MBAM won't ryn and can't access internet

[steve jones]

I appear to have picked up something called Antivirus XP on my other PC. It is flashing up warnings of infections and asking me to register, which of course I am not doing. I cannot get MBAM to run, and when I try to access the internet it does not allow Firefox to start. Can anyone advise best action to take please? Any help gratefully received.

Steve

[mountaintree16]

Hello steve jones, and welcome to the forums here at Malwarebytes.org

See if any of the guides here might be what you are looking for to help you:

http://forums.malwarebytes.org/index.php?showforum=39

If that doesn't work, please read the following to being the cleanup process:

Please read and follow the directions here, skipping any steps you are unable to complete. Then post a NEW topic here.

One of the expert helpers there will give you one-on-one assistance when one becomes available.

Please note that it may take 48 hours or more for you to receive a response in the malware removal forum, as it is often busy at times. Please do not reply to your own post asking for help unless its been more than 48 hours since you originally posted, as this can make it appear as though you are being helped and take longer for you to get help.

If you are unable to do all or any of the steps in the link to the directions above, just post your problem into the forum I gave you a link to anyway and someone will be able to assist you.

Also, when replying, please use the "ADD REPLY" button or erase what the person you are replying to said, as this makes the forum easier to read.

After posting your new post make sure under options that you select Track this topic and choose one of the Email options so that you're alerted when someone has replied to your post.

Thank you

[noknojon]

The item listed below will assist in removal of these infections - They are all from the same family -

Thank you -

This item is from our guides and is very good -

[BIGPIE]

The item listed below will assist in removal of these infections - They are all from the same family -

Thank you -

This item is from our guides and is very good -

Thanks I think I have the same problem I can't access internet at all. Any suggestions. Desperate

[steve jones]

Many thanks for the rapid response!

I had been regularly using MBAM on my now infected PC, but when I got this infection, and couldn't get MBAM to run, I deleted MBAM because I had read that I would have to re-install it. Have I also read on these forums that I need to run a 'deep cleaning' program as well to remove all refences to MBAM? If so, I haven't done this so it may affect my next attempt to start MBAM when reloaded.

I cannot access the internet via my usual methods so I took a copy of mbam-setup.exe from a good PC (after first updating it) and pasted it on the desktop of my infected PC. (Is that an acceptable approach?)I then tried to get the exe extension to display, following the instructions shown in the virus removal guide, so that I could change it to a .com extension. However, I could not for the life of me find the option to display file extensions in My computer/tools/options? Is it possible that the virus could be removing that option? I'm running XP by the way.

I'm at work now so can't take another stab until this evening, but I will look again then.

Thanks again

[steve jones]

I have decided to start a fresh post in the HiJack This Logs section. I didn't know where to put my questions re internet access so I have repeated the content of the above post there. I hope this is OK. Thanks again for all the help.

[mountaintree16]

Steve,

That sounds like the best thing for you to do, as you are infected.

Good luck!

[Battlecatt]

Greetings,

New here. Just downloaded Malwarebytes a couple of nights ago after a rouge "Security Center" virus infected my machine. After a few "tweeks" of my own, I was able to actually get Malware to update and run. It worked wonderfully!!

Fast forward to last night. Surfing along when "WHAM" I get a "new" Rouge (read fake) Security Virus called "Security Soft." It immediately freezes my machine and starts running a supposed "scan" and listing 10 Gagillion things infected, yadda, yadda....

I ignore it and try to fire up Malwarebytes...no dice. Try my browser...locked. Try Norton...no go. Nothing works other than a stupid pop-up ranting of the Doomsday of my machine by this virus. Soooooooo....

I re-boot and immediately upon getting back to my desktop, I hit a restore point, effectively reseting my registry to a couple of days ago, then...having done that, re-boot once more and Ta Da!!! I can Run Malwarebytes!!

Did a full scan...all drives...the program once again works flawlessly. Notice!!! I did not try to get the program to get an update. I had a thought that any attempt at the internet would trigger the new virus off again even though I had restored my registry to an earlier time.

Malwarebytes finds the little bugger and I have it stomp the ugly out of it. THEN....I ran a "Quick Scan" just to be sure....Oh yeah...it's Gone!!!! I'm a happy camper!!! But alas, it was not to last.

After the scans, I tried to get Malwarebytes to get an update....."Connection Failed". Sooooo I open my browser..."DNS Error, Unable to connect, yadda yadda"

Open up my network connections and check my ethernet card. Run a repair, everything checks out. Re-boot, try again...nada.

Then it occured to me...sometimes, on rare ocassions with XP-Home....settings can get "confused" after so much tweeking of registry files and settings, so I decided to try something simple.

If you still cant connect to the internet and your card (ethernet) settings say all is well, right click the connection and disable the card. Yes that's "disable" the card. Wait like 30 seconds then click "Enable." and try again.

