Jump to content

Recommended Posts

Hello,

If this is the wrong place sorry and please move, thanks.

Got a pc that was infected with "Windows 7 Recovery" fake av/system:

http://www.bleepingcomputer.com/virus-removal/remove-windows-7-recovery

Think I've removed it all now but I've got a few major problems remaining. Firstly MBAM wouldn't install, I also can't uninstall the older version that I had on my system. If I try to run the exisitng installed version I get the following error:

PROGRAM_ERROR_MISSING_FILE (2,0, mbamcore.dll)

The system cannot find the file specified.

If I try to uninstall it I get:

Internal Error: Cannot find utCompiledCode record for this version of the uninstaller.

So I downloaded and attempted to install the new mbam. Doesn't matter what I name the exe I always got the same access denied errors. I granted myself permissions to the relevant folders but it still wouldn't work..? In the end I changed the install location to the d: drive on the machine and it installed, downloaded the updates, and ran correctly. It found the following 4 items:

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 1

Folders Infected: 0

Files Infected: 3

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (PUM.Hijack.TaskManager) -> Bad: (1) Good: (0)

Folders Infected:

(No malicious items detected)

Files Infected:

c:\Users\P\AppData\Local\Temp\adobe_flash_player.exe (Trojan.Agent)

c:\Users\P\AppData\Local\Temp\ldra4c7.tmp (Trojan.Agent)

c:\Users\P\AppData\LocalLow\Sun\Java\deployment\cache\6.0\4\df6f044-61a7ab14 (Rogue.Installer.Gen)

So the problems I'm left with on this box are that the malware has done some stupid stuff with marking loads (possibly all?) of the files on the c: drive as hidden, so when I go to start, all programs for instance, nothing shows, it's blank. It's also marked a load of stuff as protected operating system files, which I had to set to show so I could then see the start menu folder (amongst any others that were previously marked as protected) in the users profile folder. All programs I've checked seem to be ok apart from MBAM so I guess it specifically targeted that in regards to getting it not to run properly. Lot's of things I'm browsing to with explorer are just coming up blank, well not so much anymore since I've chosen to view protected files. Basically I need to reset (if possible) the hidden, or not hidden, or protected, attributes of all files on the system, then I think I will be back to normal. Oh and it also blocked access to a few folders so I think I need to do the same thing with permissions. Could anyone advise on this?

I have it on a few other boxes too but I can just reimgae them without too much bother but this particular box I cannot reimage!

Thanks.

Link to post
Share on other sites

Greetings :)

We don't work on malware removal or recovery from infection related issues in this part of the forums.

Please read and follow the directions here, skipping any steps you are unable to complete. Then create a NEW topic here.

One of the expert helpers there will give you one on one assistance when one becomes available.

Please note that it may take 48 hours or more for you to receive a response in the malware removal forum, as it is often busy at times. Please do not reply to your own post asking for help unless its been more than 48 hours since you originally posted, as this can make it appear as though you are being helped and take longer for you to get help.

If you are unable to do all or any of the steps in the link to the directions above, just post your problem into the forum I gave you a link to anyway and someone will be able to assist you.

If you prefer to be assisted via email you may contact support@malwarebytes.org and one of our support staff members will assist you directly.

If you are a reseller, affiliate, technician, corporate, business, educational, government or non-profit customer then please contact corporate-support@malwarebytes.org and include full contact details along with your Reference # when you do to ensure that you receive prompt assistance.

Thank you :)

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.