Jump to content

Mbam scan and XP corrupted files

SleetOH
 Share

Recommended Posts

SleetOH

SleetOH

Posted
Posted

I downloaded, installed and updated mbam on home system infected with generic.dx!mez trojan as reported by McAfee Security Center. McAfee was finding and cleaning this trojan about every 2-5 minutes, but trojan would be found again in another folder. McAfee had latest DAT (5878?) and updated engine (it wouldn't auto-update to their latest). Thought I would try mbam to resolve. Disabled McAfee for install, started long scan, detected 17 issues within 10 minutes. At around 55 minutes, XP Pro SP3 with latest auto-updates gave me a blue screen with info related to auto shut down to protect system. Scan did not complete.

Rebooted, either XP (or System Mechanic 9) started correcting MANY corrupted or missing files during windows start-up. At login, McAfee reported a trojan and recommended restart and scan. Restarted, but elected to try another scan with mbam, but had McAfee running in background this time in case trojan was active (thinking it caused previous crash?). Started quick scan, found 10 issues in about 8 minutes, then same crash at about 35 minutes. On reboot, right after BIOS scripts, got a notice windows can't start, missing or corrupt <Windows root>\system32\ntoskrnl.exe, please reinstall file. I doubt this is the only corrupt file!

So, did running scan activate something in generic.dx!mez to start attacking root directory?

Is there some conflict with mbam and McAfee or Windows that would cause root directory corruption?

Something else? No other infections were reported.

Course of action now? Try to repair/reinstall XP?

Note: Infection likely occured after receiving "UPS can't deliver" email Thursday (I was expecting a delivery!). Isolated zipped file, ran virus scan, nothing detected. Clicked on .exe (yes, stupid), McAfee reported registry changes, which I blocked. Sent email to Avert, who notified me of this new trojan detection (un-named), they sent extra.dat but no instructions on how to load with newer engine that wouldn't load either. The repeated trojan "finds" started about 3 days later according to scan logs (1230 Sunday).

Link to post
Share on other sites
noknojon

noknojon

Posted
Posted

Welcome SleetOH -

Now that you have found these problems please only run Quick Scans - A Full Scan is not often required - When any infection is found at the end of the Quick scan click on remove or quarantine - Then you must reboot to ensure that you have removed the item - This will also produce a log of the scan - Do not delete the log as it is just a history item and will not contain any infections - This will be needed if you continue to have problems -

If you still have infection problems please follow the instructions below and we can remove them (for free) if you wish -

We don't work on Malware removal or diagnostics in the general forums.

Please print out, read and follow the directions here, skipping any steps you are unable to complete. Then post a NEW topic here.

One of the expert helpers there will give you one-on-one assistance when one becomes available.

After posting your new post make sure under options that you select Track this topic and choose one of the Email options so that you're alerted when someone has replied to your post - Please note that the area is very busy and it may be a few days until your case is handled -

Thank You - :)

Link to post
Share on other sites
Firefox

Firefox

Posted
Posted

there are some compatibility issues with system lockups with some versions of McAfee. Just make sure you add exceptions for the following files in your Mcafee program as listed below:

Please exclude the following files from your antivirus:

Note: If using a software firewall besides the built in Windows Firewall you'll need to exclude them from it as well

For Windows XP:

  • C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
  • C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
  • C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
  • C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\rules.ref
  • C:\Windows\System32\drivers\mbam.sys
  • C:\Windows\System32\drivers\mbamswissarmy.sys

For 32 bit versions Windows Vista or Windows 7:

  • C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
  • C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
  • C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
  • C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\rules.ref
  • C:\Windows\System32\drivers\mbam.sys
  • C:\Windows\System32\drivers\mbamswissarmy.sys

For 64 bit versions of Windows Vista or Windows 7:

  • C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
  • C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
  • C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
  • C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\rules.ref
  • C:\Windows\System32\drivers\mbam.sys
  • C:\Windows\SysWoW64\drivers\mbamswissarmy.sys

Please post back and let us know how it went.

