MBAM does not remove detected infections

[NONE****]

Computer started acting strangely about one week ago. Had trouble just getting a browser page to pop up. We ran a MBAM scan several times and it finds 36 Trojan.Crypt and 6 Rootkit.MBR, each within C:\System Volume Information \ _ restore {B6A35... When I hit remove, MBAM just freezes and the infections are apparently not removed. After several minutes or several hours (in a couple of scans) I tried to close out MBAM, but get the "this program is not responding" error message. I restart the computer and try again. Have tried to reboot and start in Safe Mode (to scan with MBAM again), but the computer only boots back up normally. Can not get into Safe Mode for some reason.

I have read the forum and can not find a posted thread with my exact problem. We are running Windows 5.1.2600 Service Pack 3 and Inernet Explorer 8.0.6001.18702. We are using Bit Defender, as well but it did not prevent the infection. I would appreciate any help I could get. Below is the log from the last MBAM scan:

Malwarebytes' Anti-Malware 1.42

Database version: 3445

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

12/29/2009 10:20:52 AM

mbam-log-2009-12-29 (10-20-46).txt

Scan type: Full Scan (C:\|)

Objects scanned: 281104

Time elapsed: 1 hour(s), 28 minute(s), 6 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 42

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

C:\System Volume Information\_restore{B6A35EF1-34C3-49DD-8DB1-3F4333E713A6}\RP702\A0119754.exe (Trojan.Crypt) -> No action taken.

C:\System Volume Information\_restore{B6A35EF1-34C3-49DD-8DB1-3F4333E713A6}\RP702\A0119755.exe (Trojan.Crypt) -> No action taken.

C:\System Volume Information\_restore{B6A35EF1-34C3-49DD-8DB1-3F4333E713A6}\RP702\A0119841.exe (Trojan.Crypt) -> No action taken.

C:\System Volume Information\_restore{B6A35EF1-34C3-49DD-8DB1-3F4333E713A6}\RP702\A0119842.exe (Trojan.Crypt) -> No action taken.

C:\System Volume Information\_restore{B6A35EF1-34C3-49DD-8DB1-3F4333E713A6}\RP702\A0119852.dll (Rootkit.MBR) -> No action taken.

C:\System Volume Information\_restore{B6A35EF1-34C3-49DD-8DB1-3F4333E713A6}\RP702\A0120823.exe (Trojan.Crypt) -> No action taken.

C:\System Volume Information\_restore{B6A35EF1-34C3-49DD-8DB1-3F4333E713A6}\RP702\A0120824.exe (Trojan.Crypt) -> No action taken.

C:\System Volume Information\_restore{B6A35EF1-34C3-49DD-8DB1-3F4333E713A6}\RP702\A0120910.exe (Trojan.Crypt) -> No action taken.

C:\System Volume Information\_restore{B6A35EF1-34C3-49DD-8DB1-3F4333E713A6}\RP702\A0120911.exe (Trojan.Crypt) -> No action taken.

C:\System Volume Information\_restore{B6A35EF1-34C3-49DD-8DB1-3F4333E713A6}\RP702\A0120921.dll (Rootkit.MBR) -> No action taken.

C:\System Volume Information\_restore{B6A35EF1-34C3-49DD-8DB1-3F4333E713A6}\RP702\A0121814.exe (Trojan.Crypt) -> No action taken.

C:\System Volume Information\_restore{B6A35EF1-34C3-49DD-8DB1-3F4333E713A6}\RP702\A0121815.exe (Trojan.Crypt) -> No action taken.

C:\System Volume Information\_restore{B6A35EF1-34C3-49DD-8DB1-3F4333E713A6}\RP702\A0121901.exe (Trojan.Crypt) -> No action taken.

C:\System Volume Information\_restore{B6A35EF1-34C3-49DD-8DB1-3F4333E713A6}\RP702\A0121902.exe (Trojan.Crypt) -> No action taken.

C:\System Volume Information\_restore{B6A35EF1-34C3-49DD-8DB1-3F4333E713A6}\RP702\A0121912.dll (Rootkit.MBR) -> No action taken.

C:\System Volume Information\_restore{B6A35EF1-34C3-49DD-8DB1-3F4333E713A6}\RP703\A0124011.exe (Trojan.Crypt) -> No action taken.

C:\System Volume Information\_restore{B6A35EF1-34C3-49DD-8DB1-3F4333E713A6}\RP703\A0124109.dll (Rootkit.MBR) -> No action taken.

C:\System Volume Information\_restore{B6A35EF1-34C3-49DD-8DB1-3F4333E713A6}\RP703\A0124012.exe (Trojan.Crypt) -> No action taken.

C:\System Volume Information\_restore{B6A35EF1-34C3-49DD-8DB1-3F4333E713A6}\RP703\A0124098.exe (Trojan.Crypt) -> No action taken.

