Jump to content

Antivirus Pro 2009 Removal / Malwarebytes Install Help


Martin

Recommended Posts

My father has the red "X" Antivirus Pro 2009 window popping up and telling him his PC is infected and he needs to buy and install this extortionware. I tried walking him through installing Malwarebytes and he cannot. He cannot use IE because AVP2009 has it hijacked. I sent him the mbam-setup.exe file and when he tries to run it he sees the little hourgless for a second, then nothing. I had him boot into safe mode and try and the same thing happened.

What can we do to get the Malwarebytes installer to run?

Any advice would be helpful.

I am a computer person (BS in CS&E from UCLA and employed in the computer idustry) but he is a novice and is 800 miles away.

Thanks,

Martin

Link to post
Share on other sites

That got us past that hurdle but the installer stalled at "Finishing." I had him reboot the computer and try starting Malwarebytes' Anti-malware from the start menu but he got the little hourglass for a second and nothing. I had him rename mbam.exe to see if that would do the trick but it didn't. Any other ideas?

Martin

Link to post
Share on other sites

  • Root Admin

Hi Martin,

Can he get online with the computer still? If so please have him follow the directions here as best he can and we'll try to get him cleaned up.

Please read and follow the instructions provided here: Pre- HJT Post Instructions

When ready please post your logs here: Malware Removal - HijackThis Logs

Someone will be happy to assist you further with cleaning your system.

During this scan and cleanup process you should not install any other software unless requested to do so.

Link to post
Share on other sites

Unfortunately he is not able to get online. Antivirus Pro 2009 has hijacked IE and will not connect with many web sites. Interestingly he has no problem accessing banking sites - I have instructed him not to enter any personal information until his system is clean. He is also unable to complete the Malwarebytes' Anti-malware install. As stated the install hangs at "Finishing." It looks to be installed but does not run.

I am afraid he may need to format his hard drive and install from the OS up. He is contacting Dell to get their opinion on whether the partition holding the Windows XP installer is hosed.

I'm just looking for a more attractive alternative.

Martin

Link to post
Share on other sites

Hi Martin.

I have been analyzing a particular variant of antispywarepro2009, and I don't see some of the issues your reporting it causes. I suspect you might have more than just that infection present. If you could follow AdvancedSetup's instructions, We may be able to get the machine cleaned up without having to reformat it. However, it is your call. If you wish to proceed with a reformat, please let us know so that we may close this thread.

Thanks!

Link to post
Share on other sites

Hello, I'm a newbie here and I've been attacked by Antivirus pro 2009. I've got the same problem Martin's Uncle has. The situation went from bad to worse in a matter of hours - First my system restarted without request, and then I had the red icon in my system tray that informed me I needed this particular software, Antivirus Pro 2009. I haven't purchased it or followed any link, but its blocking my access to this and most webpages on both firefox and IE, (I'm using another system right now) in both normal startup and safe mode with networking. The malwarebytes installer on my system experiences the same problems Martin describes - even when I re-name the file.

Help?

Link to post
Share on other sites

Hello, I'm a newbie here and I've been attacked by Antivirus pro 2009. I've got the same problem Martin's Uncle has. The situation went from bad to worse in a matter of hours - First my system restarted without request, and then I had the red icon in my system tray that informed me I needed this particular software, Antivirus Pro 2009. I haven't purchased it or followed any link, but its blocking my access to this and most webpages on both firefox and IE, (I'm using another system right now) in both normal startup and safe mode with networking. The malwarebytes installer on my system experiences the same problems Martin describes - even when I re-name the file.

Help?

Hi There. Please start your own topic and follow these instructions:

Important!

All of the following instructions must be run on the affected computer. Logs from a different computer will not help me help you. So, if you need to download all of this and then copy it to CD or memory stick and take it to the other computer, please do so. Either way, it's important. The logs have to be made by the computer with the problem.
I need you to follow the instructions provided here
first.
I also need for you to download this program
http://oldtimer.geekstogo.com/OTListIt.exe' rel="external nofollow">
to your desktop.
  • Close all applications and windows so that you have nothing open and are at your Desktop

  • Double-click on the OTListIt.exe file to start OTListIt. OK any warning about running OTListIt.

