Jump to content

Recommended Posts

Hi, I am a long term user of Malwarebytes and until recently used it without problems. Since last week by double clicking the icon on my desktop it does not open. I uninstalled the program and deleted Malwarebytes from the registry and downloaded your 1.46 free version again. it installed as it should but still does not open on double clicking the icon. Am I infected with a virus that is blocking your program? Thanks for any help or information.

Keystagegolf

Link to post
Share on other sites

If you wish to spend 4 or 5 mins checking , please follow this item -

Here are some steps to diagnose update issues:

Step 1

Click on this link and let me know what it says. It should be just a 4-digit number in the upper-left corner. About 4825 if you get a response -

Step 2

Please download and run the traceroute utility at this link. It will run a traceroute to our update servers to see if it can find the connection issue, and then it will write it to a log, and open that log in Notepad when it is done. Please either save the log as a Text File and then attach it to a reply, or copy and paste it into a reply, and I will forward it on to our server guy.

Note that it may take several minutes to run, and it may look like it is not doing anything for a few minutes. Normally it takes longer when there are errors that it has to log, but it's rare for it to go more than 10 minutes.

Name: edge.data-cdn.mbamupdates.com

Address: 68.232.45.133 - This is the last line of the item (I hope) - I just ran it , from Australia -

NOTE - Step 3 MAY not be required -

Step 3

Please download TCPView from Microsoft at this link.

This utility will monitor everything that is accessing the Internet or your local network. All you have to do is run TCPView, and then run Malwarebytes' Anti-Malware and start the update. Watch TCPView to see if mbam.exe shows up in the list. It will be pretty obvious, because it highlights it in green.

I need to know what "Remote Address" Malwarebytes' Anti-Malware is trying to connect to. Once it shows up in the list, you can right-click on the line for mbam.exe, and select 'Copy' in order to paste it into a reply. It will tell me what I need to know. Below is an example of what the line you are looking for will look like inside the following code box:

mbam.exe:3656	TCP	vista-x64:52135	cdn-208-111-168-7.ord.llnw.net:http	ESTABLISHED

Link to post
Share on other sites

If those instructions do not respond , or you are still having problems , please follow these instructions -

As we do not work on Malware removal or diagnostics in the general forums please follow these directions -

Please print out, read and follow What do I do now? , skipping any steps you are unable to complete.

The next step is post a New Topic Here.

One of the expert helpers there will give you one-on-one assistance when one becomes available.

After posting your new post make sure under options that you select Track this topic and choose one of the Email options so that

you're alerted when someone has replied to your post - Please allow at least 48 hours for a reply as the experts can get busy at times -

Also add a brief note to the experts as to your problems -

Alternatively, as a paying customer, you can contact the help desk at support@malwarebytes.org or via This Link

Always use the ADD REPLY Tab at the bottom of the page when you reply -

Thank You - :welcome:

Link to post
Share on other sites

Thank you for your help. Here are the answers to steps 1 & 2 (1) is 4825 (2) attached notepad (3)I have not done yet as you said it may not be needed.

Traceroute Malwarebytes CDN version 1.5

15/10/2010

0:46:33.70

Phase #1

Tracerouting: data-cdn.mbamupdates.com

Tracing route to ne1.wpc.edgecastcdn.net [93.184.221.133]

over a maximum of 30 hops:

1 1 ms 1 ms 1 ms 192.168.1.1

2 * 51 ms 50 ms 192.168.153.1

3 99 ms 50 ms 50 ms 130.Red-80-58-115.staticIP.rima-tde.net [80.58.115.130]

4 102 ms 62 ms 61 ms So5-0-0-0-grtmadad1.red.telefonica-wholesale.net [84.16.11.37]

5 202 ms 90 ms 62 ms Xe7-1-1-0-grtmadde2.red.telefonica-wholesale.net [84.16.13.206]

6 63 ms 62 ms 62 ms 62.156.128.33

7 116 ms 106 ms 103 ms ams-sa2-i.AMS.NL.NET.DTAG.DE [62.154.5.65]

8 99 ms 104 ms 98 ms 194.25.208.26

9 126 ms 104 ms 97 ms 93.184.221.133

Trace complete.

DNS Info

Server: 250.Red-80-58-61.staticIP.rima-tde.net

Address: 80.58.61.250

Name: mwbyte.vo.llnwd.net

Addresses: 87.248.205.253, 87.248.205.254

Aliases: data-cdn.mbamupdates.com

============================================================

Phase #2

Tracerouting: llnw.data-cdn.mbamupdates.com

Tracing route to mwbyte.vo.llnwd.net [87.248.205.254]

over a maximum of 30 hops:

1 1 ms 1 ms 1 ms 192.168.1.1

2 49 ms 49 ms 50 ms 192.168.153.1

3 81 ms 58 ms 51 ms 130.Red-80-58-115.staticIP.rima-tde.net [80.58.115.130]

4 109 ms 62 ms 62 ms So4-0-0-0-grtmadad1.red.telefonica-wholesale.net [213.140.51.13]

5 66 ms 61 ms 63 ms Xe5-1-0-0-grtmadno1.red.telefonica-wholesale.net [84.16.13.225]

6 64 ms 62 ms 67 ms So-1-3-0-0-grtmadpe3.red.telefonica-wholesale.net [84.16.12.49]

7 112 ms 64 ms 61 ms FranceTelecom6-1-0-0-grtmadpe3.red.telefonica-wholesale.net [213.140.55.54]

8 67 ms 63 ms 62 ms ge-3-0-0-0.madcr2.Madrid.opentransit.net [193.251.242.102]

9 100 ms 83 ms 91 ms limelight-12.GW.opentransit.net [193.251.248.78]

10 137 ms 88 ms 87 ms ve5.fr4.mad1.llnw.net [69.28.172.134]

11 156 ms 83 ms 84 ms cdn-87-248-205-254.mad.llnw.net [87.248.205.254]

Trace complete.

