Jump to content

mbam wont run


Trav 1

Recommended Posts

Hello,

I run XP on a Dell Inspirion 5150 & I have recently been infected with Antivirus Pro 2010 & Advanced Virus Removal. These are the ones I know of for sure. I can not access the web from the infected pc. I downloaded and installed Mbam from usb. I can not run it in normal mode, but I ran it i safe mode and found.....are you ready for this........535 infections. After the safe mode scan & removal I tried to open in normal mode and the desktop almost completely locks up. My system restore, reg editor and task manager have been disabled. Any thoughts or suggestions? Thanks for your time.

Link to post
Share on other sites

Hi,

If you still need help with this, do the following:

Download DDS and save it to your desktop from here or here or here.

Disable any script blocker, and then double click dds.scr to run the tool.

  • When done, DDS will open two (2) logs:
    1. DDS.txt
    2. Attach.txt

    [*]Save both reports to your desktop. Post them back to your topic.

Download GMER here by clicking download exe -button and then saving it your desktop:

  • Double-click .exe that you downloaded
  • Click rootkit-tab and then scan.
  • Don't check
    Show All
    box while scanning in progress!
  • When scanning is ready, click Copy.
  • This copies log to clipboard
  • Post log in your reply.

Link to post
Share on other sites

Thanks for the logs.

Please visit this webpage for download links, and instructions for running ComboFix tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Please ensure you read this guide carefully and install the Recovery Console first.

The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

Once installed, you should see a blue screen prompt that says:

The Recovery Console was successfully installed.

Please continue as follows:

  1. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix, link
    Remember to re-enable them afterwards.
  2. Click Yes to allow ComboFix to continue scanning for malware.

When the tool is finished, it will produce a report for you.

Please include the following reports for further review, and so we may continue cleansing the system:

C:\ComboFix.txt

New dds log.

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix. This tool is not a toy and not for everyday use.

Link to post
Share on other sites

Hi again,

Uninstall Ask Toolbar if not installed on purpose.

Open notepad and copy/paste the text in the quotebox below into it:

File::
c:\documents and settings\Toshua Gent\Local Settings\Application Data\ropu.com
c:\documents and settings\Toshua Gent\Application Data\kexutubej.pif
c:\windows\system32\usacibeto.dat
c:\program files\Common Files\xazal._sy
c:\program files\Common Files\yhywe.dat
c:\program files\Common Files\ruko._dl
c:\documents and settings\All Users\Application Data\ceryky.scr
c:\documents and settings\Toshua Gent\Application Data\ugume.exe
c:\windows\zoqexi.com
c:\windows\system32\temp32.bat
c:\program files\Common Files\ovuvy.dat
c:\documents and settings\Toshua Gent\Application Data\ysegynydew.dat
c:\documents and settings\All Users\Application Data\qete.exe
c:\program files\Common Files\mamydeku._sy
c:\program files\Common Files\seqogot.dll
c:\windows\siqo.pif
c:\windows\yhupyqe.pif
c:\documents and settings\Travis Harrell\Local Settings\Application Data\upidozihe.bin
c:\documents and settings\Travis Harrell\Application Data\vexez.bin
c:\windows\system32\eryba.dat
c:\program files\Common Files\qatuxyqor.bin
c:\windows\upova.pif
c:\windows\ymyda.pif
c:\documents and settings\Travis Harrell\Local Settings\Application Data\irujyqal.com
c:\documents and settings\All Users\Application Data\ohyzipa.dat
c:\program files\Common Files\cojuras.pif
c:\program files\Common Files\vixaqar.scr
c:\windows\imubot.dat
c:\windows\system32\ilyvaxixum.dat
c:\windows\system32\ranubydeq.bin
c:\documents and settings\Toshua Gent\Local Settings\Application Data\ywybir.dll
c:\windows\ykekyxepy.com
c:\documents and settings\All Users\Application Data\idiruleneh.dat
c:\documents and settings\Toshua Gent\Application Data\kodecex.sys
c:\windows\system32\ucyf.sys
c:\documents and settings\Toshua Gent\Local Settings\Application Data\ykurisape.com
c:\windows\ucanelefu.bin
c:\program files\Common Files\mopi.sys
Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000000
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000000
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000000

Save this as

CFScript

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine. This tool is not a toy and not for everyday use.

CFScriptB-4.gif

Close all browser windows and refering to the picture above, drag CFScript into ComboFix.exe

Then post the resultant log.

Uninstall old Adobe Reader versions and get the latest one (9.2) here if you necessarily need it. I see that there's also Foxit Reader installed so you may not require Adobe Reader.

Uninstall Shockwave and get the fresh one here if needed.

Check here to see if your Flash is up-to-date (do it separately with each of your browsers). If not, uninstall vulnerable versions by following instructions here. Fresh version can be obtained here.

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update to the latest version...

Updating Java:

  • Download the latest version of Java Runtime Environment (JRE) 6 Update 17.
  • Click the
    Download
    button to the right.
  • Select Windows on platform combobox and check the box that says:
    Accept License Agreement. Click continue.
  • The page will refresh.
  • Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u17-windows-i586-p.exe to install the newest version. Uncheck Carbonite online backup trial if it's offered there.

Download ATF (Atribune Temp File) Cleaner

Link to post
Share on other sites

New logs. Installed CFScript and ATF. Mbam failed to update, error code 732 (0,0). I guessing its because I cant access internet. ATF done good, cleaned something like 5,000,000. If I could get online I could update MBAM. Ran quick scan without updates, found no infections. The quick scan is alot faster now. It used to run for about 14mins, this last time it only took about 6 mins.

2Attach.txt

2cflog.txt

2DDS.txt

mbam_log_2009_11_07__21_30_49_.txt

Link to post
Share on other sites

The connection has been down for a month or two. It started after I failed to remove the two malware, Advanced Virus Remover & Anti Virus Pro 2010. I use both connections, wired & wireless. The taskbar shows I'm connected but no pages will open. Then it began to crash as soon as desktop opened, but after I ran the programs you suggested it doesn't crash but still can't open any pages. It say "page could not be displayed" or something like that. Thanks and have a good day.

Link to post
Share on other sites

Have you given browser(s) proper permissions in your firewall?

Please run Notepad (start > All Programs > Accessories > Notepad) and copy and paste the text in the quote box into a new file:

@echo off

>Log1.txt (

ipconfig /all

nslookup google.com

ping -n 2 google.com

route print

)

start Log1.txt

del %0

  • Go to the File menu at the top of the Notepad and select Save as.
  • Select save in: desktop
  • Fill in File name: test.bat
  • Save as type: All file types (*.*)
  • Click save.
  • Close the Notepad.
  • Locate and double-click tast.bat on the desktop.
  • A notepad opens, copy and paste the content it (log1.txt) to your reply.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.