and appear to be functioning:

Avast

Avira

Spyware Doctor

Avast and Avira have removed some malware files, but not all. For the problems I have, I hear that Malwarebytes is a good fix, but I can't get it to work. After installing and running it, it stops working 27 seconds into the scan. I tried the tricks in the FAQ on this site as someone suggested, and looked at the relevant general help topics in this forum, including looking for the processes that the malware is running through process explorer, but I still can't find it or disable it to get Malwarebytes to work. Anyone want to jump in and help with this mess? Thanks.

-WillP

Link to post
Share on other sites

Please note that all instructions given are customised for this computer only,

the tools used may cause damage if used on a computer with different infections.

If you think you have similar problems, please post a log in the HJT forum and wait for help.

Hello and welcome to the forums

My name is Katana and I will be helping you to remove any infection(s) that you may have.

Please observe these rules while we work:

  1. Please Read All Instructions Carefully
  2. If you don't understand something, stop and ask! Don't keep going on.
  3. Please do not run any other tools or scans whilst I am helping you
  4. Failure to reply within 5 days will result in the topic being closed.
  5. Please continue to respond until I give you the "All Clear"
    (Just because you can't see a problem doesn't mean it isn't there)

If you can do those few things, everything should go smoothly laechel.gif

Some of the logs I request will be quite large, You may need to split them over a couple of replies.

Please Note, your security programs may give warnings for some of the tools I will ask you to use.

Be assured, any links I give are safe

----------------------------------------------------------------------------------------

Download and Run ComboFix (by sUBs)

Please visit this webpage for instructions for downloading and running ComboFix:

Bleeping Computer ComboFix Tutorial

  • You must download it to and run it from your Desktop
  • Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.
  • Double click combofix.exe & follow the prompts.
  • When finished, it will produce a log. Please save that log to post in your next reply
  • Re-enable all the programs that were disabled during the running of ComboFix..

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix on your own.

This tool is not a toy and not for everyday use.

ComboFix SHOULD NOT be used unless requested by a forum helper

For instructions on how to disable your security programs, please see this topic

How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Link to post
Share on other sites

 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.