Jump to content

Can't Install Malwarebytes!


Recommended Posts

Below is the log. Although I run the program as administrator at various points during the process Access Denied errors popped up telling me to run as administrator. Perhaps this is part of the problem I'm experiencing?

ComboFix 10-03-19.04 - Administrator 19/03/2010 21:23:02.1.2 - x86

Microsoft

Link to post
Share on other sites

  • Root Admin

This is not the first time you've ran Combofix. It shows that its now the 4th time it has been run on this system. Do you have the original log that was created?

STEP 01

Please download and run the following fix from Microsoft How do I restore security settings to the default settings?

When completed please reboot your computer and run the following.

STEP 02

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update.

  • Download the latest version of Java Runtime Environment (JRE) 18 and save it to your desktop.
  • Scroll down to where it says JDK 6 Update 18 (JDK or JRE)
  • Click the Download JRE button to the right
  • Select the Windows platform from the dropdown menu.
  • Read the License Agreement and then check the box that says: "I agree to the Java SE Runtime Environment 6u18 with JavaFX 1 License Agreement". Click on Continue.The page will refresh.
  • Click on the link to download Windows Offline Installation and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel, double-click on Add or Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE or Java™ 6) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u18-windows-i586.exe to install the newest version.

  • After the install is complete, go into the Control Panel (using Classic View) and double-click the Java Icon. (looks like a coffee cup)
    • On the General tab, under Temporary Internet Files, click the Settings button.
    • Next, click on the Delete Files button
    • There are two options in the window to clear the cache - Leave BOTH Checked
        Applications and Applets
        Trace and Log Files

      [*]Click OK on Delete Temporary Files Window

      Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.

      [*]Click OK to leave the Temporary Files Window

      [*]Click OK to leave the Java Control Panel.

STEP 03

What we need to do now is run this online scan to search for any remnants. It can take several hours, so please be patient and allow it to run it's full course.

Establish an internet connection & perform an online scan with Firefox or Internet Explorer at Kaspersky Online Scanner

**Note**

To optimize scanning time and produce a more sensible report for review:

  • Close any open programs
  • Turn off the real time scanner of any existing antivirus program while performing the online scan.

Click Accept, when prompted to download and install the program files and database of malware definitions.

  • Click Run at the Security prompt.
  • The program will then begin downloading and installing and will also update the database.
  • Please be patient as this can take several minutes.
  • Once the update is complete, click on My Computer under the green Scan bar to the left to start the scan.
  • Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
  • Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
  • Click View scan report at the bottom.
  • Click the Save Report As... button.
  • Click the Save as Text button to save the file to your desktop so that you may post it in your next reply.

Link to post
Share on other sites

This is not the first time you've ran Combofix. It shows that its now the 4th time it has been run on this system. Do you have the original log that was created?

Sorry, had problems getting it to run because I of McAfee Anti virus starting up again before it finished and then it didn't produce the log. I've never run this program before on my computer. The forth time was the first time it completed the process and produced the log.

Off to bed now and working tomorrow day but will work through the steps tomorrow night.

Thanks for your assistance so far.

Link to post
Share on other sites

Sorry for the delay.

--------------------------------------------------------------------------------

KASPERSKY ONLINE SCANNER 7.0: scan report

Monday, March 22, 2010

Operating system: Microsoft Windows Vista Home Premium Edition, 32-bit Service Pack 2 (build 6002)

Kaspersky Online Scanner version: 7.0.26.13

Last database update: Monday, March 22, 2010 12:34:19

Records in database: 3846667

--------------------------------------------------------------------------------

Scan settings:

scan using the following database: extended

Scan archives: yes

Scan e-mail databases: yes

Scan area - My Computer:

C:\

D:\

E:\

G:\

H:\

I:\

J:\

L:\

Scan statistics:

Objects scanned: 229134

Threats found: 6

Infected objects found: 8

Suspicious objects found: 3

Scan duration: 03:31:28

File name / Threat / Threats count

C:\Users\Administrator\AppData\Local\Microsoft\Windows Defender\FileTracker\{376F8C81-802C-47A1-8007-CE55DB3375CC} Infected: Trojan.Win32.Qhost.mcf 1

C:\Users\Administrator\AppData\Local\Microsoft\Windows Defender\FileTracker\{42053623-4845-419F-9C6B-33DB91DE7AB3} Infected: Trojan.Win32.Qhost.mcf 1

C:\Users\Administrator\AppData\Local\Microsoft\Windows Defender\FileTracker\{8193A60E-25A8-4DAA-835F-CC9DA69B72D0} Infected: Trojan.Win32.Qhost.mcf 1

C:\Users\Administrator\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\62\2c0b83fe-77f02a09 Infected: Exploit.OSX.Smid.b 1