C:\System Volume Information\_restore{B6A35EF1-34C3-49DD-8DB1-3F4333E713A6}\RP703\A0124099.exe (Trojan.Crypt) -> No action taken.

C:\System Volume Information\_restore{B6A35EF1-34C3-49DD-8DB1-3F4333E713A6}\RP703\A0125014.exe (Trojan.Crypt) -> No action taken.

C:\System Volume Information\_restore{B6A35EF1-34C3-49DD-8DB1-3F4333E713A6}\RP703\A0125015.exe (Trojan.Crypt) -> No action taken.

C:\System Volume Information\_restore{B6A35EF1-34C3-49DD-8DB1-3F4333E713A6}\RP703\A0125112.dll (Rootkit.MBR) -> No action taken.

C:\System Volume Information\_restore{B6A35EF1-34C3-49DD-8DB1-3F4333E713A6}\RP703\A0125101.exe (Trojan.Crypt) -> No action taken.

C:\System Volume Information\_restore{B6A35EF1-34C3-49DD-8DB1-3F4333E713A6}\RP703\A0125102.exe (Trojan.Crypt) -> No action taken.

C:\System Volume Information\_restore{B6A35EF1-34C3-49DD-8DB1-3F4333E713A6}\RP703\A0126007.exe (Trojan.Crypt) -> No action taken.

C:\System Volume Information\_restore{B6A35EF1-34C3-49DD-8DB1-3F4333E713A6}\RP703\A0126008.exe (Trojan.Crypt) -> No action taken.

C:\System Volume Information\_restore{B6A35EF1-34C3-49DD-8DB1-3F4333E713A6}\RP703\A0126094.exe (Trojan.Crypt) -> No action taken.

C:\System Volume Information\_restore{B6A35EF1-34C3-49DD-8DB1-3F4333E713A6}\RP703\A0126095.exe (Trojan.Crypt) -> No action taken.

C:\System Volume Information\_restore{B6A35EF1-34C3-49DD-8DB1-3F4333E713A6}\RP703\A0126105.dll (Rootkit.MBR) -> No action taken.

C:\System Volume Information\_restore{B6A35EF1-34C3-49DD-8DB1-3F4333E713A6}\RP704\A0128807.exe (Trojan.Crypt) -> No action taken.

C:\System Volume Information\_restore{B6A35EF1-34C3-49DD-8DB1-3F4333E713A6}\RP704\A0128808.exe (Trojan.Crypt) -> No action taken.

C:\System Volume Information\_restore{B6A35EF1-34C3-49DD-8DB1-3F4333E713A6}\RP704\A0128894.exe (Trojan.Crypt) -> No action taken.

C:\System Volume Information\_restore{B6A35EF1-34C3-49DD-8DB1-3F4333E713A6}\RP704\A0128895.exe (Trojan.Crypt) -> No action taken.

C:\System Volume Information\_restore{B6A35EF1-34C3-49DD-8DB1-3F4333E713A6}\RP704\A0130812.exe (Trojan.Crypt) -> No action taken.

C:\System Volume Information\_restore{B6A35EF1-34C3-49DD-8DB1-3F4333E713A6}\RP704\A0130813.exe (Trojan.Crypt) -> No action taken.

C:\System Volume Information\_restore{B6A35EF1-34C3-49DD-8DB1-3F4333E713A6}\RP704\A0130900.exe (Trojan.Crypt) -> No action taken.

C:\System Volume Information\_restore{B6A35EF1-34C3-49DD-8DB1-3F4333E713A6}\RP704\A0130899.exe (Trojan.Crypt) -> No action taken.

C:\System Volume Information\_restore{B6A35EF1-34C3-49DD-8DB1-3F4333E713A6}\RP704\A0131839.exe (Trojan.Crypt) -> No action taken.

C:\System Volume Information\_restore{B6A35EF1-34C3-49DD-8DB1-3F4333E713A6}\RP704\A0131840.exe (Trojan.Crypt) -> No action taken.

C:\System Volume Information\_restore{B6A35EF1-34C3-49DD-8DB1-3F4333E713A6}\RP704\A0131926.exe (Trojan.Crypt) -> No action taken.

C:\System Volume Information\_restore{B6A35EF1-34C3-49DD-8DB1-3F4333E713A6}\RP704\A0131927.exe (Trojan.Crypt) -> No action taken.

[miekiemoes]

Hi,

To deal with this easily, Flush your system restore points:

To do this, you have to disable systemrestore and enable it afterwards again.

(note: this will delete all your system restore points and malware that were present in it).

How to disable system restore in XP <= click me for instructions with screenshots

After you disabled System Restore.... Reboot.. and after rebooting, enable it again, so a new systemrestorepoint will be made. A clean one now!

Then rescan again with Malwarebytes.

[miekiemoes]

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!