Jump to content

Recommended Posts

I have tried everything. To start, when I click on the Malwarebytes Icon I get the can't find mbam.exe file, click to browse. I have tried uninstalling and reinstalling, reinstalling with a changed name, burning it onto a disk from my work computer and transfering to my home pc. Nothing is working. When I don't load it seems that my compter is hiding the mbam-setup.exe file because it is not in the program files/malwarebytes folder. I tried follow the advice in a number oother post that seem to have the same problem and nothing still. If anyone has any ideas I would love to hear them? When I download and run, it goes through the motions and I would get the error code 2 message. It is not giving me that anymore but when I click finish nothing happens. I think that is it. My computer still works but I do get a few pop ups here and there. This program has been great if I can just get pst what will not let it run. Thanks, Matt

Link to post
Share on other sites

  • Staff

Hi,

Please try this version of malwarebytes: Click the link here

Save it on your desktop. You'll see it will have a random name, and will look similar like this: mbamrandom.jpg

Doubleclick on it, so it will extract the files and will start Malwarebytes automatically.

In case the installer (random named file) won't run either, rename it to EXPLORER.EXE and try again.

When Malwarebytes opens, click the "Update" tab FIRST and select to check for updates in order to get the latest updates.

In case Malwarebytes doesn't open, search for the folder mbam-installer on your desktop, open it and doubleclick the file winlogon.exe which will be present in there. This should launch Malwarebytes.

Then perform a scan and let it remove what it found. Reboot afterwards (important).

After reboot, post the malwarebytes log together with a new HijackThislog.

In case you're having problems with above instructions, let me know.

Link to post
Share on other sites

Thanks so much for the help. I will give this a try when I get home tonight.

Hi,

Please try this version of malwarebytes: Click the link here

Save it on your desktop. You'll see it will have a random name, and will look similar like this: mbamrandom.jpg

Doubleclick on it, so it will extract the files and will start Malwarebytes automatically.

In case the installer (random named file) won't run either, rename it to EXPLORER.EXE and try again.

When Malwarebytes opens, click the "Update" tab FIRST and select to check for updates in order to get the latest updates.

In case Malwarebytes doesn't open, search for the folder mbam-installer on your desktop, open it and doubleclick the file winlogon.exe which will be present in there. This should launch Malwarebytes.

Then perform a scan and let it remove what it found. Reboot afterwards (important).

After reboot, post the malwarebytes log together with a new HijackThislog.

In case you're having problems with above instructions, let me know.

Link to post
Share on other sites

I have similar problem.

I get this error code: 730 (0,0) when I run the malwarebytes in C drive of my computer.

I recently had "security tool virus" which I partially removed using malwarebytes with other partition (D drive )of the same computer. But it seems it did not remove it completely and when I run the malwarebytes in C drive it shows the scan screen for a second and just disappear. It also does not update the malwarebytes.

Thank you for any help. Really appreciate it.

Link to post
Share on other sites

That worked, I was able to run Malwarebytes and perform a full scan. Here are the logs. Thanks for the help.

Malwarebytes' Anti-Malware 1.44

Database version: 3582

Windows 5.1.2600 Service Pack 2

Internet Explorer 8.0.6001.18241

1/17/2010 9:58:39 AM

mbam-log-2010-01-17 (09-58-39).txt

Scan type: Full Scan (C:\|D:\|)

Objects scanned: 232372

Time elapsed: 1 hour(s), 8 minute(s), 2 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 3

Registry Keys Infected: 3

Registry Values Infected: 4

Registry Data Items Infected: 6

Folders Infected: 0

Files Infected: 65

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

C:\WINDOWS\system32\gedelewi.dll (Trojan.Vundo.H) -> Delete on reboot.

C:\WINDOWS\system32\nuyefehi.dll (Trojan.Vundo.H) -> Delete on reboot.

c:\WINDOWS\system32\yolopusu.dll (Trojan.Vundo.H) -> Delete on reboot.

