Jump to content

Malwarbytes exe gets deleted

Recommended Posts


I had some rogue malware on my computer including Police pro. I followed some of the threads and got combofix to run. Immediately after this, I ran malwarbytes in quick scan. It removed a bunch of viruses.

The problem now, is if I launch malwarebytes, it does not run. If I try installing it again it goes through the installation but comes up with an error below:




Unable to execute file:

C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe

CreateProcess failed; code 2.

The system cannot find the file specified.




If reboot and install it installs gets updates and I can quick scan. I find a virus:

Registry Data Items Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

After I uninstall, reboot and after a short while I run malwarebytes, I cannot execute. Go through the same cycle reboot, install, clean and after a while cannot run malwarebytes.

Any help is appreciated.


Link to post
Share on other sites

That looks very good. You appear to have weathered the storm.

ESET Online Scanner

  • Please go to the following link ESET Online Scanner Link
  • Tick the box YES, I accept the Terms Of Use
  • Click the Start button
  • Now click the Install button
  • Click Start
    The scanner engine will initialise and update
  • Do Not tick the box Remove found threats
  • Click the Scan button
    The scan will now run, please be patient
  • When the scan finishes click the Details tab
  • Copy and paste the contents of the C:\Program Files\EsetOnlineScanner\log.txt back here.

Link to post
Share on other sites

Hello sUBs,

Please find attached my log file from ESET scan.

Thanks for all the help.


C:\Qoobox\Quarantine\C\WINDOWS\system32\birokugi.dll.vir a variant of Win32/AntiAV.NCZ trojan

C:\Qoobox\Quarantine\C\WINDOWS\system32\bumujuna.dll.vir a variant of Win32/Adware.SuperJuan.F application

C:\Qoobox\Quarantine\C\WINDOWS\system32\dafirulo.dll.vir a variant of Win32/AntiAV.NCZ trojan

C:\Qoobox\Quarantine\C\WINDOWS\system32\gejuzifa.dll.vir Win32/KillAV.NFO trojan

C:\Qoobox\Quarantine\C\WINDOWS\system32\gulotema.dll.vir a variant of Win32/AntiAV.NCZ trojan

C:\Qoobox\Quarantine\C\WINDOWS\system32\hotalobu.dll.vir a variant of Win32/Adware.SuperJuan.F application

C:\Qoobox\Quarantine\C\WINDOWS\system32\hoyuvuki.dll.vir a variant of Win32/Adware.SuperJuan.F application

C:\Qoobox\Quarantine\C\WINDOWS\system32\moturofa.dll.vir a variant of Win32/Adware.SuperJuan.F application

C:\Qoobox\Quarantine\C\WINDOWS\system32\nuhogubo.dll.vir a variant of Win32/Adware.SuperJuan.F application

C:\Qoobox\Quarantine\C\WINDOWS\system32\robovoji.dll.vir a variant of Win32/Adware.SuperJuan.F application

C:\Qoobox\Quarantine\C\WINDOWS\system32\sinizamu.dll.vir a variant of Win32/AntiAV.NCZ trojan

C:\Qoobox\Quarantine\C\WINDOWS\system32\vowevega.dll.vir a variant of Win32/Adware.SuperJuan.F application

C:\Qoobox\Quarantine\C\WINDOWS\system32\yoguyutu.dll.vir a variant of Win32/AntiAV.NCZ trojan

C:\Qoobox\Quarantine\C\WINDOWS\system32\schtml\dbsinit.exe.vir Win32/Adware.WinAntiVirus application

C:\Qoobox\Quarantine\C\WINDOWS\system32\schtml\wispex.html.vir Win32/Adware.WinAntiVirus application

Link to post
Share on other sites

Of the stuff found, C:\QooBox is ComboFix's quarantine folder. We'll take care of it when we uninstall ComboFix

Now that your system is clean, kindly follow these simple steps in order to keep your computer clean and secure:

  1. Uninstall ComboFix ... do not skip this step
    This process will perform some post cleanup measures.
    Do this by going to to Start > Run & typing in ComboFix /u
    It is imperative that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.
  3. Microsoft Windows Updatehttp://www.windowsupdate.com
    Visit regularly. This will ensure your computer always has the latest security updates. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.
  4. http://www.mozilla.org/products/firefox/ - Firefox - Use this alternate browser. Whilst Internet Explorer is not a bad browser, almost every exploit crafted is targeted to take advantage of an IE weakness.
  5. http://java.com/en/index.jsp - Sun's Java - It's much more secure than Microsoft's Java Virtual Machine.
  6. http://www.aumha.org/downloads/erunt-setup.exe - ERUNT - A useful freeware utility for users of Windows 2000/XP. It's made up of two parts - ERUNT & NTREGOPT.
    ERUNT will create daily complete backups of your computer's Registry. Whilst System Restore does the same thing, a corrupt registry file may prevent Windows from booting & this effectively renders disables System Restore. With ERUNT, you're able to restore the damaged Registry.
    NTREGOPT works by recreating each registry hive "from scratch", thus removing any slack space that may be left from previously modified or deleted keys. In other words, it compacts the Registry to a small size which allows Windows to load & perform faster.

To find out more information about how you got infected in the first place and some great guidelines to follow to prevent future infections you can read this article by Tony Klein - http://www.spywareinfoforum.com/index.php?showtopic=60955

After doing all these, your system will be optimised against future threats.


Have a safe & happy computing day. wave.gif

Kindly respond to this thread once more so we can mark this thread as resolved.

Link to post
Share on other sites

This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.