Jump to content

MB disappears upon trying to scan


Recommended Posts

One of my users laptops is infected with malware. Usually I can run MB and it gets cleaned up. However, when i try to run MB on this users laptop and hit the quick scan button, the application disappears. When i try and run the application again it says it cant be found. I have tried renaming mbam.exe to explorer.exe and the same thing keeps happening. Any tips on how to get this working?

Link to post
Share on other sites

There is a possibility that running Rkill first might help, but I can't give any guarantee. Rkill was made by BleepingComputer.com to combat rogue security apps that block anti-malware applications and logging tools from running, but it isn't really meant as an anti-rootkit.

Here are some downloads of Rkill:

After running that, try Malwarebytes' Anti-Malware again.

Link to post
Share on other sites

  • Root Admin

Please download and run the following tool to help allow other programs to run. (courtesy of BleepingComputer.com)

There are 6 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click and choose Run as Admin

You only need to get one of them to run, not all of them.

  1. rkill.exe
  2. rkill.com
  3. rkill.scr
  4. rkill.pif
  5. WiNlOgOn.exe
  6. uSeRiNiT.exe

Once you've gotten one of them to run then try to immediately run the following, DO NOT REBOOT

Try to start MBAM and check for updates and do a quick scan.

You can also take a look at the following post:

MBAM will not install - Code 2 error, mbam.exe not found

http://www.malwarebytes.org/forums/index.php?showtopic=29028

If none of these work for you the please read and follow the directions below.

Scan and post logs - read note at bottom in green

If you're having Malware related issues with your computer that you're unable to resolve.

  1. Please read and follow the instructions provided here: I'm infected - What do I do now?
  2. If needed please post your logs in a NEW topic here: Malware Removal - HijackThis Logs
  3. When posting logs please do not use any Quote, Code, or other tags. Please copy/paste directly into your post and do not attach files unless requested.

  • Please do not post any logs in the General forum. We do not work on any logs posted in the General forum.
  • Please do not install any software or use any removal/scanning tool except for those you're requested to run by the Helper that will assist you.
  • Using these other tools often makes the cleanup task more difficult and time consuming.
  • If you have already submitted for assistance at one of the other support sites on the Internet then you should not post a new log here, you should stay working with the Helper from that site until the issue is resolved.
  • Do not assume you're clean because you don't see something in the logs. Please wait until the person assisting you provides feedback.
  • There are often many others that require asistance as well, so please be patient. If no one has responded within 48 hours then please go ahead and post a request for review

  • NOTE: If for some reason you're unable to run some or any of the tools in the first link, then skip that step and move on to the next one. If you can't even run HijackThis, then just proceed and post a NEW topic as shown in the second link describing your issues and someone will assist you as soon as they can.

Link to post
Share on other sites

I have been watching several forums over the past few days, mostly this one, and bleeping.

An employees laptop is infected, the program alternates between Police Pro, and Security Pro.

It seems as though this program has been modified to work around all the fixes posted. I have tried the suggested fixes,

downloaded all exefix, regfix, and Sysinternals, (I also use Taskinfo). Each time I use a program it runs once then is disabled by the virus

and will not work again.

Malwarebytes loads then scans for 2 seconds then quickly terminates

I get no logs no file list to work with. I have tried manually disabling all processes that I do not Know are essential.

I have followed all of the guides to fix the registry, program folders etc.

Even the file names change - I started out finding most of the files in the police Pro descriptions, but once I attacked those files I never see them any more but now I don't even see folder names to match.

Anyway - I'm getting carried away,

If anyone is working on this, please do not assume that the instructions from several weeks ago will help us. I would like to hear from anyone who has had this beat in the last few days. If I can get hijack this, or MWB to run I will post logs but for now Nothing will run but this scamware. Thanks and good luck.

P.S. I have isolated this machine - it has No network connection, and all files are added by CD the most recent file date is 10/21/09

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.