Jump to content

Memory cound not be read


Recommended Posts

Days ago, I have download and installed Malwarebytes' AntiMalware v1.46(trial). After updating and system scan, there were trojans and malwares found and were subsequently quarantined and removed. Upon system reboot, when I clicked again on the Quarantine Topic of the screen, error message appeared with:

"Command reference 0x7348889a0x00030023,the memory could not be read, then the application is closed"

Then everytime when I clicked on Quarantine Topic again, same result with error message still occurred except changes in

numbers 0x000XXXXX from 0x00030023.

What is the cause of this problem? Can it be solved or any other means which you can advise or to have it completely removed and installed again?

Link to post
Share on other sites

Welcome to Malwarebytes! That message comes up if you are using IE6 http://support.microsoft.com/kb/899811

You may want to post back with your operating system, browser version, security software. So we know what you have. Or go to the MS Update site. See how many downloads (if any) are waiting to come down to your pc...

http://support.microsoft.com/kb/899811

SYMPTOMS

CAUSE regards...

Link to post
Share on other sites

My operating system is Windows XP Pro SP3. I am using I.E.8 and my security software is Kaspersky Internet Security 2011. I hereby also enclose mbam log report as follows for your easy reference:

?????? 4855

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

2010/10/15 ?? 10:08:34

mbam-log-2010-10-15 (22-08-34).txt

Scanning type: rapid scanning is

scan objects quantity: 146,493

scan a total Time: 2 hours, 22 minutes, 9

infected seconds memory process quantity: 0

infected memory modules: 1

infected note register table number of projects: 15

infected note register table volume: 0

infected note book lists number of projects: 0

infected folders: 1

infected file quantity: 3

The infected memory process quantity:

(does not detect a harmful item)

The infected memory modules Quantity:

C:\Documents and Settings\david\??\Thunder(??)_v5.9.22.1466(???????)

\ComDlls\xunleiBHO_Now.dll (Trojan.BHO) -> Delete on reboot.

The infected note register table number of projects:

HKEY_CLASSES_ROOT\Interface\{988934a4-064b-11d3-bb80-00104b35e7f9} (Trojan.BHO)

-> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{a1dd29ed-2598-48e9-9793-64a9cd08ac94} (Trojan.BHO)

-> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{61bd6924-d4fb-4ba2-b2ef-ebe5e203d122} (Trojan.Clicker)

-> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Typelib\{87ca3845-37fe-414c-81cf-e08a7d0f6779} (Trojan.BHO) -

> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{802f530b-a8f6-4631-ae49-6bacaac6373e} (Trojan.BHO) ->

Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{802f530b-

a8f6-4631-ae49-6bacaac6373e} (Trojan.BHO) -> Quarantined and deleted

successfully.

HKEY_CLASSES_ROOT\CLSID\{889d2feb-5411-4565-8998-1dd2c5261283} (Trojan.BHO) ->

Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\

{889d2feb-5411-4565-8998-1dd2c5261283} (Trojan.BHO) -> Quarantined and deleted

successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{889d2feb-

5411-4565-8998-1dd2c5261283} (Trojan.BHO) -> Quarantined and deleted

successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser

Helper Objects\{889d2feb-5411-4565-8998-1dd2c5261283} (Trojan.BHO) ->

Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\

{61bd6924-d4fb-4ba2-b2ef-ebe5e203d122} (Trojan.Clicker) -> Quarantined and

deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{61bd6924-

d4fb-4ba2-b2ef-ebe5e203d122} (Trojan.Clicker) -> Quarantined and deleted

successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser

Helper Objects\{61bd6924-d4fb-4ba2-b2ef-ebe5e203d122} (Trojan.Clicker) ->

Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\msm4file (Malware.Trace) -> Quarantined and deleted

successfully.

HKEY_CLASSES_ROOT\qvodadblocker.qvodblock (Adware.Baidu) -> Quarantined and

deleted successfully.

The infected note register table volume:

(does not detect a harmful item)

The infected note book lists number of projects:

(does not detect a harmful item)

The infected information kits Quantity:

C:\Program Files\Common Files\System\msnc (Rogue.ANGantiVirus) -> Quarantined

and deleted successfully.

