malwarebytes not loading on start up

[wizard1970]

I scanned my pc and found these two problems,

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sunjavaupdatesched (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Program Files\Java\jre6\bin\jusched.exe (Trojan.Agent) -> Delete on reboot.

After rebooting i would get a icon in the task bar saying windows has blocked a program from starting.The program being malwarebytes.If i right clicked on the icon i could run the program.Ran scanner again and didnt find the 2 problems above.But everytime i start my pc malwarebytes gets blocked by windows.Running windows vista.

[wizard1970]

I scanned my pc and found these two problems,

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sunjavaupdatesched (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Program Files\Java\jre6\bin\jusched.exe (Trojan.Agent) -> Delete on reboot.

After rebooting i would get a icon in the task bar saying windows has blocked a program from starting.The program being malwarebytes.If i right clicked on the icon i could run the program.Ran scanner again and didnt find the 2 problems above.But everytime i start my pc malwarebytes gets blocked by windows.Running windows vista.

Forgot to mention have checked start up programs and malwarebytes is ticked.

[swagger]

"C:\Program Files\Java\jre6\bin\jusched.exe" should be a legitimate file... Where did you download java from?

[wizard1970]

"C:\Program Files\Java\jre6\bin\jusched.exe" should be a legitimate file... Where did you download java from?

From the Java website

[yardbird]

Did this: C:\Program Files\Java\jre6\bin\jusched.exe (Trojan.Agent) -> Delete on reboot ---- Delete on your reboot? Can you update your mbam & run a quick scan, (please don't post a log here) See what comes up please?

[AdvancedSetup]

Sorry for closing the post but it looked more like you were discussing Malware removal.

To be sure you have only the latest version of Java you should probably run the following.

Please go into the Control Panel, Add/Remove and for now remove ALL versions of JAVA

Then run this tool to help cleanup any left over Java

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system.

Please download JavaRa and unzip it to your desktop.

***Please close any instances of Internet Explorer (or other web browser) before continuing!***

• Double-click on JavaRa.exe to start the program.
  
• From the drop-down menu, choose English and click on Select.
  
• JavaRa will open; click on Remove Older Versions to remove the older versions of Java installed on your computer.
  
• Click Yes when prompted. When JavaRa is done, a notice will appear that a logfile has been produced. Click OK.
  
• A logfile will pop up. Please save it to a convenient location and post it back when you reply
  Then look for the following Java folders and if found delete them.
  C:\Program Files\Java
  C:\Program Files\Common Files\Java
  C:\Windows\Sun
  C:\Documents and Settings\All Users\Application Data\Java
  C:\Documents and Settings\All Users\Application Data\Sun\Java
  C:\Documents and Settings\username\Application Data\Java
  C:\Documents and Settings\username\Application Data\Sun\Java
  

Then I normally cleanup with like CCleaner and reboot.

Download and install CCleaner

• CCleaner
  
• Double-click on the downloaded file "ccsetup223_slim.exe" and install the application.
  
• Keep the default installation folder "C:\Program Files\CCleaner"
  
• Click finish when done and close ALL PROGRAMS
  
• Start the CCleaner program.
  
• Click on Registry and Uncheck Registry Integrity so that it does not run (basically the very top, uncheck it)
  
• Click on Options - Advanced and Uncheck "Only delete files in Windows Temp folders older than 48 hours"
  
• Click back to Cleaner and under SYSTEM uncheck the Memory Dumps and Windows Log Files
  
• Click on Run Cleaner button on the bottom right side of the program.
  
• Click OK to any prompts
  

REBOOT NOW

Then I put in the latest version of Java.

Download and Update Java Runtime

The most current version of Sun Java is: Java Runtime Environment (JRE) 6 Update 16.

• Go to http://java.sun.com/javase/downloads/index.jsp
  
• Go to Java SE Runtime Environment (JRE) - JRE 6 Update 16 about half way down the page and click on the Download button.
  
