Scan window disappeared and I can't restore it

[amselby81]

Hello. I was running the malwarebytes scan for the very first time today. It had been scanning for almost 3 hrs and had detected 16 infected objects when all of sudden it disappeared. I'll admit that I was also browsing the internet when it happened. Maybe I shouldn't have done that. So anyway, thinking that it had stopped its scan, I went to run another scan but it says that malwarebytes is already running, and will not allow it to open. So I guess it's still doing a scan??? Will something pop up when it's finished? I really wish I could see the window, so I could see how many files it's scanned and how many infected objects it's detected.

Thank you.

Angie

[mountaintree16]

Hi Angie and welcome to the forums here at Malwarebytes.org

Try pressing ctrl + alt + delete to get to task manager.

• Click on the Processes tab.
  
• Click on "image name" (this just sorts them in alphabetical order so things are easier to find by name).
  
• Find mbam.exe
  
• Click on it, then click end process.
  
• Click "yes" at the prompt.
  
• Try opening malwarebytes again, and this time run a QUICK scan
  

If mbam.exe is not found, then it isn't running.

If that doesn't work, (and even if it does) when you are finished and have removed all found items, please read below:

Please read and follow the directions here, skipping any steps you are unable to complete. Then post a NEW topic here.

One of the expert helpers there will give you one-on-one assistance when one becomes available.

Someone will be along to help you as soon as possible to clean your machine. It can take 48 hours or more sometimes to get a reply from someone when the malware removal forum is very busy, so please be patient

And as a side note, when replying please use the "add reply" button at the bottom of the page or erase what the person replying to you said and just address them as @username or username:, as this makes the forum easier to read.

Thank you

[amselby81]

Thank you, but I'm really confused. I was under the impression that I just run a scan and the virus' are removed. I did as you said, and ran a quick scan. It found 16 items and we removed them and then restarted the computer. So I'm not finished? My computer isn't acting any better, and my husband who was suspicious of malwarebytes is really suspicious now. I trust it, b/c I searched for anything negative, and couldn't find anything negative about malwarebytes. But he is not too keen on the idea of having to do the whole defogger thing and all those other steps. Is that thread telling me that I'm supposed to do all that? And then I'm not sure what I'm supposed to post on that thread.

Sorry, I'm the one who's computer illiterate in my household. My husband knows alot more than I do, and like I said, he's suspicious.

[mountaintree16]

Hi Angie

Nope, manual removal is required to rid your system of infections when using Malwarebytes. Did you do this? It sounds as though you did. When the results are found, you click "show results", check off everything that is found, and then "remove all". Then restart if prompted (doesn't hurt to restart even if not asked). Then you rescan to make sure that everything is gone.

No reason to be suspicious of Malwarebytes. It's an amazing program made and maintained by amazing people and I can guarantee you its not a bad program at all.

Could you post the log here so we can see what was found? (I'm just curious what the results were. I am not a staff member or qualified to help with malware removal, but I just want to see what might be going on here).

You are probably still infected and you'll need to go to the malware removal forum.

Yes, you need to run the defogger. Just do as much as you are able to do with the directions that I gave you.

[amselby81]

Sorry again. So I was just reading through the posts on the log board thingy, and I see that it appears that people cut and paste what popped up on notepad, once the scan was finished. Is that correct? So since we just x'd out of notepad, we should do another scan and then cut and paste the report or log or whatever it's called to that thread? Is that what I'm supposed to do? And then I wait for a reply from an expert. They don't actually get into my computer, do they? Do they just give steps on how to correct any issues?

I'm really sorry if this is posted somewhere else on these boards. I was a little overwhelmed when I got on here, and wasn't really sure where I needed to start or what I should read. I figured I'd start here since it was a general board.

I really appreciate all help. Thank you.

[amselby81]

I must have been typing when you responded, but I just read your last response. I need to run another scan, and then I'll post the log report thingy that pops up on notepad. It took about an hour and a half to do that last scan, so don't expect an immediate response.

Thanks again.

[mountaintree16]

Hi Angie

Yes, you copy and paste.

So, open up Malwarebytes. Click on the "logs" tab. There you'll see the logs of past scans. Pick the one that was when you removed the 16 found items, and open it. copy and paste it into your next reply.

I'll take a look, and then you need to post that log and whatever else you are able to do from the directions I gave you here in the malware removal forum:

http://www.malwarebytes.org/forums/index.php?showforum=7

No, no, no one actually gets into your computer Yes, just giving steps on how to correct issues. The logs just show whats going on so the experts can help you disinfect and clean your system

It is posted what you are to do if you are infected, but no worries, lots of people post here first, and then we direct them to the correct spot

You are very welcome!!

