Jump to content

Virus Help - MB won't update


Recommended Posts

Hi. I'm running Windows XP, and It's obvious I have a virus/spyware.

Symptoms 1: I can't update MalwareBytes. I get "Error code: 732 (0,0)." I don't have a custom firewall/virus protection (just reformatter, and I didn't download any). But I do have the general Windows firewall (the one that comes automatically installed in the system). I turned off the Windows updates and Windows firewall by going to Control Panel > Security Center > and at the bottom, I turned off the "Windows Firewall" and the "Automatic Updates." MB still won't update.

Symptoms 2: I keep getting re-directed when using the internet.

Housecall.Trendmicro doesn't find anything (sometimes when scanning with Housecall, the scan page gets re-directed, so the virus is obviously there).

I ran HijackThis, and the results are below (in bold). Please let me know your thoughts. Thanks.:

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 5:24:34 PM, on 2/18/2006

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.20583)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\Program Files\Unlocker\UnlockerAssistant.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\WINDOWS\system32\taskmgr.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Documents and Settings\John\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [TotalRecorderScheduler] "C:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe"

O4 - HKLM\..\Run: [unlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"

O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-19\..\RunOnce: [showDeskFix] regsvr32 /s /n /i:u shell32 (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\RunOnce: [showDeskFix] regsvr32 /s /n /i:u shell32 (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\RunOnce: [showDeskFix] regsvr32 /s /n /i:u shell32 (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\RunOnce: [showDeskFix] regsvr32 /s /n /i:u shell32 (User 'Default user')

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

--

End of file - 3562 bytes

Link to post
Share on other sites

Once you follow the instructions above and run a quick scan and remove any items it finds, reboot. If you still have issues then you will have to seek help from the experts..... If that is needed let us know and we can direct you to the right place for that.

Link to post
Share on other sites

Thanks for the quick replies gentlemen.

Ok, so I got the newer version of MB. I ran a quick scan and a full scan, but nothing is found. I'm sure I have a virus/spyware, but it looks like MB and Housecall just can't find it.

Also, when I try to update MB now, I get "MBAM_ERROR_UPDATING (12007, 0, WinHttpSendRequest)."

Again, I'm running Windows XP. I stopped the firewall and automatic updates. And I never installed any additional firewall or virus protection. Any suggestions?

Link to post
Share on other sites

Yes I do use a router. I didn't even know routers could be hijacked.

At the moment, I don't have virus protection because I just reformatted. I've been dealing with this virus for a long time. So last week I reformatted. Just after reformatting, I found that I got the virus again. I noticed it when I signed into the internet for the first time after the reformat. At first, I thought it was because I connected an external HD (I believe the virus is on the external HD; hence I need to clean my laptop AND the extneral HD). But now that you say that routers can be hijacked, I wonder if that's what's going on.

Link to post
Share on other sites

If your router is hijacked it's possible that this could be causing some of the issue.

Try this - It is general solution that works most times -

You may want to copy/paste this to notepad as you will disconnect from the Internet for a while -

1. Very important: First disconnect your computer from the Internet. Just Log Off- while you reset the router -

2. Router Reset: Next you must reset the router to its default configuration. This can be done by inserting something tiny like a paper clip end or pencil tip into a small hole labeled "reset" located on the back of the router. Press and hold down the small button inside until the lights on the front of the router blink off and then on again (usually about 10 seconds).

  • NOTE: To help prevent the router from getting hijacked again, make sure you change the default password to the router and also secure your wireless connection.

3. Reset the IP/DNS settings of your Internet connection:

Download this Microsoft Item

4. Flush the DNS cache:

  • Click the Start logo in the bottom left corner of the screen
  • Click on Run or press Windows Logo+R
  • In the command window copy/paste the following:
    ipconfig /flushdns
    netsh winsock reset


  • Then hit enter and a black box will flash .
  • Exit the command window.
    5 Update: Try to update to the latest version

Also get some anti-virus software installed

Thank You -

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.