Jump to content

Error while trying to remove MBAM

Firefox
 Share

Recommended Posts

Firefox

Firefox

Posted
Posted

OK so I was cleaning out my friends computer. He was infected with the Total Security crap.....

I booted to a bartpe disk and found the exe files that were running the total security app. I put those in a temp folder. Then I restart the computer and was able to run MBAM by renaming the file. It found some infections and I removed the infections.

Restarts ok, but MBAM will not load automatically. I figured it got corrupt by the Total security stuff. Anywho, I uninstalled, rebooted then tried to run the mbam-clean.exe tool. When I run that clean tool I get the following error:

uninstallerror.jpg

If I try to reinstall now I get this error:

error2a.jpg

Any help appreciated.....

Link to post
Share on other sites
GT500

GT500

Posted
Posted

Total Security has been coming with a rootkit here lately. I would believe it's the UAC rootkit. I had to delete the drivers and such manually from a BartPE disk the other day, because the laptop I was working on would just BSOD on every startup.

Here's a list of the files I removed manually, so that you know what they look like:

C:\Windows\System32\gasfkyckbejkes.dll
C:\Windows\System32\gasfkydceayoso.dat
C:\Windows\System32\gasfkymkvcdtmn.dat
C:\Windows\System32\gasfkymoeantyi.dll
C:\Windows\System32\gasfkywfornrvx.dll
C:\Windows\System32\iehelpmod.dll
C:\Windows\System32\nvModes.001
C:\Windows\System32\nvModes.dat
C:\Windows\System32\uacinit.dll
C:\Windows\System32\UACjlkibebmax.dll
C:\Windows\System32\UACrsryfjovwu.dat
C:\Windows\System32\UACrtapuimfvx.dll
C:\Windows\System32\UACtepxeolwml.dll
C:\Windows\System32\drivers\gasfkyardopxod.sys
C:\Windows\System32\drivers\UACwnthkllldv.sys

Now please note that these files will not have the same name on the computer you are working on, but they were easy to find because I sorted them by date created, and they were the newest files in their directories. I also don't know if the two nvModes files were malicious, but they didn't have version tabs, they had the same created date as the rootkit drivers, and they aren't needed by the NVIDIA display drivers so I deleted them as well.

Also note that, even after doing this, the computer will not be clean. You have a lot of work ahead of you as far as log analysis and running virus scans just to be sure. It may not even fix the issue with MBAM (at least not without a reinstall of MBAM).

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.