The infected file Quantity:

C:\Documents and Settings\david\??\Thunder(??)_v5.9.22.1466(???????)

\ComDlls\xunleiBHO_Now.dll (Trojan.BHO) -> Delete on reboot.

C:\Documents and

Link to post
Share on other sites

noknojon: Luckily there is no crash during system scan!

After 1 min scanning, there is an error occured with remarks 'please inform this error code to our support group

MBAM-ERROR-ADD_TO_RESULTS(0,6)

Complete scan results are as follows:

The following malicious software are found in your system, please close all unused

applicatios before clearance to successfully remove threats:

01) Trojan.BHO

02) Trojan.BHO Registry Key

HKEY_CLASSES_ROOT\Interface\{a1dd29ed-2598-48e9-9793-64a9cd08ac94}

(No action taken)

03) Trojan.BHO Registry Key

HKEY_CLASSES_ROOT\Typelib\{87ca3845-37fe-414c-81cf-e08a7d0f6779}

(No action taken)

04) Trojan.BHO File

C:\Documents and Settings\david\Desktop\Thunder_v5.9.22.1466\ComDlls\

xunleiBHO_Now.dll (No action action)

05) Trojan.BHO Memory Module

C:\Documents and Settings\david\Desktop\Thunder_v5.9.22.1466\ComDlls\

xunleiBHO_Now.dll (No action action)

06) Trojan.BHO Registry Key

HKEY_CLASSES_ROOT\Interface\{988934a4-064b-11d3-bb80-00104b35e7f9}

(No action taken)

07) Trojan.BHO Registry Key

HKEY_CLASSES_ROOT\CLSID\{802f530b-a8f6-4631-ae49-6bacaac6373e}

(No action taken)

08) Trojan.BHO Registry Key

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Current Version\Ext\Stats\

{802f530b-a8f6-4631-ae49-6bacaac6373e} (No action taken)

09) Trojan.BHO Registry Key

HKEY_CLASSES_ROOT\CLSID\{889d2feb-5411-4565-8998-1dd2c5261283}

(No action taken)

10) Trojan.BHO Registry Key

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Current Version\Ext\Settings\

{889d2feb-5411-4565-8998-1dd2c5261283} (No action taken)

11) Trojan.BHO Registry Key

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Current Version\Ext\Stats\

{889d2feb-5411-4565-8998-1dd2c5261283} (No action taken)

12) Trojan.BHO Registry Key

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Current Version\Explorer\

Browser Helper Objects\{889d2feb-5411-4565-8998-1dd2c5261283} (No action taken)

There is one querry I like to point out nearly all items quoted here are appeared on recent malicious log report which was already quarantined and removed. If they are really removed, how can they appear again here. Does it mean that malicious softwares found will only be removed on registered version and not applicable to trial version?

Link to post
Share on other sites

Hello hkw:

Sorry to hear that your system is infected, at times MBAM alone will not be able to completely eradicate these nastiest leaving behind remnants that require special tools and expert's knowledge

Please follow instructions given by yardbird, and noknojon in Post #2, and Post #6 respectively

Link to post
Share on other sites

Hi hkw -

The paid version has the same remover ability as the free version - They are the same basic program -

Sorry but the experts in the Malware Removal area can diagnose this better than I can once they have the requested logs -

Please complete the DDS logs and scans listed in the "What do I do now" short cut listed above (as best you can) -

Then create a new topic in the Malware Removal area - I can not ask for , or diagnose these required logs , as I am not a qualified expert -

They then use other tools to remove very severe infections that are not allowed here -

I do hope you understand my problem in helping further -

Thank You -

Link to post
Share on other sites

@ hkw

No one replied to your logs in the Malware Forum, you will be requested by a helper to download tools, you will get clear instructions, & you'll work together. I advise you to bookmark your Malware Post. check it every day a few times a day. regards....

Link to post
Share on other sites

yardbird: How do I contact the expert or will the expert contact me instead via PM or email? Regarding the scan results, do I wait for expert advice first or to have those malicious software be quarantined and removed? Please advise what should I do now and thanks!

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.