Jump to content

MBAM error updating


Recommended Posts

I got a virus that won't let me click on links in search engines (I get sent to sales sites), I can browse the Internet but all programs can't access the Internet, and I now get a "spooled subsystem app" failure warning, which I think means the virus messed with my registry. I have Ad-Aware which seems to find some new Trojan to remove every day, but I still have the same problems.

I downloaded Malwarebytes, and at first couldn't open it, so I changed mbam.exe to xxxx.exe and now it opens. When I try to updat it though, I get this error message: MBAM_ERROR_UPDATING (12007, 0, WinHttpSendRequest)

your thoughts?

Thanks!

Link to post
Share on other sites

  • Staff

Hi and welcome to Malwarebytes.

First, download DDS by sUBs and save it to your Desktop.

Double-click on the DDS icon and let the scan run. When it has run two logs will be produced, please post the one that is not minimized.

  • Download the file TDSSKiller.zip and extract it into a folder on the infected PC.
  • Execute the file TDSSKiller.exe by double-clicking on it.
  • Wait for the scan and disinfection process to be over.
  • When its work is over, the utility prompts for a reboot to complete the disinfection.

By default, the utility outputs runtime log into the system disk root directory (the disk where the operating system is installed, C:\ as a rule).

The log is like UtilityName.Version_Date_Time_log.txt.

for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt.

Please post that log here.

Link to post
Share on other sites

So, I can use search engines now, and my programs can access the internet, but I think I have registry problems now. I can't print anything, let along add a printer for that matter. My print spooler won't start, and I was getting an error about "printer subspooler app error." Also, something very weird, my computer will only start in Safe Mode, although it doesn't say "Safe Mode" on the 4 corners of the screen, but it's still in Safe Mode. Even if I press F8 on start up and choose "start windows normally," it's in safe mode.

Any thoughts?

Thanks!

Link to post
Share on other sites

  • Staff

Hi,

Let's make sure all of the infections are gone before dealing with residual issues.

Please visit this webpage for instructions for running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

  • When the tool is finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt along with a new DDS log so we may continue cleaning the system.

-screen317

Link to post
Share on other sites

  • Staff

Hi,

Glad to hear things are better. Let's check for any leftover malware before I send you on your way.

Next, please run a free online scan with the ESET Online Scanner

Note: You will need to use Internet Explorer for this scan.

  1. Tick the box next to YES, I accept the Terms of Use.
  2. Click Start
  3. When asked, allow the ActiveX control to install
  4. Click Start
  5. Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  6. Click Scan
    Wait for the scan to finish
  7. Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  8. Copy and paste that log as a reply to this topic

Next, download my Security Check from here or here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Let me know how things are running now and what issues remain.

-screen317

Link to post
Share on other sites

  • Staff

Hi,

Run this scanner instead:

Next, please use the Internet Explorer browser, and do an online scan with Kaspersky Online Scanner

Note: If you have used this particular scanner before, you MAY HAVE TO UNINSTALL the program through Add/Remove Programs before downloading the new ActiveX component

Click Accept, when prompted to download and install the program files and database of malware definitions.

  • Click Run at the Security prompt.
  • The program will then begin downloading and installing and will also update the database.
  • Please be patient as this can take several minutes.
  • Once the update is complete, click on My Computer under the green Scan bar to the left to start the scan.
  • Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
  • Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
  • Click View scan report at the bottom.
  • Click the Save Report As... button.
  • Click the Save as Text button to save the file to your desktop so that you may post it in your next reply.

**Note**

To optimize scanning time and produce a more sensible report for review:

  • Close any open programs.
  • Turn off the real-time scanner of all antivirus or antispyware programs while performing the online scan.

Note for Internet Explorer 7 users: If at any time you have trouble viewing the accept button of the license, click on the Zoom tool located at the bottom right of the IE window and set the zoom to 75%. Once the license is accepted, reset to 100%.

Link to post
Share on other sites

That scanner was offline for updating or something, so I tried the ESET again and it worked. Here are the results from ESET and your security check:

ESETSmartInstaller@High as CAB hook log:

OnlineScanner.ocx - registred OK

# version=7

# iexplore.exe=7.00.6000.17091 (vista_gdr.100824-1500)

# OnlineScanner.ocx=1.0.0.6211

# api_version=3.0.2

# EOSSerial=c7cfa73b5d0c144b9c1b55156ed0990c

# end=finished

# remove_checked=true

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=true

# antistealth_checked=true

# utc_time=2010-11-10 03:39:24

# local_time=2010-11-10 09:39:24 (-0600, Central Standard Time)

# country="United States"

# lang=9

# osver=5.1.2600 NT Service Pack 3

# compatibility_mode=8192 67108863 100 0 0 0 0 0

# scanned=63951

# found=2

# cleaned=2

# scan_time=5628

C:\Documents and Settings\Lou Reed\Application Data\Sun\Java\Deployment\cache\6.0\2\31223142-40c1e6ef a variant of Java/TrojanDownloader.OpenStream.NAU trojan (deleted - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{74B03159-57AE-4F3D-A4EF-DC063EB0C797}\RP193\A0032183.sys Win32/Olmarik.AGD trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

Results of screen317's Security Check version 0.99.6

Windows XP Service Pack 3

Internet Explorer 7 Out of date!

``````````````````````````````

Antivirus/Firewall Check:

Windows Firewall Enabled!

ESET Online Scanner v3

```````````````````````````````

Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware

Java 6 Update 18

Out of date Java installed!

Adobe Flash Player 10.1.53.64

Adobe Reader 8.2.2

Out of date Adobe Reader installed!

````````````````````````````````

Process Check:

objlist.exe by Laurent

ESET ESET Online Scanner OnlineCmdLineScanner.exe

````````````````````````````````

DNS Vulnerability Check:

GREAT! (Not vulnerable to DNS cache poisoning)

``````````End of Log````````````

Link to post
Share on other sites

  • Staff

Hi,

Navigate to Start --> Run, and type Combofix /uninstall in the box that appears. Click OK afterward. Notice the space between the X and the /uninstall

This uninstalls all of ComboFix's components.

Delete SecurityCheck.

After that, navigate to Start --> Control Panel --> Add or Remove Programs, and uninstall the following programs (if present):

Java

Link to post
Share on other sites

  • 4 weeks later...
  • Staff

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.