Jump to content

Cannot login after running MBAM


Recommended Posts

Good morning,

My PC was infected with the 'asiuoqgusdbaksd.com' Google redirect malware. This was also preventing the update capabilities to TrendMicro and Ad Aware definitions as well as disabling Fire Fox, NotePad and my ability to 'send' email. After much research and other attempts to remove it I found where Malwarebytes' had been successful in its removal. I downloaded Malwarebytes and performed a system scan which found 15 infected files. I received a message that everything could not be removed and would need to reboot the PC to complete removal process. Prior to reboot I read the generated log of infections and remember seeing a file 'baseuww32' as one of them. I rebooted and received the BSOD Stop: c0000135 (unable to find component) and the named file was 'baseuww32'. Tried to start up in Safe Mode and got same result. Tried to start up to 'Last known good configuration' and got the same result. The restart looks normal... I get the Windows XP logo and then a blank screen for several seconds, then the BSOD.

A Google search of this file returned no hits. I suspect this file replaced/corrupted a needed OS file but do not know which one. I have a boot CD and am comfortable with trying a repair but I am at a loss of what I'm repairing since this looks like a random filename that corrupted the known file.

Any suggestions and help would be greatly appreciated.

Robert

Link to post
Share on other sites

  • Staff

I need to know what version of MBAM this happened on because the most recent one should have the ability to rebuild this key correctly .

A repair install will likely not fix this (I believe that windows does not change the path of that file in a repair) but there are other options that will let you completyely recover without any data loss . It will not hurt to try becaue a repair install does not affect installed applications or data .

You can install into a second windows folder and then use this temp install to get me a copy of your registry from the damaged install .

You can slave the problem drive to a working system and then get me a copy of your registry .

If you can get me a copy of this file (Z: is whatever the drive letter of the problem install is) :

Z:\WINDOWS\system32\config\system

I can get this fixed one way or another .

Link to post
Share on other sites

The version of MBAM is 1.23.0.0

I had to copy MBAM onto a jump drive from another machine and rename it in order to run on the infected PC.

To make sure I understand correctly, you want me to do an XP install into a different folder (windows???) to make a temp folder?

Robert

Link to post
Share on other sites

  • Staff

If you have a real install disk , the kind you can also do a repair install with , you can install into another folder to make a temp install .

I have used windowsx in the past .

At the install screen to choose no to repair , then install , not format . not delete existing windows folder , then choose a different name .

After that you will have a second install set as the main boot OS and from there we can fix the broken one without damaging it .

Make sure NOT to activate this temp install , it will work for 30 days without activation , we will not need that long .

Link to post
Share on other sites

  • Staff

No , its is not a legit file .

What happens is that it takes a load point that is critical to windows booting and as far as my testing has gone , our rebuilding of that key when malware hijacks it should be perfect . I am not sure what went wrong in your case but it was related to an error rebuilding that key .

Yes , everything has options and it would be obvious that were about to make a mistake . Format and delete are the options you will be staying away from .

Link to post
Share on other sites

Thanks a bunch for getting me back into Windows (normally). The results are as follows:

-- I can update both TrendMicro and Ad Aware definitions!

-- I can access the web via Mozilla Firefox.

-- I still cannot send mail via outlook.

-- I can connect to the web via IE7 but it is very slow... but I cannot follow any links without IE freezing up.

(Homepage is Foxnews and it loads up slowly and each time I try to follow a news link, it freezes up??)

--edit addition-- I cannot Google anything... goes to a white screen and locks up.

--edit addition-- I cannot use 'favorites'... causes IE to lock up

Is Malwarebytes causing the slow IE7? (edit addition... I removed this and problem still persists)

Any thoughts or ideas.?

Its much better than it was so I know we're on the right track.

BTW, whats the best way to remove the 'windowsx' installation?

Again, many, many thanks for the help!

Robert

Link to post
Share on other sites

  • Staff

Yuck , bet you have more then just what we removed at first .

What you are describing sounds like two infections that I know of , vundo and some form of spambot .

Vundo will mess with the loading of pages and do very bad things to search pages and spambots will flood upstream so badly that all internet functions will be slower then with dialup .

I need 2 logs from you and I might be able to fix this through MBAM alone .

http://www.gmer.net/gmer.zip (unzip)

http://www.trendsecure.com/portal/en-US/_d.../HiJackThis.exe

Run GMER , it will do an auto quick scan . In the lower left hand corner of GMER click copy . Create a new txt doc and paste that log inside .

Run HijackThis , click "do a system scan and save a log file" . Save the log to your desktop .

In your next post paste the contents of both logs , I will see what was left behind .

EDIT TO ADD :

WindowsX may come in handy in capturing the malware that was left behind , we will remove it once we are done .

Link to post
Share on other sites

System update...

I upgraded to XP SP3 a couple of days ago and since then the problems I have had with Google and other links freezing up have been corrected. I have run deep scans from PC Cillin and Ad Aware and identified a few lingering 'items' but it appears my system is working as before. :D

As of this time, I feel that things are A-OK so this thread can be closed. I will continue to use MBAM as I think it is a premier package against malware and I thank all the folks here for the great job on this product. Many, many thanks to Nosirrah for his help and expertise in getting my system back up and running. I will continue reading and educating myself on this forum.

Many thanks to all,

Robert

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.