• In Platform box choose Windows.
  
• Check the box to Accept License Agreement and click Continue.
  
• Click on Windows Offline Installation, click on the link under it which says jre-6u16-windows-i586.exe and save the downloaded file to your desktop.
  
• Install the new version by running the newly-downloaded file with the java icon which will be on your desktop, and follow the on-screen instructions.
  
• Uncheck the Toolbar button (unless you want the toolbar)
  
• Reboot your computer
  

[wizard1970]

Everything is running fine now.THANK YOU

[swagger]

Good Thanks Advanced for helping

[Mikedawc]

Hi, I'm new to the forums. Anyways, I seem to have the same problem as wizard1970. I also found one file and one registry key that was infected, they are: C:\Program Files\Java\jre6\bin\jusched.exe (Trojan.Agent) and HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sunjavaupdatesched (Trojan.Agent). Both of them were quarantined and deleted successfully. This was after I downloaded and installed the newest update for Malwarebytes' Anti-Malware 1.41 and found the infected files after scanning in Safe Mode. Afterwards, whenever I would turn on the laptop, I would get a message about a program being blocked from startup, which is the Malwarebytes' Anti-Malware program. So my problem seems to be identical to wizard1970's problem. I may be stupid for asking this, but should I follow the same steps that AdvancedSetup proposes? I should, right? I've been to other forums like bleepingcomputers.com and whenever I read about a problem that someone has, the person helping that person out usually posts a warning that the steps that the victim must take are for his/her certain situation and computer and that no one else should follow their steps; I'm just trying to be really careful and all. Anyways, my computer has been flashing that icon about Malwarebytes Anti-Malware program being blocked from startup ever since the 13th of September, and I've also run Norton and SuperAntiSpyware scans and have found nothing else except for some tracking cookies. So any help would be extremely grateful.

BTW, here is the logfile from the 13th:

Malwarebytes' Anti-Malware 1.41

Database version: 2785

Windows 6.0.6002 Service Pack 2 (Safe Mode)

9/13/2009 7:06:00 PM

mbam-log-2009-09-13 (19-06-00).txt

Scan type: Full Scan (C:\|F:\|)

Objects scanned: 260843

Time elapsed: 48 minute(s), 41 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 1

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 1

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sunjavaupdatesched (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

C:\Program Files\Java\jre6\bin\jusched.exe (Trojan.Agent) -> Quarantined and deleted successfully.

My Operating System is Windows Vista, Home Premium, Service Pack 2.

[Jacktivity]

Hi Mikedawc, and welcome to Malwarebytes

I've been to other forums like bleepingcomputers.com and whenever I read about a problem that someone has, the person helping that person out usually posts a warning that the steps that the victim must take are for his/her certain situation and computer and that no one else should follow their steps;

That is very true in general, particularly in the malware removal forum. So it's good for you to ask. In this case though, you are perfectly safe in following AdvancedSetup's instructions for removing and re-installing Java.

[Mikedawc]

Hi again,

Thanks for the reply, Jacktivity. So I followed all the instructions, and updated my Java software, and cleaned out my laptop (It seems run a little faster as well). But I still get that icon and warning that Windows has block a program, the Malwarebytes' Anti-Malware program, during startup. Is this normal or did I mess up somewhere along the way when I was following the steps? As for the JavaRa, I didn't get a log file even after running JavaRa a second time. I've also run a quickscan with Malwarebytes' Anti-Malware program after the last reboot and no malicious program has been found.

Thanks for reading this,

Mikedawc

[Jacktivity]

Hi Mikedawc,

No that is not normal. You should not get a UAC pop up from MBAM starting with Windows. Let's try this and see what happens.

1. Uninstall Malwarebytes' Anti-Malware using Add/Remove programs in the control panel.
   
2. Restart your computer (very important).
   
3. Download and run this utility. MBAM-CLEAN.EXE
   
4. It will ask to restart your computer (please allow it to).
   
5. After the computer restarts, install the latest version from here
   

Note: You will need to reactivate the program using the license you were sent

Launch the program and set the Protection and Registration.

