Jump to content

Recommended Posts

Hi

I'm here to ask for some help with some issues i'm having running Malwarebytes. I'm running Vista Home premium service pack 2 with Avast Home edition 4.8. I run Eset online scanner once a week and also use Superantispyware as another layer of protection. A more tech savvie friend of mine suggested that I get Malwarebytes and run that as it finds a lot of the nasties that other anti spyware programs don't find so I downloaded and tried to run it. It installs fine but when I try to run it it wont run.

I've tried running Mbam-clean and restarting and reinstalling and still it won't run so, as i've not been having any noticeable problems with redirecting or such like I posted in another part of the forum to ask for a bit of advice and i've ended up here. The other antivirus and antispyware programs find nothing and eset has found a few nasties and purged them but when re running them all again it gives me a clean bill of health but Malwarebytes still won't run.

I've followed the following instructions and the results are pasted and the other logs upload.

Disable CD-ROM Emulation Software

* DeFogger - DisablePlease download the following tool DeFogger to your desktop.

* Double click DeFogger to run the tool.

* The application window will appear

* Click the Disable button to disable your CD Emulation drivers.

* Click Yes to continue

* A 'Finished!' message will appear

* Click OK

* DeFogger will now ask to reboot the machine - click OK

* IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_disable which will appear on your desktop.

* Do not re-enable these drivers until otherwise instructed.

Download DDS and save it to your desktop from here or here or here

Disable any script blocker, and then double click dds.scr to run the tool.

* When done, DDS will open two (2) logs

o DDS.txt

o Attach.txt

* Save both reports to your desktop.

Download the following GMER Rootkit Scanner from here

* Download the randomly named EXE file to your Desktop. Remember what its name is since it is randomly named.

* Double click on the new random named exe file you downloaded and run it. If prompted about the Security Warning and Unknown Publisher go ahead and click on Run

* It may take a minute to load and become available.

* If it gives you a warning about rootkit activity and asks if you want to run a full scan...click on NO, then use the following settings for a more complete scan..

* In the right panel, you will see several boxes that have been checked. Ensure the following are UNCHECKED

o IAT/EAT

o Drives/Partition other than Systemdrive (typically only C:\ should be checked)

o Show All (don't miss this one)

* Then click the Scan button & wait for it to finish.

* Once done click on the [save..] button, and in the File name area, type in "ark.txt" or it will save as a .log file which cannot be uploaded to your post.

* Save it where you can easily find it, such as your desktop

* **Caution** Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries

* Click OK and quit the GMER program.

Note: On Firefox you need to go to Tools/Options/Main then under the Downloads section, click on Always ask me where to save files so that you can choose the name and where to save to, in this case your Desktop.

Copy/Paste the contents of 'DDS.txt' to be posted as text to your post

The other two logs ...

* attach.txt

* ark.txt

... should be zipped/archived before attaching to the post

Here is the DDS.text file

DDS (Ver_10-03-17.01) - NTFSx86

Run by Jamie at 17:54:16.46 on 13/05/2010

Internet Explorer: 8.0.6001.18904 BrowserJavaVersion: 1.6.0_20

Microsoft

Attach.txt.zip

Link to post
Share on other sites

I've changed the name of the mbam.exe to a random string and i've managed to run Malwarebytes which finds 6 infections but doesn't seem to be removing them.

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

Database version: 4102

Windows 6.0.6002 Service Pack 2

Internet Explorer 8.0.6001.18904

14/05/2010 23:30:40

mbam-log-2010-05-14 (23-30-40).txt

Scan type: Full scan (C:\|)

Objects scanned: 277904

Time elapsed: 1 hour(s), 48 minute(s), 49 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 1

Registry Keys Infected: 1

Registry Values Infected: 1

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 3

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

c:\Users\Jamie\AppData\Local\Temp\gebxya.dll (Trojan.Agent) -> No action taken.

Registry Keys Infected:

HKEY_CLASSES_ROOT\videoplay (Trojan.DNSChanger) -> No action taken.

Registry Values Infected:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\fcbbbbdrv (Trojan.Agent) -> No action taken.

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

c:\Users\Jamie\AppData\Local\Temp\gebxya.dll (Trojan.Agent) -> No action taken.

C:\Users\Jamie\msplyi4d.exe (Trojan.Agent) -> No action taken.

C:\Users\Public\Desktop\AntiSpyware.lnk (Rogue.AntiSpyware) -> No action taken.

I've restarted immediately but i'm now getting windows blocking some startup programs. I could really do with some help.

Thanks in advance

J

Link to post
Share on other sites

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.