Malware Defense Problem

[rlazelle]

I have been trying to remove Malware Defense from my daughters Vista PC gateway laptop.

She apparently clicked on a message telling her that her PC was infected and offering to clean it up.

(1) When booted in normal windows mode it comes up with a black screen showing only a cursor arrow.

(2) When booted in safe mode the browsers (both IE and Firefox) look normal but say that helpful sites are out of service, preventing downloads of removal software or instructions.

(3) in safe mode I have removed the program directory for Maleware Defense and references to it in the startup and got the PC to boot normally but it comes back on the next boot.

(4) I also have used regedit to look for registery entries that were mentioned by "how to remove" instructions that I found by searching on "remove malware defense"

(5) I have downloaded the free removal tool from this site in the hope that it may help.

Any advice would be greatly appriciated.

[screen317]

Hi and welcome to Malwarebytes.

Please update MBAM, run a Quick Scan, and post its log.

Next, download DDS by sUBs and save it to your Desktop.

Double-click on the DDS icon and let the scan run. When it has run two logs will be produced, please post the one that is not minimized.

[rlazelle]

Hi and welcome to Malwarebytes.

Please update MBAM, run a Quick Scan, and post its log.

Next, download DDS by sUBs and save it to your Desktop.

Double-click on the DDS icon and let the scan run. When it has run two logs will be produced, please post the one that is not minimized.

=========

Thanks for the quick response.

I was about to reinstall vista, except at the key had worn off the sticker on the bottom of the laptop... nice design there gateway...

I have tried to install mbam but the drated mallware won't allow it to be installed.... I downloaded it on my desktop XP pc and installed it there, so I know that the copy is good.

When I click on the install nothing happens... also tried running it from a dos window with the same result....

Here is the DDS log.

====================================================

DS (Ver_09-12-01.01) - NTFSx86 NETWORK

Run by tori at 19:11:50.06 on Sat 01/23/2010

Internet Explorer: 7.0.6002.18005

Microsoft

[rlazelle]

Over the weekend, I reinstalled firefox, removed the Malware Defense directory and ran rkill.

I can now get to the Malwarebytes web site and was able to download mbam and install it by running the install from the firefox download screen.

I am still blocked from viewing some directories and blocked from running mbam and my AV program.

I tried running mbam from a dos window and got the same non-run

Any advice on how to (1) unblock the directories and also (2) kill what ever is stopping me from running programs.

[rlazelle]

Looks part of my problem is lack of systematic research...

I just ran across the "Procedures to help resolve issues preventing MBAM from running"

duhhh. Tonight I will be following instructions and procedures.

[rlazelle]

Thanks for the great instructions and procedures. They worked and I was able to (1) run MBAM. (2) I then updated MBAM and (3) ran again, this time picking up two infections which were removed. After (4) a reboot the same two infections appeared again. (5) I then copied an updated copy to a USB on a different PC and (6) ran it on the problem Vista box (7)renaming MBAM. That seemed to do the trick. I have been using Windows Security Essentials (blocked prior to running MBAM) so I (7) updated it and (8) ran a scan which picked up yet another problem.

I need advice on building a bootable USB drive and a bootable CD to give to my daughter when she leaves town.

The idea is that when (not if) a new problem occurs, she could pop the bootable disk/USB drive in and run MBAM without going through involved debugging with me. ubcd4win was mentioned (http://www.ubcd4win.com/) in another post as a possibility to use to build a bootable CD for windows to use with MBAM. Advice ???

[screen317]

Unfortunately at this point plans are still in very early development for adding MBAM to a boot CD. The technology it uses just wouldn't work from a boot CD (currently). Our developers have said they may work on this, but that is not guaranteed and there is no ETA on that.

The paid version of MBAM offers resident protection that will protect the computer before it gets infected.

Are you currently experiencing any other issues?

[rlazelle]

Are you currently experiencing any other issues?

[/quote

I normally run XP-Pro, so I am not familiar enough with Vista to know right away what is an issue. However there is a suspicious icon on tool bar that displays a long list of programs that Vista prevented from running. I plan on googling them one by one to see if they are potential problems. Any advice on the list or how to decipher it??? My current plan is to get the paid version of MBAM and install it on the Vista machine as the AV.

[rlazelle]

I just looked at another posted problem, which had a warning, about compromising online banking passwords. This got my attention right away! So, if the latest MBAM runs and gives the Vista box good result, is my daughter safe to use online banking on her Vista PC?? If not how would I go about getting to a reasonable level of confidence so she can use online banking.

[screen317]

Are you currently experiencing any other issues?

[/quote

I normally run XP-Pro, so I am not familiar enough with Vista to know right away what is an issue. However there is a suspicious icon on tool bar that displays a long list of programs that Vista prevented from running. I plan on googling them one by one to see if they are potential problems. Any advice on the list or how to decipher it??? My current plan is to get the paid version of MBAM and install it on the Vista machine as the AV.

Can you take a screenshot of that please?

Run MBAM on the Vista computer and we will take it from there. I can't say anything about its safety before I see some logs.

[rlazelle]

I am running an MBAM full scan and should have it in an hour or so. The list of programs which are prevented from running comes from MS User Account Control.

I put the screen shots in a MS Word 2003/2007 file which I was not allowed to upload to this message board...<dang>. Any advice on what format and how to upload screen shots ??

[rlazelle]

Here is the MBAM log:

================================

Malwarebytes' Anti-Malware 1.44

Database version: 3662

Windows 6.0.6002 Service Pack 2

Internet Explorer 7.0.6002.18005

1/30/2010 12:16:04 PM

mbam-log-2010-01-30 (12-16-04).txt

Scan type: Full Scan (C:\|E:\|)

Objects scanned: 279122

Time elapsed: 1 hour(s), 38 minute(s), 50 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

================================

[screen317]

Zip up the pictures and you should be able to attach them.

[screen317]

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!