Laptop infected, installed Malwarebytes in safe mode but...

[brduran]

I got a toshiba laptop that is infected. I managed to install Malwarebytes in "safe mode with networking" but when I go to update the database it gives an error (Error 732)

Is there a way of downloading the updates separetely?

[yardbird]

Welcome to Malwarebytes!

Please do the following to see if it corrects the updating problem:

Step 1: Verify Internet Connectivity of Internet Explorer:

• Click on Start and select Run
  
• In the Run box copy and paste the text in the following code box exactly as written and press Enter or click on OK:

  REG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings" /v GlobalUserOffline /t REG_DWORD /d 0 /f

  
  

• Try updating again and if it does not work then please proceed to Step 2
  

Step 2: Exclude Malwarebytes' Anti-Malware's Files and Folders From Other Active Security Programs:

For Windows XP:

• C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
  
• C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
  
• C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
  
• C:\Program Files\Malwarebytes' Anti-Malware\zlib.dll
  
• C:\Program Files\Malwarebytes' Anti-Malware\mbam.dll
  
• C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll
  
• C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware\rules.ref
  
• C:\Windows\System32\drivers\mbam.sys
  
• C:\Windows\System32\drivers\mbamswissarmy.sys
  

For Windows Vista or Windows 7:

• C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
  
• C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
  
• C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
  
• C:\Program Files\Malwarebytes' Anti-Malware\zlib.dll
  
• C:\Program Files\Malwarebytes' Anti-Malware\mbam.dll
  
• C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll
  
• C:\ProgramData\Malwarebytes' Anti-Malware\rules.ref
  
• C:\Windows\System32\drivers\mbam.sys
  
• C:\Windows\System32\drivers\mbamswissarmy.sys
  

For 64 bit versions of Windows Vista or Windows 7:

• C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
  
• C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
  
• C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
  
• C:\Program Files (x86)\Malwarebytes' Anti-Malware\zlib.dll
  
• C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.dll
  
• C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamext.dll
  
• C:\ProgramData\Malwarebytes' Anti-Malware\rules.ref
  
• C:\Windows\System32\drivers\mbam.sys
  
• C:\Windows\SysWoW64\drivers\mbamswissarmy.sys
  

Note: If using a software firewall besides the built in Windows Firewall you'll need to exclude them from it as well

The FAQ contains examples of setting file exclusions for some known AV products.

Now try updating Malwarebytes' Anti-Malware once more and if it does not work then please proceed to Step 3

Step 3: Verify Your Internet Connection Settings:

• Open Internet Explorer
  
  • Note: It MUST be Internet Explorer, not Firefox, Opera, Chrome or any other internet browser
    

  [*]Click on Tools at the top and select Internet Options

  • Note: If you do not see Tools, press the Alt key on your keyboard and it will show up
    

  [*]Click on the Connections tab

  [*]Click on the LAN settings button

  [*]Under Automatic configuration make sure that the box next to Automatically detect settings is checked, if it is not, then click the box next to it to check it

  [*]Under Proxy server make sure that the box next to Use a proxy server for your LAN (These settings will not apply to dial-up or VPN connections) is not checked and if it is, click the box next to it to uncheck it

  [*]Click on the OK button to close the Local Area Network (LAN) Settings window

  [*]Click on the OK button to close the Internet Options window

  [*]Try updating Malwarebytes' Anti-Malware again to see if it now works correctly

Please let us know how it goes.

Thanks

[brduran]

Thanks a lot, I took the hard drive out of the laptop and I'm scanning it in another computer. Once finished I put it back in the laptop and do as you mentioned.

I noticed that the error message starts with Error 732.. but I didn't write down the rest. Any other thoughts appreciated.

[yardbird]

Post no. # 2 above is for a 732 error code... If you still have an issue or its fixed? Please let us know? So we can advise on further action... regards..

[yardbird]

If you have a Toshiba laptop that is infected: follow these steps:

We can't give you on-on-one help here in -this- sub forum

Please print out, read and follow the directions here, skipping any steps you are unable to complete. Then post a NEW topic here.

One of the expert helpers there will give you one-on-one assistance when one becomes available.

After posting your new post make sure under options that you select Track this topic and choose one of the Email options so that you're alerted when someone has replied to your post.

Please post there Gmer.txt log

the DDS logs

any questions please post back here.. regards.

[brduran]

The other computer found 2 malware and got rid of them..

Documents and Settings\name\Local Settings\Application Data\ccqtrb\bwawsftav.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Documents and Settings\name\Local Settings\Application Data\vgyjdi\bpftsftav.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

In Windows Normal Mode they were stoping all .exe from running. These two also set Internet Explorer to run thru a fake proxy server. I changed the LAN settings to Automatically detect settings and that worked.

Now Malwarebytes updates and is running for the first time (updated) on the laptop. It found 2 more,

HKEY_LOCAL_MACHINE\SOFTWARE\avsoft (Trojan.Fraudpack) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\Software\avsoft (Trojan.Fraudpack) -> Quarantined and deleted successfully.

I think this pretty much is solved. Thank you for the quick response.

[yardbird]

Your Welcome! Post back if we can do anything else for you? regards..