Jump to content

mbam.exe won't start


Recommended Posts

Avira alarmed this morning showing TR/FraudPack.hub.52. File was quarantined.

I tried running Malwarebytes but program wouldn't start.

HijackThis showed three domain hijacks. Hijacks were removed.

I updated Avira and ran full scan again and found Trojan.Gen. File was quarantined.

Changed filename of Malwarebytes to ABCD.exe and got it to run.

In quick scan mode, Malwarebytes found: C:\WINDOWS\system32\spool\prtprocs\w32x86\x55a5k.dll (Trojan.Alureon) -> Quarantined and deleted successfully.

C:\Documents and Settings\XXXXXXXX\Local Settings\Temp\0.1472404673066391.exe (Trojan.Alureon) -> Quarantined and deleted successfully.

C:\Documents and Settings\XXXXXXXXXXX\Local Settings\Temp\0.6508938778324113.exe (Trojan.Alureon) -> Quarantined and deleted successfully.

C:\WINDOWS\Temp\uO179i179.sys (Rootkit.Agent) -> Quarantined and deleted successfully.

Now, Malwarebytes, Avira and HijackThis no longer find any suspect files but Malwarebytes continues not to start using the mbam.exe filename. It will run if the filename is changed to ABCD.exe but the windows it opens in is named 379685 instead of the usual Malwarebytes' Anti-Malware.

DDS text:

DDS (Ver_10-03-17.01) - NTFSx86

Run by XXXXXXXXXXX at 16:17:48.69 on Tue 09/14/2010

Internet Explorer: 7.0.5730.13

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.511.211 [GMT -4:00]

AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\Program Files\Windows Defender\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Avira\AntiVir Desktop\sched.exe

svchost.exe

C:\Program Files\Avira\AntiVir Desktop\avguard.exe

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\Program Files\SPAMfighter\sfus.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Program Files\Avira\AntiVir Desktop\avshadow.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Windows Defender\MSASCui.exe

C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

C:\Program Files\SPAMfighter\SFAgent.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\WINDOWS\system32\msiexec.exe

C:\Documents and Settings\XXXXXXXXXX\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.verizon.net/newsroom/portals/newsroom.portal

mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide

mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min

mRun: [sPAMfighter Agent] "c:\program files\spamfighter\SFAgent.exe" update delay 60

mRun: [soundMan] SOUNDMAN.EXE

Trusted Zone: amazon.com\www

Trusted Zone: internet

Trusted Zone: mcafee.com

DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6770.cab

DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1224764304535

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab

SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\window~4\MpShHook.dll

============= SERVICES / DRIVERS ===============

R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2009-7-1 11608]

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2009-7-1 135336]

R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2009-7-1 267432]

R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2009-7-1 60936]

R2 SPAMfighter Update Service;SPAMfighter Update Service;c:\program files\spamfighter\sfus.exe [2009-6-19 189064]

R2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]

S3 atirage;atirage;c:\windows\system32\drivers\atiragem.sys [2008-9-27 70528]

=============== Created Last 30 ================

2010-09-14 20:12:55 0 ----a-w- c:\documents and settings\marilyn roither\defogger_reenable

2010-09-14 19:27:08 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-09-14 19:27:05 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-09-14 19:20:25 0 d-----w- C:\044a12bb21e45b1795cc1a3028

2010-09-14 14:30:01 0 d-----w- C:\spoolerlogs

2010-08-21 00:52:51 131 ----a-w- c:\windows\CRC.INI

2010-08-21 00:50:08 0 d-----w- c:\program files\COMODO

==================== Find3M ====================

2010-06-30 12:31:35 149504 ----a-w- c:\windows\system32\schannel.dll

2010-06-24 12:15:28 832512 ----a-w- c:\windows\system32\wininet.dll

2010-06-24 12:15:26 78336 ----a-w- c:\windows\system32\ieencode.dll

2010-06-24 12:15:26 17408 ----a-w- c:\windows\system32\corpol.dll

2010-06-23 13:44:04 1851904 ----a-w- c:\windows\system32\win32k.sys

2010-06-17 14:03:00 80384 ----a-w- c:\windows\system32\iccvid.dll

2008-05-29 20:56:11 37375 ----a-w- c:\program files\openoffice.org-xsltfilter.cab