DNS Info

Server: 250.Red-80-58-61.staticIP.rima-tde.net

Address: 80.58.61.250

Name: mwbyte.vo.llnwd.net

Addresses: 87.248.205.253, 87.248.205.254

Aliases: llnw.data-cdn.mbamupdates.com

============================================================

Phase #3

Tracerouting: edge.data-cdn.mbamupdates.com

Tracing route to ne1.wpc.edgecastcdn.net [93.184.221.133]

over a maximum of 30 hops:

1 1 ms 1 ms 1 ms 192.168.1.1

2 51 ms 50 ms 49 ms 192.168.153.1

3 113 ms 54 ms 50 ms 130.Red-80-58-115.staticIP.rima-tde.net [80.58.115.130]

4 61 ms 60 ms 61 ms So5-0-0-0-grtmadad1.red.telefonica-wholesale.net [84.16.11.37]

5 155 ms 60 ms 61 ms Xe7-1-1-0-grtmadde2.red.telefonica-wholesale.net [84.16.13.206]

6 110 ms 62 ms 60 ms 62.156.128.33

7 106 ms 98 ms 100 ms ams-sa2-i.AMS.NL.NET.DTAG.DE [62.154.5.65]

8 108 ms 114 ms 108 ms 194.25.208.26

9 132 ms 93 ms 99 ms 93.184.221.133

Trace complete.

DNS Info

Server: 250.Red-80-58-61.staticIP.rima-tde.net

Address: 80.58.61.250

Name: ne1.wpc.edgecastcdn.net

Address: 93.184.221.133

Aliases: edge.data-cdn.mbamupdates.com, wpc.1D00.edgecastcdn.net

gs1.wpc.edgecastcdn.net

============================================================

Finished at: 0:47:29.84

Link to post
Share on other sites

Name: ne1.wpc.edgecastcdn.net

Address: 93.184.221.133

Aliases: edge.data-cdn.mbamupdates.com, wpc.1D00.edgecastcdn.net

gs1.wpc.edgecastcdn.net

This is not the address response required (see my results) - This is an English site that you are accessing - Malwarebytes is in USA -

Please read Post #5 , and follow the directions - You are being redirected away from Malwarebytes -

Thank You -

Link to post
Share on other sites

Hello for the attention of NOKNOJON

On one of the formus you directed me to was this solution "to activate Malwarebytes by changing the the name of mbam to winlogon.exe " This works and I can run Malwarebytes. Does this mean that I am no longer being redirected and do not need to do anything more?

The forum using DeFogger and GMER is more complicated and unless necessary I prefer not to do it.

Thank you.

Link to post
Share on other sites

Hello Keystagegolf:

Could you please update definitions (current 4831) and run a Quick Scan in Normal Mode and Copy/Paste scan log? MBAM should run without renaming, otherwise its an indication of infection

Should you have any other question(s) please post back using MXyBj.png button

Link to post
Share on other sites

Thank you for your response here is the scan log you requested. I had open Malwarebytes with the renamed file(winlogon.exe)

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

Database version: 4831

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

15/10/2010 14:27:21

mbam-log-2010-10-15 (14-27-21).txt

Scan type: Quick scan

Objects scanned: 178223

Time elapsed: 15 minute(s), 7 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Link to post
Share on other sites

As you suggested I remamed and opened from the desktop, updated to 4833 and here is the log:Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

Database version: 4833

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

15/10/2010 15:42:52

mbam-log-2010-10-15 (15-42-52).txt

Scan type: Quick scan

Objects scanned: 168792

Time elapsed: 4 minute(s), 20 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Link to post
Share on other sites

If this is the case that it will not run while the file is named mbam.exe, then you have an infection/rootkit that is preventing the program from running as designed. Malwarebytes may not be picking it up so you will have to seek help from the experts to find the infection.

Please read the following so that you can begin the cleaning process:

As we don't deal with malware removal in the General Malwarebytes' Anti-Malware Forum, you need to start a topic in the Malware Removal forum so a qualified helper can help you fix any malware related problems/infections you may have.

  • Please read and follow the directions here, skipping any steps you are unable to complete. Then post a NEW topic here.
  • After posting your new post, make sure under options, you select Track this topic and choose Immediate Email Notification, so that you're alerted when someone has replied to your post.
  • One of the expert helpers there will give you one-on-one assistance when one becomes available.
  • Please refrain from making any further changes to your computer (Install/Uninstall programs, use special fix tools, delete files, edit the registry, etc...) unless advised by a malware removal helper. Doing so can result in system changes which may hinder the attempts by a helper to clean your machine.

NOTE: Please DO NOT post back to (bump) your topic within the first 48 hours.

Replying to your own posts changes the post count and helpers are looking for topics with zero replies. If you reply to your own post helpers may think that you're already being helped and thus overlook your post.

    • If there is no reply from any experts after 48 hours, you can reply to the topic, asking for help again.
      Or
    • You may send a Private Message to a Moderator asking for assistance.

Alternatively, as a paying customer, you can contact the help desk at support@malwarebytes.org or here.

Please be patient, someone will assist you as soon as it is possible.

PS: Please use the "ADDREPLY" t_reply.gif button instead of other ones when you start replying. :welcome:

Link to post
Share on other sites

Thank you FireFox for your reply. I had renamed one of the original bad icons to mbam.exe which didn't work. However I renamed the one that did work (Malwarebytes Anti-Malware) to mbam.exe and it is working OK. So it seems as though the virus has been removed. Many thanks for all your help.

Keystagegolf :welcome:

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.