Jump to content

Can't run MBAM, but I have log file from HiJackThis


Nosh
 Share

Recommended Posts

Hi,

My computer is badly infected by virus. I could not even run MBAM today. I would like to be able to run MBAM again. Please kindly help.

Today, I have already tried the following actions but they did not work!

1) I downloaded MBAM, installed, and tried to run. The first time I tried to run MBAM, I saw the MBAM screen for 1 second and then it disappeared for good.

2) I tried changing mbam.exe to m.exe. It still did not work.

3) Also, I tried to find TDSSserv.sys file but I could not find it

Start --> Run --> devmgmt.msc

View --> Show hidden device

I could not find TDSSserv.sys

Please see the log from HijackThis v2.0.2. Thanks a lot for your help in advance.

-------------------------------------------------

(deleted by request)

Link to post
Share on other sites

  • 2 weeks later...
  • 3 months later...

Topic reopened at request of user.

Please download ComboFix from the link below, save it on your desktop, turn off your anti-virus software, run the ComboFix download that you had saved on your desktop:

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

If that does not work, then please let me know, and I will send you a private message with a different download (I can't post the link publicly).

When ComboFix is done, and it presents you with the log in Notepad, please click 'File' and click "Save As". Save it on your desktop, and then attach that log file to a reply.

Please DO NOT copy and paste the log into a reply, as it will not be readable.

If you do not know how to attach files, then please look for an 'Attach' button or link either above of below the box where you type our your e-mail reply.

Note that some e-mail programs/services use an icon that looks like a paper clip to represent the 'Attach' button.

**Please Note**

ComboFix is an advanced utility, and is not like traditional automated tools. It will delete anything that it knows is bad without asking for confirmation, it will save backup copies in it's quarantine automatically, it will restart your computer, and it will produce a log that allows me to analyze and determine if there is anything leftover. This log will not contain any personal information, or information about any of your documents, pictures, music, videos, etc. It only compiles information on which applications/drivers/etc were installed within the last 30 days, any applications that have certain properties that could be used for malicious purposes, and most of the load points on your system that can be abused by malicious software. If there is a false positive, and something gets deleted that should not, then I can write a script for ComboFix that will tell it to restore specific items that it deleted.

Link to post
Share on other sites

Hi GT500,

Thank you for your help a few months ago. Malwarebytes is working on that computer now.

Although the Malwarebytes Forum is currently running fine, Mcafee On Access Scan keeps giving me the following message every few hours.

<<C:\WINDOWS\system32\tdlwsp.dll DNSChanger!cy (Trojan)>>.

I do not have access to this computer during the long weekend. I will have to wait until Tuesday 2/12/2010.

BTW, I have already tried downloaded ComboFix.exe at http://download.bleepingcomputer.com/sUBs/ComboFix.exe today.

It could be downloaded on that computer. But it could not be run successfully.

Here is the issue!

On the blue screen, it said "ComboFix is preparing to run. Were you trying to run CFScript?

The name, CFScript appears to be incorrectly spelt." and stopped there.

Therefore, the ComboFix scan did not run successfully.

Do you have any further advice?

Thanks,

Link to post
Share on other sites

  • 2 weeks later...
Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.