No worries! Most things are fixable, and the experts here will be able to help you

Edit: Make sure that you are using the quick scan still

[mountaintree16]

Angie,

I forgot one important thing here, which would also help speed up scanning time!

Please download ATF Cleaner from here. (It is a temporary file cleaner).

If you are running Vista, you'll need to right-click and choose "Run as Administrator". Make sure that there is nothing in your recycle bin that you want.

Check off all the options.

Click "empty selected"

Then, if you use Firefox or Opera for a web browser, click on their names up at the top of ATF Cleaner. Check all. If you have saved passwords that you want to keep, click NO at the prompt. Click "empty selected".

Then do a QUICK scan with Malwarebytes

[amselby81]

Okie dokie. I just now read your last post. I just finished my 2nd scan and it turned up no infections. I used quick scan both times.

I'll cut and paste the log from the earlier quick scan that found the 16 infected objects. I feel the need to say that this computer is 5 years old, but was working fine until about a week ago. I mean, of course it wasn't as fast as a newer computer, but it was fast enough. About a week ago is when we started having problems. We had a pop up say that we had some viruses and that we needed to download something to remove them. We closed the pop up immediately and went to run a mcafee scan and mcafee wouldn't work. Mcafee hasn't worked since, and our computer has been super slow. Mcafee still won't work and our computer is still really slow.

Okay, so here is the log. I still haven't done the defogger stuff and all that other stuff that was in that one thread. How long does that usually take? And will there be info that I need to cut and paste from those steps?

_____________________________

Internet Explorer 7.0.5730.11

12/28/2009 5:12:24 PM

mbam-log-2009-12-28 (17-12-24).txt

Scan type: Quick Scan

Objects scanned: 115642

Time elapsed: 1 hour(s), 9 minute(s), 57 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 20

Registry Values Infected: 5

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 13

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

HKEY_CLASSES_ROOT\main.bho.1 (Trojan.BHO) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{4b66e1df-4de3-4cda-83b5-11673eadab0b} (Trojan.FakeAlert) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{9692be2f-eb8f-49d9-a11c-c24c1ef734d5} (Trojan.FakeAlert) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{986a8ac1-ab4d-4f41-9068-4b01c0197867} (Trojan.BHO) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{549b5ca7-4a86-11d7-a4df-000874180bb3} (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{684ee1db-cd52-4ca9-9ccf-93d5f6b419ba} (Trojan.Banker) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{afd4ad01-58c1-47db-a404-fbe00a6c5486} (Trojan.BHO) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{39fc2065-c9c7-49cd-8942-44cc2dedc844} (Trojan.Downloader) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{8567edfa-408c-43e9-b929-4c25c04f5003} (Trojan.FakeAlert) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{abd45510-9b22-41cd-9acd-8182a2da7c63} (Trojan.FakeAlert) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{549b5ca7-4a86-11d7-a4df-000874180bb3} (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{afd4ad01-58c1-47db-a404-fbe00a6c5486} (Trojan.BHO) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{39fc2065-c9c7-49cd-8942-44cc2dedc844} (Trojan.Downloader) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{8567edfa-408c-43e9-b929-4c25c04f5003} (Trojan.FakeAlert) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{abd45510-9b22-41cd-9acd-8182a2da7c63} (Trojan.FakeAlert) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{684ee1db-cd52-4ca9-9ccf-93d5f6b419ba} (Trojan.Banker) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Trymedia Systems (Adware.TryMedia) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Enum\Root\LEGACY_DRV (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Enum\Root\LEGACY_DRVDRV (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\drv (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Values Infected:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\system tool (Rogue.SysGuard) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\lowriskfiletypes (Trojan.FakeAlert) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\drv (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sysldtray (Backdoor.Bot) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\tnitgqja (Trojan.FakeAlert.N) -> Quarantined and deleted successfully.

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

C:\WINDOWS\system32\spool\prtprocs\w32x86\607.tmp (Malware.Packer) -> Quarantined and deleted successfully.

C:\Program Files\Shared\lib.sig (Adware.Deepdive) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\alog.txt (Stolen.data) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\bb1.dat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\cmds.txt (Malware.Trace) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\cs.dat (Malware.Trace) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\ps1.dat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\rc.dat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\010112010146118114.dat (Worm.KoobFace) -> Quarantined and deleted successfully.

C:\WINDOWS\0101120101464849.dat (Worm.KoobFace) -> Quarantined and deleted successfully.

