Jump to content

Get "Completed" message then program ends automatically


ido1957

Recommended Posts

Quick or Full Scan. Get "Completed" message window, I click on OKAY, then program ends automatically without letting me view the results. So I continue to have the infections (in the registry I believe). Just updated the latest version.

Tried making a renamed copy of the exe but it does the same thing.

post-50981-1283482235_thumb.jpg

Link to post
Share on other sites

  • Staff

Hi,

Navigate to the following folder:

C:\Program files\Malwarebytes' Anti-Malware and search for mbam.exe in there.

RENAME the mbam.exe to iexplore.exe

The launch iexplore.exe (renamed mbam.exe) to run a scan again. Let me know if this works.

Post the log from Malwarebytes in your next reply together with a HijackThis log.

Link to post
Share on other sites

Hi,

Navigate to the following folder:

C:\Program files\Malwarebytes' Anti-Malware and search for mbam.exe in there.

RENAME the mbam.exe to iexplore.exe

The launch iexplore.exe (renamed mbam.exe) to run a scan again. Let me know if this works.

Post the log from Malwarebytes in your next reply together with a HijackThis log.

I renamed and ran the scan. If found virus' and allowed me to see the results. I saved the log file. I clicked on "Remove Selected" and the program ended abruptly again without removing the virus. I ran a second scan and got the same results.

LOG:

Scan type: Quick scan

Objects scanned: 178341

Time elapsed: 30 minute(s), 5 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 7

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 5

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> No action taken.

HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{3446af26-b8d7-199b-4cfc-6fd764ca5c9f} (Backdoor.Bot) -> No action taken.

HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> No action taken.

HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> No action taken.

HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{3446af26-b8d7-199b-4cfc-6fd764ca5c9f} (Backdoor.Bot) -> No action taken.

HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> No action taken.

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\UACd.sys (Trojan.Agent) -> No action taken.

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

C:\WINDOWS\system32\UAClaswpsoxqumqwuy.dll (Spyware.OnlineGames) -> No action taken.

C:\WINDOWS\system32\UACfuiujiabaplextd.dll (Spyware.OnlineGames) -> No action taken.

C:\WINDOWS\system32\UACliqhtimrsexnfyb.dll (Spyware.OnlineGames) -> No action taken.

C:\WINDOWS\system32\UACwdtumureuwqudqo.dll (Spyware.OnlineGames) -> No action taken.

C:\WINDOWS\system32\UACxbepwmcrvkolfls.dat (Rootkit.TDSS) -> No action taken.

post-50981-1283527649_thumb.jpg

Link to post
Share on other sites

I ran the scan again and here are the 2 log entries. If found virus' and allowed me to see the results. I saved the log file. I clicked on "Remove Selected" and the program ended abruptly again without removing the virus. I ran a second scan and got the same results.

LOG #2

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

Database version: 4532

Windows 5.1.2600 Service Pack 3

Internet Explorer 7.0.5730.13

9/3/2010 9:34:41 AM

mbam-log-2010-09-03 (09-34-41).txt

Scan type: Quick scan

Objects scanned: 178092

Time elapsed: 26 minute(s), 14 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 7

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 1

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> No action taken.

HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{3446af26-b8d7-199b-4cfc-6fd764ca5c9f} (Backdoor.Bot) -> No action taken.

HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> No action taken.

HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> No action taken.

HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{3446af26-b8d7-199b-4cfc-6fd764ca5c9f} (Backdoor.Bot) -> No action taken.

HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> No action taken.

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\UACd.sys (Trojan.Agent) -> No action taken.

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

C:\WINDOWS\system32\UACxbepwmcrvkolfls.dat (Rootkit.TDSS) -> No action taken.

LOG #3

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

Database version: 4532

Windows 5.1.2600 Service Pack 3

Internet Explorer 7.0.5730.13

9/3/2010 10:07:50 AM

mbam-log-2010-09-03 (10-07-50).txt

Scan type: Quick scan

Objects scanned: 170753

Time elapsed: 19 minute(s), 4 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 7

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 1

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> No action taken.

HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{3446af26-b8d7-199b-4cfc-6fd764ca5c9f} (Backdoor.Bot) -> No action taken.

HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> No action taken.

HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> No action taken.

HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{3446af26-b8d7-199b-4cfc-6fd764ca5c9f} (Backdoor.Bot) -> No action taken.

HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> No action taken.

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\UACd.sys (Trojan.Agent) -> No action taken.

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

C:\WINDOWS\system32\UACxbepwmcrvkolfls.dat (Rootkit.TDSS) -> No action taken.

post-50981-1283530320_thumb.jpg

Link to post
Share on other sites

  • Staff

Hi,

Ok, no worries, the malware is interfering with our scan here, even when renamed (this worked before though).

Anyway, do the following instead..

* Please visit this webpage for instructions for downloading and running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Post the log from ComboFix in your next reply.

Please make sure you disable ALL of your Antivirus/Antispyware/Firewall before running ComboFix..This because Security Software may see some components ComboFix uses (prep.com for example) as suspicious and blocks the tool, or even deletes it. Please visit HERE if you don't know how.

Link to post
Share on other sites

Downloaded Malwarebytes to a USB Stick and installed it there. Ran the program and it seems to have worked - showed the virus, cleaned, then asked about restart which I just did. Ran it again from the USB Stick and it's all clean now. Looks like it defaults to C: drive which could be an issue if you had several drives (but I don't).

Link to post
Share on other sites

  • Staff

Thanks for the feedback. I actually have never tried that option yet via usb stick. Did you have to rename mbam.exe?

So you basically installed it on your USB stick? Let's say, for example, your USB stick has Drivename: F and you installed Malwarebytes on the USB stick F itself and ran it from there to scan the C:\ drive? (using full scan option since that's the only way it will list the other drives) ?

If so, good to know as this is an extra workaround to deal with these infections which try to interfere with malwarebytes scan. ;)

Link to post
Share on other sites

  • 2 weeks later...
Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.