Jump to content

Can not start Malwarebytes


Recommended Posts

  • Staff

Hi,

Navigate to the C:\Program Files\Malwarebytes' Anti-malware folder

locate the file mbam.exe in there and rename that file to explorer.exe (rightclick mbam.exe, select rename and rename to explorer.exe)

Then doubleclick the explorer.exe file there (renamed mbam). Malwarebytes should be able to launch.

Post the malwarebytes log in your next reply together with a new DDS log.

Link to post
Share on other sites

Hi,

Navigate to the C:\Program Files\Malwarebytes' Anti-malware folder

locate the file mbam.exe in there and rename that file to explorer.exe (rightclick mbam.exe, select rename and rename to explorer.exe)

Then doubleclick the explorer.exe file there (renamed mbam). Malwarebytes should be able to launch.

Post the malwarebytes log in your next reply together with a new DDS log.

Here are the logs requested. I have included the log before and after malwarebytes removed infected files. Thanks for the help!

mbam_log_2010_08_04__10_55_45_.txt

mbam_log_2010_08_04__10_57_19_.txt

DDS_8.4.10_.txt

Link to post
Share on other sites

  • Staff

Hi,

Please Update Malwarebytes, because I see mbam wasn't updated. Click the update tab in order to check and download the updates.

Then perform a new scan again (Quick scan) and let Malwarebytes remove what it found.

Reboot afterwards.

Post the new Malwarebytes log together with a new DDS log in your next reply.

Link to post
Share on other sites

  • Staff

Hi,

* Please visit this webpage for instructions for downloading and running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Post the log from ComboFix in your next reply.

Please make sure you disable ALL of your Antivirus/Antispyware/Firewall before running ComboFix..This because Security Software may see some components ComboFix uses (prep.com for example) as suspicious and blocks the tool, or even deletes it. Please visit HERE if you don't know how.

Link to post
Share on other sites

  • Staff

Hi,

Almost done...

* Open notepad - don't use any other texteditor than notepad or the script will fail.

Copy/paste the text in the quotebox below into notepad:

FileLook::

c:\windows\system32\E0828BED42.dll

Driver::

tdozp

Registry::

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"nnopmnaudio"=-

Save this as txtfile CFScript

Then drag the CFScript into ComboFix.exe as you see in the screenshot below.

CFScript.gif

This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply.

Extra note, I see you have Regcure installed. I do not recommend this one as it has a questionable reputation. Also, registry cleaners are always a risk. Please see here: http://miekiemoes.blogspot.com/2008/02/reg...weaking_13.html

That's why I suggest you uninstall Regcure.

Link to post
Share on other sites

  • Staff

Hi,

Please set your system to show all files.

Click Start.

Open My Computer.

Select the Tools menu and click Folder Options.

Select the View Tab. Under the Hidden files and folders heading, select Show hidden files and folders.

Uncheck: Hide file extensions for known file types

Uncheck the Hide protected operating system files (recommended) option.

Click Yes to confirm.

Click OK.

Then, Go to this page.

Enter the url of this thread in the first field.

Where it says, browse to the file that you want to submit, click the browse button next to it and browse to next file:

c:\windows\system32\E0828BED42.dll

Select it and click ok:

Then click the Send File button below.

Let me know in your next reply once you uploaded the file.

Link to post
Share on other sites

  • Staff

Hi,

The file is OK.

The rest of your log looks OK as well.

* Go to start > run and copy and paste next command in the field:

ComboFix /Uninstall

Make sure there's a space between Combofix and /

Then hit enter.

This will uninstall Combofix, delete its related folders and files, reset your clock settings, hide file extensions, hide the system/hidden files and resets System Restore again.

Let me know in your next reply how things are now.

Link to post
Share on other sites

  • Staff

Hi

That error must have been the first time when you ran Combofix. the startup reference to that file is already removed now. :)

Glad I could help. :)

Please read my Prevention page with lots of info and tips how to prevent this in the future.

And if you want to improve speed/system performance after malware removal, take a look here.

Extra note: Make sure your programs are up to date - because older versions may contain Security Leaks. To find out what programs need to be updated, please run the Secunia Software Inspector Scan.

Happy Surfing again!

Link to post
Share on other sites

You are wonderful! I am glad there are people like you that help people like me. I will definitely read the prevention page.

Last question. I remember at the beginning of the process I disabled defogger. Is this something I should re-enable?

Thanks again!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.