Registry Keys Infected:

HKEY_CLASSES_ROOT\CLSID\{a7a31d13-48e0-400a-a992-e73fb3e3d989} (Trojan.Vundo.H) -> Delete on reboot.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{afd4ad01-58c1-47db-a404-fbe00a6c5486} (Trojan.BHO) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\net (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Values Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\fefidivar (Trojan.Vundo.H) -> Delete on reboot.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{a7a31d13-48e0-400a-a992-e73fb3e3d989} (Trojan.Vundo.H) -> Delete on reboot.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\dozebezaf (Trojan.Vundo.H) -> Delete on reboot.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\net (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Data Items Infected:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: gedelewi.dll -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: c:\windows\system32\yolopusu.dll -> Delete on reboot.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: system32\yolopusu.dll -> Delete on reboot.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:

(No malicious items detected)

Files Infected:

C:\WINDOWS\system32\bobaguge.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\disanaba.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\fakugupu.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\fegigewi.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\fovidogo.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\gagepebi.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\gayuhiyu.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\gedelewi.dll (Trojan.Vundo.H) -> Delete on reboot.

C:\WINDOWS\system32\geyedeza.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\gurekiwo.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\gutufugi.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\jazijase.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\jekofozu.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\jigofazu.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\jimihuju.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\jopisado.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\joruzobe.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\kegawapi.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\kihinuga.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\mefihuda.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\melidawa.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\nefilepu.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\nubitusu.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\nukutowe.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\nuyefehi.dll (Trojan.Vundo.H) -> Delete on reboot.

C:\WINDOWS\system32\palipajo.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\pugayusu.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\puyeviyi.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\puzufewa.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\reditika.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\rojibafe.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\rusavewo.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\sasipura.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\siyefade.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\suhokita.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\tehasebi.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\tezuvawu.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\tikiyabu.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\tovohuso.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\vadotali.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\wamejawe.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\wiwopazi.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\wokisemi.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\wuboyiki.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\yinesuyi.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\yojinafi.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\yolopusu.dll (Trojan.Vundo.H) -> Delete on reboot.

C:\WINDOWS\system32\zadimeve.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\zalahobe.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\zubevije.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{6D05FAB2-7A62-4A96-A638-2F0B6A273527}\RP884\A0067836.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{6D05FAB2-7A62-4A96-A638-2F0B6A273527}\RP884\A0067837.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{6D05FAB2-7A62-4A96-A638-2F0B6A273527}\RP884\A0067838.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{6D05FAB2-7A62-4A96-A638-2F0B6A273527}\RP885\A0067840.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{6D05FAB2-7A62-4A96-A638-2F0B6A273527}\RP885\A0068580.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{6D05FAB2-7A62-4A96-A638-2F0B6A273527}\RP886\A0068596.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{6D05FAB2-7A62-4A96-A638-2F0B6A273527}\RP889\A0069666.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{6D05FAB2-7A62-4A96-A638-2F0B6A273527}\RP889\A0069667.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{6D05FAB2-7A62-4A96-A638-2F0B6A273527}\RP889\A0069668.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{6D05FAB2-7A62-4A96-A638-2F0B6A273527}\RP889\A0069669.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{6D05FAB2-7A62-4A96-A638-2F0B6A273527}\RP890\A0069688.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{6D05FAB2-7A62-4A96-A638-2F0B6A273527}\RP891\A0069726.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{6D05FAB2-7A62-4A96-A638-2F0B6A273527}\RP896\A0070948.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\Program Files\Common\helper.sig (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\net.net (Trojan.Agent) -> Quarantined and deleted successfully.

Link to post
Share on other sites

I'm having similar problems.

My machine has been infected with the Windows Security Center malware, and I'm unable to launch my currently installed version of MBAM. Same for my Mcafee security software and for System Restore (tried all in normal mode, safe mode, and via command line interface)...in all cases, no response.

I've also tried renaming the MBAM exe file...same result.

I saw this string in the forum, and downloaded the random name version...got it on the desktop, but can't open it. I get the 730 (0, 0) code when I try to open it (via the random name exe, after renaming it, and via the winlogon exe file in the installer folder).

I thought that it might help to uninstall my current version of MBAM, but uninstall tool does not work (it shows as an active task in Task Manager, but nothing happens and there is no activity in the progress bar.

Any help or suggestions would be very much appreciated.

Link to post
Share on other sites

UPDATE:

I was finally able to get my current version of MBAM uninstalled. After doing so, I was able to run the random-name version...however, the PC keeps locking up before I'm able to complete a full scan. NOTE - locking up after 10-20 minutes of use is another of the symptoms since this machine got infected.

I then ran a quick scan and was able to complete it...found five infected objects, removed them and restarted. Re-opened random name version of MBAM and just started a full scan. Hopefully, the machine will be able to get through it now that I got rid of the infected files found in the quick scan.

I will update as soon as the full scan completes (or freezes).

Link to post
Share on other sites

  • Staff

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.