Then go to the UPDATE tab if not done during installation and check for updates.

Restart the computer again

Another Note:

You should be an administrator when you do the install and run in normal mode. I noticed that on the 13th you were in safe mode when you ran the scan. Actaully, MBAM is designed to be run in normal mode as that is when all drivers, services, etc. are loaded. As for the JavaRa log file, it wants to write to the root of C:\. If you are running as a limited user, you probably don't have rights to place files in the root.

[Jacktivity]

@Mikedawc -

Here's another possibility - not sure if this is what's going on here with you, but there is a similar thread with UAC problems here . Unfortunately, no one has figured out the answer yet but they are actively working on it.

[exile360]

You might try changing the mbamservice startup type to Automatic instead of Automatic (delayed). I had to do this, otherwise it behaved exactly the same way. The Java detection appears to be a false positive so if it's still detected with the latest definitions please refer to this post: Read before reporting a false positive!

and post the info here: False Positives

To change the startup type for the service:

• Click on the Start Orb and type services and press Enter
  
• Click Continue at the User Account Control prompt
  
• Once the Services window opens, scroll down the list until you find the MBAMService and double click on it
  
• Click the drop down menu next to Startup Type and select Automatic
  
• Click the Apply button and click on Ok
  
• Close the Services control panel
  
• Reboot the PC to see if MBAM starts properly
  

Please post back and let us know how it works out.

Thanks .

[Mikedawc]

Okay, I'm back, sorry for being gone for so long, but it was like 4 in the morning when I posted my last message, and I had been up all night.

@Jacktivity

I haven't tried your steps yet. But that's because I don't think I have a UAC problem. I have checked out the link that you have provided, and I think I do have the same problems that people on that thread have. I did a HiJackThis and I've found the same thing they have:

O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript.

I've also found a thread on another forum with someone who has the same problem, but he had it last year: http://www.geekstogo.com/forum/MalwareByte...ta-t213414.html. The only difference is that he had like 80 infections and I only had 2. I've already run a full system scan with MalwareBytes' Anti-Malware program in normal mode, and I've found no other infections. As with the JavaRa, yeah, I think you're right, I should have right click on the program and "Run as an Administrator". But I've already went through with the installation of the new Java update and I think my computer is up to date with Java now.

@ exile360

I did try to follow your steps. However, when I opened the services program, I could not find MBAMService at all. I even went through each of the programs one by one. I did find the program after looking for it in C:\Program Files\Malwarebytes' Anti-Malware folder. But I haven't touched it yet.

Oh yeah, here are some screen shots of my problem, this is what I'm usually seeing whenever I turn on or restart my computer:

Thanks for your help,

Mikedawc

[exile360]

Ah, thanks for the update Mike . I must have misunderstood what was going on. You must have the free version of MBAM, not the paid version. With the free version you won't see that service because it does not load in the background, and therefore doesn't get installed under the Services control panel.

I apologize for the error. Hopefully the developers will figure out what's going on and why this seems to be happening on some systems.

[Mikedawc]

Ah, thanks for the update Mike . I must have misunderstood what was going on. You must have the free version of MBAM, not the paid version. With the free version you won't see that service because it does not load in the background, and therefore doesn't get installed under the Services control panel.

I apologize for the error. Hopefully the developers will figure out what's going on and why this seems to be happening on some systems.

It's all right. As long as my system isn't infected or compromised, I think I can stand that "Windows has blocked a program" problem. Thanks for your help anyways.

[yardbird]

Please post back if theres anything we can do?

[skewlnu]

I am also having this problem with MBAM being blocked by windows on startup. I think it stems from the fact that when I try to start MBAM during any other time Windows will ask me for permission before it will open, therefore, it will also ask for permission even during startup.

Is there any way to tell Windows that this is a trusted program and ask it to not ask for permission when it starts?