  • Place a checkmark in the
    "Scan All Users"
    checkbox (Leave the 'Use Whitelist' checked' and the 'File Age:' at 30 days)

  • Click the Run Scan button

  • NOTE:
    Please be patient and let the scan run without using the computer

  • When the scan is complete, a text file (
    OTListIt.Txt
    ) will open in Notepad (if not, it can be found on your Desktop)

  • In Notepad, click
    Edit
    ,
    Select all
    then
    Edit
    ,
    Copy

  • Reply to this topic, click in the topic reply window, and press Ctrl+V to paste the log or Righ click paste.

  • Submit your reply and close the Notepad window with
    OTList.txt

  • Also OTListIt's
    Extras.txt
    log file will be minimized in the Taskbar (and located on your Desktop) - click on this and maximize the window

  • In Notepad, click
    Edit
    ,
    Select all
    then
    Edit
    ,
    Copy

  • Reply to this topic again, click in the topic reply window, and press Ctrl+V to paste the extras log or Right click paste.

  • NOTE:
    If the files (
    OTListIt.txt, Extras.txt
    ) do not appear in your taskbar, just open the files in notepad from your desktop.

Please allow me time to analyze your post. If you don't see a reply from me after 24 hours, feel free to PM me.
Link to post
Share on other sites

Guys,

I also have the exact same issue as Martin and Jeremy. Looks like a new variant? Anything we can do to get malwarebytes to run?

thanks

Steve

Hi There. Please start your own topic and follow these instructions:

Important!

All of the following instructions must be run on the affected computer. Logs from a different computer will not help me help you. So, if you need to download all of this and then copy it to CD or memory stick and take it to the other computer, please do so. Either way, it's important. The logs have to be made by the computer with the problem.
I need you to follow the instructions provided here
first.
I also need for you to download this program
http://oldtimer.geekstogo.com/OTListIt.exe' rel="external nofollow">
to your desktop.
  • Close all applications and windows so that you have nothing open and are at your Desktop

  • Double-click on the OTListIt.exe file to start OTListIt. OK any warning about running OTListIt.

  • Place a checkmark in the
    "Scan All Users"
    checkbox (Leave the 'Use Whitelist' checked' and the 'File Age:' at 30 days)

  • Click the Run Scan button

  • NOTE:
    Please be patient and let the scan run without using the computer

  • When the scan is complete, a text file (
    OTListIt.Txt
    ) will open in Notepad (if not, it can be found on your Desktop)

  • In Notepad, click
    Edit
    ,
    Select all
    then
    Edit
    ,
    Copy

  • Reply to this topic, click in the topic reply window, and press Ctrl+V to paste the log or Righ click paste.

  • Submit your reply and close the Notepad window with
    OTList.txt

  • Also OTListIt's
    Extras.txt
    log file will be minimized in the Taskbar (and located on your Desktop) - click on this and maximize the window

  • In Notepad, click
    Edit
    ,
    Select all
    then
    Edit
    ,
    Copy

  • Reply to this topic again, click in the topic reply window, and press Ctrl+V to paste the extras log or Right click paste.

  • NOTE:
    If the files (
    OTListIt.txt, Extras.txt
    ) do not appear in your taskbar, just open the files in notepad from your desktop.

Please allow me time to analyze your post. If you don't see a reply from me after 24 hours, feel free to PM me.
Link to post
Share on other sites

I had the same issues as you guys but i renamed the "mbam.exe" to "mb.exe" and it just work fine now, it seems the malware use files name to block application from starting, hope it help.

Probably work on the mbam setup.exe too

Hi There. Please start your own topic and follow these instructions:

Important!

All of the following instructions must be run on the affected computer. Logs from a different computer will not help me help you. So, if you need to download all of this and then copy it to CD or memory stick and take it to the other computer, please do so. Either way, it's important. The logs have to be made by the computer with the problem.
I need you to follow the instructions provided here
first.
I also need for you to download this program
http://oldtimer.geekstogo.com/OTListIt.exe' rel="external nofollow">
to your desktop.
  • Close all applications and windows so that you have nothing open and are at your Desktop

  • Double-click on the OTListIt.exe file to start OTListIt. OK any warning about running OTListIt.

  • Place a checkmark in the
    "Scan All Users"
    checkbox (Leave the 'Use Whitelist' checked' and the 'File Age:' at 30 days)

  • Click the Run Scan button

  • NOTE:
    Please be patient and let the scan run without using the computer

  • When the scan is complete, a text file (
    OTListIt.Txt
    ) will open in Notepad (if not, it can be found on your Desktop)

  • In Notepad, click
    Edit
    ,
    Select all
    then
    Edit
    ,
    Copy

  • Reply to this topic, click in the topic reply window, and press Ctrl+V to paste the log or Righ click paste.