2008-05-29 20:56:10 2490452 ----a-w- c:\program files\openoffice.org-writer.cab

2008-05-29 20:56:02 207388 ----a-w- c:\program files\openoffice.org-testtool.cab

2008-05-29 20:55:59 2504975 ----a-w- c:\program files\openoffice.org-pyuno.cab

2008-05-29 20:55:39 51973 ----a-w- c:\program files\openoffice.org-onlineupdate.cab

2008-05-29 20:55:38 1090334 ----a-w- c:\program files\openoffice.org-math.cab

2008-05-29 20:55:33 118910 ----a-w- c:\program files\openoffice.org-javafilter.cab

2008-05-29 20:55:32 1254017 ----a-w- c:\program files\openoffice.org-impress.cab

2008-05-29 20:55:26 86870 ----a-w- c:\program files\openoffice.org-graphicfilter.cab

2008-05-29 20:55:25 919329 ----a-w- c:\program files\openoffice.org-draw.cab

2008-05-29 20:55:25 2769 ----a-w- c:\program files\openoffice.org-emailmerge.cab

2008-05-29 20:55:20 2031954 ----a-w- c:\program files\openoffice.org-core09.cab

2008-05-29 20:55:14 293078 ----a-w- c:\program files\openoffice.org-core08.cab

2008-05-29 20:55:07 3842531 ----a-w- c:\program files\openoffice.org-core07.cab

2008-05-29 20:54:57 28847705 ----a-w- c:\program files\openoffice.org-core06.cab

2008-05-29 20:50:50 18634513 ----a-w- c:\program files\openoffice.org-core05.cab

2008-05-29 20:49:37 16503595 ----a-w- c:\program files\openoffice.org-core04.cab

2008-05-29 20:48:32 9117929 ----a-w- c:\program files\openoffice.org-core03.cab

2008-05-29 20:48:10 3860980 ----a-w- c:\program files\openoffice.org-core02.cab

2008-05-29 20:47:56 15104219 ----a-w- c:\program files\openoffice.org-core01.cab

2008-05-29 20:47:19 4694039 ----a-w- c:\program files\openoffice.org-calc.cab

2008-05-29 20:47:00 1803630 ----a-w- c:\program files\openoffice.org-base.cab

2008-05-29 20:46:51 43005 ----a-w- c:\program files\openoffice.org-activex.cab

2008-05-29 20:46:45 4372992 ----a-w- c:\program files\openofficeorg24.msi

2008-05-29 20:46:45 217 ----a-w- c:\program files\setup.ini

2002-03-11 09:06:30 1822520 ----a-w- c:\program files\instmsiw.exe

2002-03-11 08:45:04 1708856 ----a-w- c:\program files\instmsia.exe

2009-08-24 20:30:44 32768 --sha-w- c:\windows\temp\cookies\index.dat

2009-08-24 20:30:44 32768 --sha-w- c:\windows\temp\history\history.ie5\index.dat

2009-08-24 20:30:44 49152 --sha-w- c:\windows\temp\temporary internet files\content.ie5\index.dat

============= FINISH: 16:18:59.75 ===============

Files attach.zip and ark.zip are attached

Any help is appreciated.

TripodBob

Attach.zip

ark.zip

Link to post
Share on other sites

Welcome to Malwarebytes!

Please read the following so that you can begin the cleaning process:

As we don't deal with malware removal in the General Malwarebytes' Anti-Malware Forum, you need to start a topic in the Malware Removal forum so a qualified helper can help you fix any malware related problems/infections you may have.

  • Please read and follow the directions here, skipping any steps you are unable to complete. Then post a NEW topic here.
  • After posting your new post, make sure under options, you select Track this topic and choose Immediate Email Notification, so that you're alerted when someone has replied to your post.
  • One of the expert helpers there will give you one-on-one assistance when one becomes available.
  • Please refrain from making any further changes to your computer (Install/Uninstall programs, use special fix tools, delete files, edit the registry, etc...) unless advised by a malware removal helper. Doing so can result in system changes which may hinder the attempts by a helper to clean your machine.
  • Note: You will need to reactivate the program using the license you were sent via email if using the Pro version

NOTE: Please DO NOT post back to (bump) your topic within the first 48 hours.

Replying to your own posts changes the post count and helpers are looking for topics with zero replies. If you reply to your own post helpers may think that you're already being helped and thus overlook your post.

    • If there is no reply from any experts after 48 hours, you can reply to the topic, asking for help again.
      Or
    • You may send a Private Message to a Moderator asking for assistance.

Alternatively, as a paying customer, you can contact the help desk at support@malwarebytes.org or here.

Please be patient, someone will assist you as soon as it is possible.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.