C:\Users\Administrator\Documents\LimeWire\Incomplete\T-3515163-snowed keanne - greatest hits.wma Infected: Trojan-Downloader.WMA.Wimad.n 1

C:\Users\Administrator\Documents\LimeWire\Incomplete\T-3545427-snowed keanne.mp3 Infected: Trojan-Downloader.WMA.GetCodec.u 1

C:\Users\Administrator\Documents\LimeWire\Incomplete\T-4390841-second function (hot new track).au Infected: Trojan-Downloader.WMA.GetCodec.u 1

C:\Users\Scott\AppData\Local\Microsoft\Mail\Local Folders (3)\Recovered M 29\10-08-2007 823\Local Folde 8be\Deleted Items\128950A9-2AD94D01.eml Suspicious: Trojan-Spy.HTML.Fraud.gen 1

C:\Users\Scott\AppData\Local\Microsoft\Mail\Local Folders (3)\Recovered M 29\10-08-2007 823\Local Folde 8be\Deleted Items\58C532E7-C7BA3379.eml Suspicious: Trojan-Spy.HTML.Fraud.gen 1

C:\Users\Scott\AppData\Local\Microsoft\Mail\Local Folders (3)\Recovered M 29\10-08-2007 823\Local Folde 8be\Deleted Items\5AF141BB-2C626580.eml Suspicious: Trojan-Spy.HTML.Fraud.gen 1

C:\Users\Scott\AppData\Local\Microsoft\Mail\Local Folders (3)\Recovered M 29\10-08-2007 823\Local Folde 8be\Deleted Items\604857D3-93D7DB1B.eml Infected: Trojan-Spy.HTML.Fraud.bj 1

Selected area has been scanned.

Link to post
Share on other sites

  • Root Admin

According to the KAV log it shows you did not properly update you Java which including removal of old cache. Make sure you clear out, delete that old Java cache as shown in that log. Also delete those folders shown in the first 3 lines.

You also should reconsider and stop using Limewire which can be an easy method of infection. Delete those listed files.

Please update MBAM and run a new quick scan and post back the log.

Link to post
Share on other sites

According to the KAV log it shows you did not properly update you Java which including removal of old cache. Make sure you clear out, delete that old Java cache as shown in that log. Also delete those folders shown in the first 3 lines.

You also should reconsider and stop using Limewire which can be an easy method of infection. Delete those listed files.

Please update MBAM and run a new quick scan and post back the log.

Hi,

I have followed the steps agian to delete the old Java cache.

I have deleted the three files.

I don't use Limewire any more. I have deleted the Limewire folder.

I still can't get MBAM to install.

What now?

Link to post
Share on other sites

  • Root Admin

Please write down all of your registration information for McAfee Anti-Virus so that you can re-install the product.

Then fully remove McAfee SecurityCenter and all options for McAfee from your system temporarily. You can re-install once we're done here.

You also show that you did not uninstall

Link to post
Share on other sites

My subscription to McAfee expiries in the next few days and I don't intend renewing it. What FREE firewall/antivirus would you recomend? Also I'm toying with the idea of doing a pc restore as all this trouble shooting is beginning to get very annoying. I do appreciate your help though.

I did uninstall utorrent but reinstalled it. Should I uninstall it again?

Link to post
Share on other sites

  • Root Admin

Let me check on this for you tomorrow. If I recall correctly you may have an old or missing file but I need to research and find that old post as I don't recall the name of the file. I can't promise but I seem to recall someone else a while back having a similar issue and it turned out he was missing this specific file. Once I find the post and confirm the name of the file I'll post and have you check it out to see if it's the same issue for you or not.

Thanks.

Link to post
Share on other sites

Perhaps the SubInACL tool can be used here as it seems to be a registry permissions error?

Can someone write a reset.cmd file?

Clutching at straws now. :rolleyes:

Ok I've fixed the problem and have successfully installed MBAM.

Here's the solution...

http://blogs.msdn.com/astebner/archive/200.../04/739820.aspx

...I hope this is of use to others.

Advanced Setup, thanks for all your time and assistance. Perhaps you can look into why this has worked. A lucky find on my part.

Link to post
Share on other sites

  • Root Admin

Well I have that fix, but that is what the Microsoft support fix I linked to above should have fixed on it's own already.

I wrote one myself a while ago but since Microsoft finally came out with their KB fix I assumed that would have corrected it, but if not then I suppose I'll have to continue to use my version in the future.

Sorry it took so long but glad you got it working. Please check for updates as we're now on version 1.45 and do a scan and make sure all comes back clean.

http://support.microsoft.com/kb/313222

Thanks.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.