  • Submit your reply and close the Notepad window with
    OTList.txt

  • Also OTListIt's
    Extras.txt
    log file will be minimized in the Taskbar (and located on your Desktop) - click on this and maximize the window

  • In Notepad, click
    Edit
    ,
    Select all
    then
    Edit
    ,
    Copy

  • Reply to this topic again, click in the topic reply window, and press Ctrl+V to paste the extras log or Right click paste.

  • NOTE:
    If the files (
    OTListIt.txt, Extras.txt
    ) do not appear in your taskbar, just open the files in notepad from your desktop.

Please allow me time to analyze your post. If you don't see a reply from me after 24 hours, feel free to PM me.
Link to post
Share on other sites

This certainly does look like a sneakier varient, I found renaming the installation file and the executable files to anything other than malwarebytes sorted the job out. MB then plodding of doing its thang and removed two infections after resart. The same principle worked with spybot search and destroy ie changin spybotSD.exe to waynekicksvirusarse.exe worked a treat.

Hope this helps, by the way am I breaking any laws by changing malwarebytes exe file name for the better good.

Wayne

Edited by AdvancedSetup
Removed quoting
Link to post
Share on other sites

  • Root Admin
by the way am I breaking any laws by changing malwarebytes exe file name for the better good

No, not in this case. Unfortunately in some cases it needs to be done to bypass Malware that is watching and preventing installation or running.

Once the system is clean though I would recommend changing it back to the real name.

This has already beens suggested though and it does not always help to allow it to be installed bu thank you for your input.

Link to post
Share on other sites

No, not in this case. Unfortunately in some cases it needs to be done to bypass Malware that is watching and preventing installation or running.

Once the system is clean though I would recommend changing it back to the real name.

This has already beens suggested though and it does not always help to allow it to be installed bu thank you for your input.

I saw it had been suggested but it was reported that it was stalling at the final stages of setup, I believe this is because the software is looking for a program name that is 'banned' by antivirus2009 and therefore changing the exe name can fix this.

All exe file have been renamed now the system is clean although i did like having my own program (waynekicksvirusarse.exe) for about 30 mins. lol

Link to post
Share on other sites

This is more of an FYI post and what I found about the renaming of the exe.

Windows XP Pro sp3 Computer got infected with Antivirus pro 2009.

Computer symtoms are as follows:

1. Can not install any .msi files. message: (The system administrator has set policies to prevent this installation.)

2. Systems boot normal but most normal services will not start and give (Error 1084: This service cannot be started in Safe Mode)

3. Could not install Malwarebytes (No response when tring to install - renamed file and it installed but hung right at the end)

4. Could not run the installed version (Would show up in the task manager but no windows would open)

After reading this post I copied a working version from another machine and tried renaming.

What I found is that renaming the file to

mbam-123.exe did not work

xyz.exe did not work

atico.exe did work :blink:

Scan found 11 items!

Link to post
Share on other sites

  • 2 weeks later...
This is more of an FYI post and what I found about the renaming of the exe.

Windows XP Pro sp3 Computer got infected with Antivirus pro 2009.

Computer symtoms are as follows:

1. Can not install any .msi files. message: (The system administrator has set policies to prevent this installation.)

2. Systems boot normal but most normal services will not start and give (Error 1084: This service cannot be started in Safe Mode)

3. Could not install Malwarebytes (No response when tring to install - renamed file and it installed but hung right at the end)

4. Could not run the installed version (Would show up in the task manager but no windows would open)

After reading this post I copied a working version from another machine and tried renaming.

What I found is that renaming the file to

mbam-123.exe did not work

xyz.exe did not work

atico.exe did work :huh:

Scan found 11 items!

Topic closed due to lack of response.

I will close the thread to prevent others from posting into it. If you need assistance please start your own topic and someone will be happy to assist you.

The fixes and advice in this thread are for this machine only. Do not apply to your machine unless you
Fully Understand
how these programs work and what you're doing. Please start a thread of your own and someone will be happy to help you, just follow the Pre-Hijackthis instructions found here before posting
http://www.malwarebytes.org/forums/index.php?showtopic=2936' rel="external nofollow">
Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.