Link to post
Share on other sites
SleetOH

SleetOH

Posted
  • Author
Posted

Thanks for replys - :)

A few points though -

1. Neither mbam 

scan finished, so couldn't take corrective action. 
2.  Now can't start windows (note: now on startup, right after BIOS scripts, get a notice windows can't start, missing or corrupt <Windows root>\system32\ntoskrnl.exe, please reinstall file.)
3.  Can't start Windows in safe mode.
4.  Can't start Windows using original XP installation disk (CD selected in BIOS as boot before HD).
5.  System Mechanic recovery disk app says root and partition files are OK.
I can select F8 at end of BIOS load to get Windows startup options (safe, safe w/network, etc.).
So can't follow your recommendations.
Any suggestions to work recovery through DOS prompt?


			
		


		

		
	


	

	

		
Link to post

		
			
		
		
		

		
			
Share on other sites

			

	


	

	

		
	




	



					
					
					
				

					

					
					






	

	

	

		

			

				


	
		Firefox
	

				
				
				
				
			

		

		

			

				


Firefox
			

			

				Posted 
				
			

		

	

	
	

		




	

		

			

				
    
					
					
					
					
					
				

			

			
		


		

			Posted  
			
			
				
				
			
		

	


	


	

		
		

			
I am afraid that your only course of action now is to seek help from the experts.  They can help you get your computer back up and running.  Please follow the below instructions and post in the appropriate section as stated.
We don't work on Malware removal in the general forums. 
Please print out, read and follow the directions here, skipping any steps you are unable to complete.  Then post a NEW topic here. 
One of the expert helpers there will give you one-on-one assistance when one becomes available.
After posting your new post make sure under options that you select Track this topic and choose one of the Email options so that you're alerted when someone has replied to your post.
Alternatively, as a paying customer, you can contact the help desk at support@malwarebytes.org


			
		


		

		
			

		
	


	

	

		
Link to post

		
			
		
		
		

		
			
Share on other sites

			

	


	

	

		
	




	



					
					
					
				

					

					
					






	

	

	

		

			

				


	
		SleetOH
	

				
				
			

		

		

			

				


SleetOH
			

			

				Posted 
				
			

		

	

	
	

		




	

		

			

				
    
					
						
  • Author
    • 
					
					
					
					
					
				

			

			
		


		

			Posted  
			
			
				
				
			
		

	


	


	

		
		

			
Thanks Firefox - will elevate to next level. :)
When/if system comes up, I'll incorporate your exceptions into McAfee.
Can understand mbam & system lockups due to incompatibilities or attempted repairs, but not this apparent level of system-level file corruption during a scan.  Unless this trojan is more virulent than what threat sites are reporting (low)! :)
Live and learn - will post back. :)


			
		


		

		
	


	

	

		
Link to post

		
			
		
		
		

		
			
Share on other sites

			

	


	

	

		
	




	



					
					
					
				
			
			



		

	


	
	
	
	
	
		
	

			
				
				



	
	
		

			
				
Create an account or sign in to comment

				
You need to be a member in order to leave a comment

			
	
			

				

					

						
Create an account

						
Sign up for a new account in our community. It's easy!

						
							
						
						Register a new account
					

					

						
Sign in

						
Already have an account? Sign in here.

						Sign In Now
					

				

			

		

	



			
		

	

	
		

			

				
					


    
          Share
    

    

        
        
            

            
        
    


				
				
					

				
                

                


				
			

		

	







	

		
			
				Go to topic listing
			
		
	

	




						


	

		
    
			
				
					
					
  • 

    
    
    
        
            Recently Browsing
        
        
          0 members
        
    
    
    
    
        
      
            
                
    • No registered users viewing this page.
      • 
            
        
    
        
    
    

    • 
				
			
		

	


					

					


					

				

			

			
		

		
         
 Back to top

      			
			


	

		×
		

			
				

					
				

			

			

			

			
		

	






	

		×
		

			
    
				
  • Create New...
    • 
				
			

		

	



			






















	

		

			
Important Information

			
This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.