Jump to content

[Problem with MBAM] After Reboot, the Malware isn't deleted


Recommended Posts

Hello

Fristly, I can't speak/write englisch well. So, it would be great, if someone of you can write in german. If not, please write as easy as possible ;-)

Thank you!

I've a problem with Malwarebytes' Anti-Malware. Heres the Logfile (the results are the same in quick and full scan):

Malwarebytes' Anti-Malware 1.30

Datenbank Version: 1402

Windows 6.0.6001 Service Pack 1

17.11.2008 21:45:50

mbam-log-2008-11-17 (21-45-50).txt

Scan-Methode: Quick-Scan

Durchsuchte Objekte: 48220

Laufzeit: 2 minute(s), 42 second(s)

Infizierte Speicherprozesse: 0

Infizierte Speichermodule: 0

Infizierte Registrierungsschl

Link to post
Share on other sites

  • Replies 51
  • Created
  • Last Reply

Top Posters In This Topic

Hi 1972vet

I think, If you write in englisch it will be easier for us ^^

I hope, you could understand my bad english.

Thank for your instructions, but I have a problem with these.

I started my computer into the safe mode and wanted to start runthis.bat. But my computer don't do anything or the programm didn't start.

A little blue-window appear and disappear after a few seconds. But nothing began to start.

Any idea?

Link to post
Share on other sites

Direct the application to remove what it found...that is, click the Finish button. You may be prompted to reboot so the application can finish removing the threats. When finished, let's return to the instructions regarding SDFix which may run better for you now that you've removed the worm infection:

Download SDFix and save it to your Desktop.

Double click SDFix.exe and the files will be extracted to %systemdrive%

(Drive that contains the Windows Directory, typically C:\SDFix)

Reboot the computer into Safe mode.

  • Open the extracted SDFix folder and double click RunThis.bat to start the script.
  • Type Y to begin the cleanup process.
  • Any Trojan Services and Registry Entries that it finds will be removed then you will be prompted to Reboot.
  • Press any Key and it will restart the PC.
  • When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
  • Once the desktop icons load the SDFix report will open and a copy of the report will be saved in the SDFix folder as Report.txt
    (Report.txt will also be copied automatically to your Clipboard and ready for posting back in the forum).
  • Finally paste the contents of the Report.txt back here along with a fresh HijackThis log.
Link to post
Share on other sites

Here's the log:

Malwarebytes' Anti-Malware 1.30

Datenbank Version: 1416

Windows 6.0.6001 Service Pack 1

22.11.2008 18:57:09

mbam-log-2008-11-22 (18-57-09).txt

Scan-Methode: Quick-Scan

Durchsuchte Objekte: 48579

Laufzeit: 2 minute(s), 23 second(s)

Infizierte Speicherprozesse: 0

Infizierte Speichermodule: 0

Infizierte Registrierungsschl

Link to post
Share on other sites

Please download combofix from This Webpage...and read through the instructions there for running the tool.

***Important Note***

Please read through the guidance on that web page carefully and thoroughly...and install the Recovery Console. Using this tool without the Recovery Console installed is NOT RECOMMENDED.

The Windows Recovery Console will allow you to boot into a special recovery (repair) mode that is not otherwise available. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It's a simple procedure that will only take a few moments.

Once installed, a blue screen prompt should appear that reads as follows:

The Recovery Console was successfully installed.

When you see that screen, please continue as follows:

  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Click Yes to allow ComboFix to continue scanning for malware.

When the tool is finished, it will produce a report for you.

Please post back the following on your next reply:

C:\ComboFix.txt

New HijackThis log.

Link to post
Share on other sites

  • 2 weeks later...

Due to the lack of feedback this Topic is closed to prevent others

from posting here. If you need this topic reopened, please send a

Private Message to any one of the moderating team members. Please

include a link to this thread with your request. This applies only

to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

The fixes and advice in this thread are for

this machine only. Do not apply the instructions from this thread to

your own machine. Please start a new thread describing your issue

and someone will be along to assist you.

Link to post
Share on other sites

There has been a vulnerability reported in Sun xVM VirtualBox 1.6.0 and 1.6.2. Other versions prior to 1.6.4 may also be affected.

Please uninstall Adobe Reader 8.0...it is out of date and exploited. Use your on board Secunia PSI and follow those recommendations to update the software.

Please open a blank Notepad by clicking start-->run

Then, in the run box type Notepad.exe and click "OK".

Copy the below text in Bold and paste it into the blank Notepad. Save it as CFScript.txt...Change the "Save as type" to All Files and save it to your desktop. Now drag the text document over to your Combofix.exe

Combofix will run again automatically. Please post back the new log that will be generated. Thanks!

File::

c:\windows\System32\REN7E93.tmp

c:\windows\System32\REN7E92.tmp

c:\windows\System32\REN7E81.tmp

c:\users\David\AppData\Roaming\uTorrent

c:\program files\xhdrpeaw.txt

Folder::

c:\program files\uTorrent

c:\temp\{CD2199CA-8524-4CA4-A068-16ADA3DF8F26}

c:\windows\DED53B0BB67C4244AE6AD6FD3C28D1EF.TMP

Registry::

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]

"{0F890032-928F-46E9-ABB6-17451863667A}"=-

"{6D2A5B16-93AB-45BE-8C0E-7E02D47424E2}"=-

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{88002dd7-995d-11dd-9100-001e8cc6a583}]

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a876032d-77f2-11dd-b2c7-001e8cc6a583}]

Link to post
Share on other sites

Malwarebytes' Anti-Malware 1.31

Datenbank Version: 1478

Windows 6.0.6001 Service Pack 1

09.12.2008 21:47:54

mbam-log-2008-12-09 (21-47-54).txt

Scan-Methode: Quick-Scan

Durchsuchte Objekte: 49029

Laufzeit: 2 minute(s), 28 second(s)

Infizierte Speicherprozesse: 0

Infizierte Speichermodule: 0

Infizierte Registrierungsschl

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.