Jump to content

Update 732.


Recommended Posts

Hello. i need help. my pc was infected by fake virus "xp security" i think i deleted it. but now i have same virus called "xp defender" everything is same as "xp security" and process in task manager ave.exe but name changed to "xp defender" i cant update any antivirus and malwarebytes. i think its cause Virus.

sadomg.png I tried everything to update this. i need help please :) :) :)

Link to post
Share on other sites

Hi -

This topic lists removal details for PC Defender (a similar infection) - Your screen seems to show the program has not been updated for some time - Try this first and then I will add more if you are not able to remove the infection -

Thank You - :)

EDIT - Try these steps next

Please do the following to see if it corrects it:

Step 1: Verify Internet Connectivity of Internet Explorer:

Backup the Registry:

Modifying the Registry can create unforeseen problems, so it always wise to create a backup before doing so.

  • Please download ERUNT from here
  • ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.
  • Double click on erunt-setup.exe to Install ERUNT by following the prompts.
  • Use the default install settings but say NO to the portion that asks you to add ERUNT to the Start-Up folder. You can enable this option later if you wish.
  • Start ERUNT either by double clicking on the desktop icon or choosing to start the program at the end of the setup process.
  • Choose a location for the backup.
    • Note: the default location is C:\Windows\ERDNT which is acceptable.

    [*]Make sure that at least the first two check boxes are selected.

    [*]Click on OK

    [*]Then click on YES to create the folder.

Note: if it is necessary to restore the registry, open the backup folder and start ERDNT.exe

Once you've done your backup, please do the following:

  • Click on Start and select Run
  • In the Run box copy and paste the text in the following code box exactly as written and press Enter or click on OK:
    REG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings" /v GlobalUserOffline /t REG_DWORD /d 0 /f


  • Try updating again and if it does not work then please proceed to Step 2

Step 2: Exclude Malwarebytes' Anti-Malware's Files and Folders From Other Active Security Programs:

For Windows XP:

  • C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
  • C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
  • C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
  • C:\Program Files\Malwarebytes' Anti-Malware\zlib.dll
  • C:\Program Files\Malwarebytes' Anti-Malware\mbam.dll
  • C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll
  • C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\rules.ref
  • C:\Windows\System32\drivers\mbam.sys
  • C:\Windows\System32\drivers\mbamswissarmy.sys

For Windows Vista or Windows 7:

  • C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
  • C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
  • C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
  • C:\Program Files\Malwarebytes' Anti-Malware\zlib.dll
  • C:\Program Files\Malwarebytes' Anti-Malware\mbam.dll
  • C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll
  • C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\rules.ref
  • C:\Windows\System32\drivers\mbam.sys
  • C:\Windows\System32\drivers\mbamswissarmy.sys

For 64 bit versions of Windows Vista or Windows 7:

  • C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
  • C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
  • C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
  • C:\Program Files (x86)\Malwarebytes' Anti-Malware\zlib.dll
  • C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.dll
  • C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamext.dll
  • C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\rules.ref
  • C:\Windows\System32\drivers\mbam.sys
  • C:\Windows\SysWoW64\drivers\mbamswissarmy.sys

Note: If using a software firewall besides the built in Windows Firewall you'll need to exclude them from it as well

This FAQ area contains examples of setting file exclusions for some known AV products.

Now try updating Malwarebytes' Anti-Malware once more and if it does not work then please proceed to Step 3

Step 3: Verify Your Internet Connection Settings:

  • Open Internet Explorer
    • Note: It MUST be Internet Explorer, not Firefox, Opera, Chrome or any other internet browser

    [*]Click on Tools at the top and select Internet Options

    • Note: If you do not see Tools, press the Alt key on your keyboard and it will show up

    [*]Click on the Connections tab

    [*]Click on the LAN settings button

    [*]Under Automatic configuration make sure that the box next to Automatically detect settings is checked, if it is not, then click the box next to it to check it

    [*]Under Proxy server make sure that the box next to Use a proxy server for your LAN (These settings will not apply to dial-up or VPN connections). is not checked and if it is, click the box next to it to uncheck it

    [*]Click on the OK button to close the Local Area Network (LAN) Settings window

    [*]Click on the OK button to close the Internet Options window

    [*]Try updating Malwarebytes' Anti-Malware again to see if it now works correctly

-THIS will show you the last steps -

Link to post
Share on other sites

Registry Keys Infected:

HKEY_CLASSES_ROOT\potdll.potgo (Trojan.Agent) -> No action taken.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\uvkftj (Worm.Downadup) -> No action taken.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wgrhvkvs (Rootkit.Agent) -> No action taken.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\cdrom (Trojan.Patched) -> No action taken.

Registry Values Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\regedit32 (Trojan.Agent) -> No action taken.

Registry Data Items Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\CheckedValue (Hijack.System.Hidden) -> Bad: (0) Good: (1) -> No action taken.

Folders Infected:

(No malicious items detected)

Files Infected:

C:\WINDOWS\system32\kotvm.dll (Worm.Downadup) -> No action taken.

C:\WINDOWS\system32\xdva279.sys (Rootkit.Agent) -> No action taken.

C:\WINDOWS\system32\drivers\OLD32.tmp (Rootkit.Agent) -> No action taken.

C:\WINDOWS\system32\drivers\hpzid412.sys (Rootkit.Agent) -> No action taken.

C:\WINDOWS\system32\drivers\hpzipr12.sys (Rootkit.Agent) -> No action taken.

C:\WINDOWS\system32\drivers\hpzius12.sys (Rootkit.Agent) -> No action taken.

C:\WINDOWS\system32\drivers\lhldtswn.sys (Rootkit.Agent) -> No action taken.

C:\WINDOWS\system32\drivers\dtofb.sys (Rootkit.Agent) -> No action taken.

C:\WINDOWS\system32\drivers\WDICA.sys (Rootkit.Agent) -> No action taken.

C:\WINDOWS\system32\dllcache\cdrom.sys (Trojan.Patched) -> No action taken.

C:\WINDOWS\system32\drivers\cdrom.sys (Trojan.Patched) -> No action taken.

C:\Documents and Settings\LocalService\oashdihasidhasuidhiasdhiashdiuasdhasd (Malware.Trace) -> No action taken.

delete them all?

Link to post
Share on other sites

That is OK :) - There are times that we prefer extra details - If you think you are badly infected please follow the details below to see an expert -

Please print out, read and follow the directions here, skipping any steps you are unable to complete. Then post a NEW topic here.

One of the expert helpers there will give you one-on-one assistance when one becomes available.

After posting your new post make sure under options that you select Track this topic and choose one of the Email options so that you're alerted when someone has replied to your post - The experts in this area are a bit busy so it will take a while for a response -

Thanks - :)

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.