Some device drivers tend to lock up, in particular after a network attack. In combination with fixing erroneous registry errors, sometimes that may be all it takes to get back on-line. Well, worked for me at least.

To get to your network card in XP, go to "Control Panel" select "Network Settings" right click your connection and the rest is pretty simple.

Specs:

CPU: AMD Phenom Quad Core

H/D: 500 Gig

RAM 4 gig

Antivirus: Norton Corporate Edition with Firewall.

[AdvancedSetup]

Doing a restore often is counter productive to removing the Malware.

As long as it is NOT due to current live Malware preventing the update then this method may help restore the ability to run updates

After each step please try to run the Update again in the MBAM program.

STEP 01

Backup the Registry:

Modifying the Registry can create unforeseen problems, so it always wise to create a backup before doing so.

• Please download ERUNT from here
  
• ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.
  
• Double click on erunt-setup.exe to Install ERUNT by following the prompts.
  
• Use the default install settings but say NO to the portion that asks you to add ERUNT to the Start-Up folder. You can enable this option later if you wish.
  
• Start ERUNT either by double clicking on the desktop icon or choosing to start the program at the end of the setup process.
  
• Choose a location for the backup.
  
  • Note: the default location is C:\Windows\ERDNT which is acceptable.
    

  [*]Make sure that at least the first two check boxes are selected.

  [*]Click on OK

  [*]Then click on YES to create the folder.

Note: if it is necessary to restore the registry, open the backup folder and start ERDNT.exe

Once you've completed backing up your Registry, please perform the following fixes until fixed or all methods have been tried

STEP 02

Disable Internet Explorer Proxy Settings and Reset TCP/IP

It is very important that these steps be carried out exactly as shown otherwise the fix will not work.

If you have any questions please ask before moving on.

• Please start Notepad and using your mouse make sure you select and copy all the information below in the Code box into your new document.
  
• Then save the file as "fixme.bat" to your Desktop
  
• In the drop down box for Save as type: make sure you select All Files (*.*) and keep the quotes on the name as well. Then close the new file.
  

  @ECHO OFF
  reg delete "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings" /v ProxyServer /f
  reg delete "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings" /v ProxyOverride /f
  reg add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings" /v ProxyEnable  /t REG_DWORD /d 0 /f
  reg add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings" /v GlobalUserOffline /t REG_DWORD /d 0 /f
  netsh int ip reset resetlog.txt

  
  

• On Windows XP you can double-click the file to run it.
  
• On Vista/Win7 you need to Right click the file and choose Run as administrator to run it. With User Account Control on it should ask permission to run it. Click Yes
  
• This will flash a black DOS box very quickly and go away, this is normal.
  
• Restart your computer now.
  
• Launch Internet Explorer and see if you can connect to the Internet.
  
• Launch MBAM and check for Updates
  

STEP 03

Ping the Content Delivery Network

For Windows XP:

Click on START - RUN and type in or Copy/Paste the following and verify that you get a response

CMD.EXE /K PING mbam-cdn.malwarebytes.org

For Windows Vista or Windows 7:

Click on START and in the search line type in CMD and you should see cmd.exe show on the menu. Right click over cmd.exe and select Run as administrator

Then in the DOS console window type in the following and press the Enter key and verify that you get a response

PING mbam-cdn.malwarebytes.org

If all the pings failed then please try running the following command

TRACERT mbam-cdn.malwarebytes.org

Then copy and paste back the results on your next reply.

STEP 04

Exclude Malwarebytes' Anti-Malware's Files and Folders From Other Active Security Programs:

For Windows XP:

• C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
  
• C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
  
• C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
  
• C:\Program Files\Malwarebytes' Anti-Malware\zlib.dll
  
• C:\Program Files\Malwarebytes' Anti-Malware\mbam.dll
  
• C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll
  
• C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\rules.ref
  
• C:\Windows\System32\drivers\mbam.sys
  
• C:\Windows\System32\drivers\mbamswissarmy.sys
  

For Windows Vista or Windows 7:

• C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
  
• C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
  
• C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
  
• C:\Program Files\Malwarebytes' Anti-Malware\zlib.dll
  
• C:\Program Files\Malwarebytes' Anti-Malware\mbam.dll
  
• C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll
  
• C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\rules.ref
  
• C:\Windows\System32\drivers\mbam.sys
  
• C:\Windows\System32\drivers\mbamswissarmy.sys
  

For 64 bit versions of Windows Vista or Windows 7:

• C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
  
• C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
  
• C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
  
• C:\Program Files (x86)\Malwarebytes' Anti-Malware\zlib.dll
  
• C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.dll
  
• C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamext.dll
  
• C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\rules.ref
  
• C:\Windows\System32\drivers\mbam.sys
  
• C:\Windows\SysWoW64\drivers\mbamswissarmy.sys
  

Note: If using a software firewall besides the built in Windows Firewall you'll need to exclude MBAM.EXE from it as well

The FAQ contains examples of setting file exclusions for some known AV products.