Jump to content

Malwarebytes scanning issue?


Recommended Posts

So I am infected with rootkit.win32.delf.af so as I was following directions that led me to you guys, I DL'd Malwarebytes and followed instructions on how to install. I was told to select "quick scan" but after 2 (!!) hours, its just still saying "Enumerating registry objects prior to scan" and under Currently Scanning, it is still saying "preparing for the scan".

Is this normal? AHHHH!!!! Thanks in advance!

Link to post
Share on other sites

  • Root Admin

Hello and Welcome to Malwarebytes.org

Please read and follow the instructions provided here as best you can: Pre- HJT Post Instructions

When ready please post your logs here: Malware Removal - HijackThis Logs

Someone will be happy to assist you further with cleaning your system.

During this scan and cleanup process you should not install any other software unless requested to do so.

Link to post
Share on other sites

I finally got it to work and THANK YOU!!!

I thought I would post this in case you find it helpful for someone else.

I was infected in apptdata\Google with a rootkit.win32.delf.al file. I was also getting that stupid pop up box trying to get me to download that defender program. NOTHING was picking that up.

I ran:

Spyware doctor

Threatfire

spybot

my virus scan which is F-secure (whatever that means).

My virus scan was telling me I had that rootkit virus but would not let me delete it, it was saying I didnt have permission!

I installed Malwarebytes and ran the scan. It picked up the rootkit virus (trojan?) and also the defender pop up box file. It let me delete everything but the rootkit, so I rebooted it and it was still there.

I ran my virus scan and this time it let my virus scan delete it.

I dont know what Malwarebytes did but THANK YOU!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! That was a horrible drama that I spent 5 days on!!!!

I'm wondering though how come it took me running malwarebytes before my virus scan could delete it? Also what does that virus/trojan do (had I not been able to delete it)?

Link to post
Share on other sites

Most likely Malwarebytes removed a file or files and/or registry keys that had the file locked so that your antivirus could not remove it, but once they were gone, the rootkit lost a layer of its protection. Malwarebytes uses special drivers and techniques itself to remove nasty files like that which is why it was able to get at it when your antivirus couldn't.

To answer your second question, the trojan/rootkit was most likely there to try to trick you into buying that fake anti-whatever software and to steal personal information and passwords, so if you've visited any email/banking sites or used your credit card online since you got the infection then you should change your passwords and call your credit card company and let them know what happened so you can decide whether to cancel and replace your cards or just to watch what charges pop up.

PS: If you haven't done so already (wasn't sure by your post), you should definetely post in the Malwarebytes HijackThis forum so one of the experts can make sure you are completely clean. Good luck and safe surfing.

Link to post
Share on other sites

I finally got it to work and THANK YOU!!!

I dont know what Malwarebytes did but THANK YOU!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! That was a horrible drama that I spent 5 days on!!!!

If we cannot delete the rogue file, We intentionally "break" it's executable header. When you reboot, it doesn't load. Once the header itself is broken, the file for all intents and purposes is rendered harmless.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.