Jump to content

new antivirusXP 09 wont let me install MWB, wont run, hijacks searches


Recommended Posts


Lately i have been seeing a new type of the DNS changing rootkit/ AV XP 09 (usually the one with brastk.exe). They seem to come together and do the standard AVXP09 popup plus block known antimalware sites and redirect searches.

The real issue though is that they seem to block MWB and superantispyware from installing and running in both regular and safe modes.

When MWB is installed, it will hang at the 100% complete (right at the end before it would switch to the option to update and immediately run MWB).

You then have to kill the installer.tmp, the installer.exe and a mwb.exe.

Once doing this, if you go to manually run MWB nothing happens, along with if you change the name (i change it to yoyo.exe or hi.exe or whatever), no thing happens.

This same behavior is displayed with the use of superantspyware.

Any assistance in getting MWB running with this infection would be greatly appreciated

Link to post
Share on other sites

Yes.. Sorry, this particular rootkit variant can be a pain.

Try to create the cd from a working computer if for some reason it will not properly work on the infected one.

Requires access to a working computer with a CD/DVD burner to create a bootable CD.

http://www.free-av.com/en/tools/12/avira_antivir_rescue_system.html' rel="external nofollow">
  • Avira AntiVir Rescue System
    Avira AntiVir Rescue System is a Linux-based application that allows accessing computers that cannot be booted anymore. Thus it is possible to:

repair a damaged system,

rescue data,

scan the system for virus infections.

Just double-click on the rescue system package to burn it to a CD/DVD. You can then use this CD/DVD to boot your computer.
The Avira AntiVir Rescue System is updated several times a day so that the most recent security updates are always available.

Once you have done this with Avira, Malwarebytes should install and run. Make sure you update it right away and select Scan.

Link to post
Share on other sites

Have you tried to make the cd from another computer? If you still cannot do so, we do have the 2nd option below.

Please download and run the Trend Micro Sysclean Package on your computer.

NOTE! This scan will probably take a long time to run on your computer so be patient and don't use it while it's scanning.

  • Trend Micro Damage Cleanup Engine

Make sure you read this document to understand how to use the program.

Basically there are 3 parts that need to be downloaded from these links:

  • As an example on 2008-10-17 the files to download are:
  • NOTE!
    These file names are examples and you must visit Trend Micro for the very latest files which may have different names.

  • Create a brand new folder to copy these files to.

  • As an example:

  • Then open each of the zipped archive files and copy their contents to

  • Copy the file
    to the new folder
    as well.

  • Double-click on the file
    that is in the
    folder and follow the on-screen instructions.

    After doing all of this, please post back your results, including the log file
    that will be left behind by sysclean.

  • This self-extracting archive is a stand-alone fix package that incorporates the Trend Micro VSAPI Malware and Spyware scanning engines as well as the Trend Micro Damage Cleanup Engine and Template.

    This tool supports the following features:

    o Terminate all detected malware/spyware instances in memory

    o Remove malware/spyware registry entries

    o Remove malware/spyware entries from system files

    o Scan for and delete all detected malware/spyware copies in all local drives

http://windowshelp.microsoft.com/windows/en-us/help/7050d809-c761-43d4-aae7-587550cd341a1033.mspx' rel="external nofollow">
Link to post
Share on other sites

This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.