C:\WINDOWS\0101120101465752.dat (Worm.KoobFace) -> Quarantined and deleted successfully.

C:\WINDOWS\934fdfg34fgjf23 (Worm.KoobFace) -> Quarantined and deleted successfully.

C:\WINDOWS\bf23567.dat (Worm.KoobFace) -> Quarantined and deleted successfully.

[mountaintree16]

Hello again Angie, and thank you for posting back

Okay, you need to post in the malware removal forum ASAP - I think that your computer needs a deeper look taken at it. Also, looks like you picked up the "facebook" worm - Koobface. Seems as though you clicked on a fake video link or something similar - this is often how Koobface is spread, although it can be spread and contracted in other ways.

Please post the log that you posted to me here, and your newest log, and the information that you told me here, along with what operating system you have:

http://www.malwarebytes.org/forums/index.php?showforum=7

It can take a while for someone to get back to you though, so please be patient. Please try to include all the information that you can think of in your first post, and do not reply back to your own post unless its been over 48 hours since your original post, and only reply back to request a review. Replying to your own post, even to add more information, can make it appear as though you are getting help already and your post may be overlooked for a while due to that. If you have new information that you feel would be useful to your helper, save that information in a wordpad or a word document and let your helper know that information once you've received a reply.

Also, feel free to provide a link back to this post, it would be useful for your helper to see if she or he would like to

In the future, if you get a fake virus alert page like the one you described, use ctrl + alt + delete and END the task with Task Manager. Clicking on the X that the fake pop up gives or even closing it out via your browser can further the installation.

I don't know how long defogger takes. Do it when you have an uninterrupted block of time to devote to it. Yes, you'll need to be copying and pasting logs from those as well.

Also, if you have used this machine for any online banking, financial transactions, etc STOP and do NOT do any more of them, and if you have access to a known CLEAN machine, change any passwords from that computer. You would also be wise to keep a close eye on upcoming bank and credit card statements.

[amselby81]

Man...that stinks! LOL I'll let me husband know to change the passwords and such from his computer at work. He does keep a very close eye on our bank stuff, though. Checks it at least once a day. I usually think he's just being paranoid, but I appreciate it now.

And thank you for the tip about closing those pop ups with control al delete. I've wondered if clicking on the x actually installs it. Those tricky virus making people. Boo to them. and I do use facebook quite often, but I try to be careful about clicking on videos and links.

I hate that mcafee doesn't pick these things up. I really feel like they are sort of a scam. We called them last week, right after we started having problems, and they told us that the viruses had been removed and that our computer was just being slow b/c we were low on memory. I know that if we were to call them now, they'd want us to shell out $100 to have someone hack into our computer to fix it. We've had that happen before. I bet if I would have known about mawarebytes we wouldn't have had to dish out the money to fix it.

I did post on the other board. Unfortunately I did it before reading your latest post, and so I did not include the most recent log.

You've been a super big help. I really appreciate it.

[mountaintree16]

Hey there Angie I'm glad that you've posted in the Malware Removal Forum

Alright. Just be sure that his computer at work is clean.

That's good that he keeps a close eye on your accounts.

As for Facebook, this is what I recommend doing, and it makes for a much safer Facebook experience, although its not foolproof:

Disable Adobe Flash

Do NOT use applications

Do NOT click on links that you do not know without a doubt are SAFE

Just be wary of what you click and what you do.

You're welcome for the ctrl + alt + delete tip I didn't know that either until I came here, but its very useful information to have.

Once you're clean, you should choose another AV solution. If your McAfee is paid, you could finish out until the license is done, although due to the kind of service you've received, if I were you I'd want to switch even if I still had a license that was good.

The anti-viruses that are recommended mostly around here are:

(for free ones) Avira, MSE, Avast!

(paid) Kaspersky

And I am probably missing some

Once you're all clean your helper can advise you on an AV to choose or you can post over in the PC Help forum and someone can assist you. I'll look out for your posts and I can help you too in giving you links and information on the different choices once you're clean if you haven't already selected something. You'll need to use a removal tool for McAfee in order to install another AV, but that won't take long at all.

Just remember that Malwarebytes is NOT an anti-virus solution, but is made to complement your anti-virus. It is good at what an anti-virus is not good at, and picks up and detects/removes things that AV's cannot fully detect/remove or cannot detect/remove to begin with.

You are very welcome I'm glad that I was able to help you and get you moving in the right direction!

Our post here is finished now though, as you've posted your log in the malware removal forum. Once you're clean, I can give you some tips and some other tools to use if your helper doesn't do so (but they usually do ).

Good luck!