Jump to content

Can't download Anti-malware


Recommended Posts

I can't get the Anti-malware to download. I follow the instructions and the setup screen appears and says "finishing installation" with the full green bar but never gets any further.

I've got the Antivirus 360 on the machine and want to try Anti-malware to get it off.

HELP!!

Steve150

Link to post
Share on other sites

Greetings steve150, please try renaming the setup file to something random like 1234.exe and see if it will install. If it does, but won't run then navigate to C:\Program Files\Malwarebytes' Anti-Malware and rename mbam.exe to something random as well, then double click it and try to run it. Do a check for updates, then do a quick scan and have it remove what it finds. After you've done this, if there are still any issues present, then please read the instructions here: http://www.malwarebytes.org/forums/index.php?showtopic=2936

and post your logs in a new topic here: http://www.malwarebytes.org/forums/index.php?showforum=7

Please be sure not to install any software or use any removal/scanning tools exept those that you are instructed to by the expert who will be assisting you as doing so can make their job much more difficult.

I hope I was helpful.

Good luck and safe surfing.

Link to post
Share on other sites

Thank you. But I could not find a way to rename the setup file. I click the Download button and go through the process, howerver there is never an opportunity to rename the setup file before download starts. The download takes about 20 minutes or so. The downloaded file does not include a setup file or the mbam.exe file. Could the Antivirus 360 be blocking the download?

Thanks in advance,

Steve

Link to post
Share on other sites

  • Staff
Thank you. But I could not find a way to rename the setup file. I click the Download button and go through the process, howerver there is never an opportunity to rename the setup file before download starts. The download takes about 20 minutes or so. The downloaded file does not include a setup file or the mbam.exe file. Could the Antivirus 360 be blocking the download?

Thanks in advance,

Steve

Hi Steve.

One the file is installed to the desktop, right-click it, select 'rename' from the menu and type in whatever name you want to call it, but be sure you have .exe at the end of it or it won't run at all.

See the screenshot for what I mean

post-1066-1229794730_thumb.jpg

post-1066-1229794730_thumb.jpg

Link to post
Share on other sites

I renamed the desktop icon including .exe however when I click on it nothing happens, except the hourglass shows up for a short while.

There are no .exe files in the Malware programs file.

It looks like it did not fully download. When it downloads, it looks like everything is ok but it does not automatically launch the application as the screen says it will.

I've got McAffe installed and running and AOLs spyware protection. Do I need to turn those off during the download of Malware?

Steve

Link to post
Share on other sites

I suggest uninstalling AOL Spyware Protection. It's not only not helping you at all, but it will get in your way when trying to clear out any infections you may have.

Are you able to run HijackThis? Try saving it on your desktop, renaming it to something random, and then launch it and have it scan and produce a log. Copy and paste that log into a reply here please.

Link to post
Share on other sites

I suggest uninstalling AOL Spyware Protection. It's not only not helping you at all, but it will get in your way when trying to clear out any infections you may have.

Are you able to run HijackThis? Try saving it on your desktop, renaming it to something random, and then launch it and have it scan and produce a log. Copy and paste that log into a reply here please.

Link to post
Share on other sites

Thanks for your patience with me.

I uninstalled the AOL spyware as you suggested.

The HijackThis log is below.

When I download the Malware I check RUN. Should I be checking Save?

Thanks.

Sorry for the long delay in responding. AV360 locked up everything and it took quite a while to get restarted.

Steve

PS I hope I'm responding correctly. I have trouble finding a button that says Send or something like that.

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 11:38:43 AM, on 12/20/2008

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16762)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe

C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe

C:\WINDOWS\eHome\ehRecvr.exe

C:\WINDOWS\eHome\ehSched.exe

C:\Program Files\McAfee\SiteAdvisor\McSACore.exe

C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe

c:\program files\common files\mcafee\mna\mcnasvc.exe

c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe

C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS

C:\WINDOWS\system32\dllhost.exe

C:\Program Files\McAfee\MPF\MPFSrv.exe

C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe

c:\PROGRA~1\mcafee.com\agent\mcagent.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\ehome\ehtray.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\Program Files\Digital Media Reader\readericon45G.exe

C:\Program Files\Common Files\AOL\1158524505\ee\AOLSoftware.exe

C:\Program Files\QuickTime\qttask.exe

C:\WINDOWS\eHome\ehmsas.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\Messenger\msmsgs.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\A360\av360.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\BigFix\bigfix.exe

C:\Program Files\Microsoft Office\Office\FINDFAST.EXE

C:\Program Files\Microsoft Office\Office\OSA.EXE

C:\Program Files\America Online 9.0\waol.exe

C:\Program Files\America Online 9.0\shellmon.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/

O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll

O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll

O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [readericon] C:\Program Files\Digital Media Reader\readericon45G.exe

O4 - HKLM\..\Run: [McafWelcome] C:\Program Files\McAfee.com\Agent\mcwelcom.exe

O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1158524505\ee\AOLSoftware.exe

O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall

O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [PCLEUSBTip] C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [prunnet] "C:\WINDOWS\system32\prunnet.exe"

O4 - HKLM\..\Run: [24c37e47] rundll32.exe "C:\WINDOWS\system32\lgmvflro.dll",b

O4 - HKCU\..\Run: [Power2GoExpress] NA

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [prunnet] "C:\WINDOWS\system32\prunnet.exe"

O4 - HKCU\..\Run: [90649310788111197325791989421849] C:\Program Files\A360\av360.exe

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\bigfix.exe

O4 - Global Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE

O4 - Global Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab

O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll

O20 - AppInit_DLLs: itjfwo.dll

O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe

O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe

O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe

O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe

O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe

O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe

O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe

O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe

O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS

--

End of file - 7435 bytes

Link to post
Share on other sites

When I download the Malware I check RUN. Should I be checking Save?

Yes, you should be clicking on the 'Save' button. We recommend saving the installer to your desktop for ease of access, since you will need to rename it to something random before you can install.

I'll go ahead and take a look at your HijackThis log. I'll reply with some instructions as soon as possible.

Link to post
Share on other sites

OK, I recommend removing the following entries. You do that by running a HijackThis scan, putting a check mark in the box next to each line that needs to be deleted, and then clicking on the 'Fix' button down below.

O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osbootO4 - HKLM\..\Run: [prunnet] "C:\WINDOWS\system32\prunnet.exe"O4 - HKLM\..\Run: [24c37e47] rundll32.exe "C:\WINDOWS\system32\lgmvflro.dll",bO4 - HKCU\..\Run: [Power2GoExpress] NA
O4 - HKCU\..\Run: [prunnet] "C:\WINDOWS\system32\prunnet.exe"O4 - HKCU\..\Run: [90649310788111197325791989421849] C:\Program Files\A360\av360.exeO4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O20 - AppInit_DLLs: itjfwo.dll

You should be able to install and run MBAM after that to check for more problems. Let me know if you have any trouble with those directions.

Link to post
Share on other sites

No luck yet. I deleted what you suggested except for 020 - AppInit_DLLs: itjfwo.dll because it did not show up on the list when I ran the HijackThis. What did show up was 020 - AppInit_DLLs: itjfwo.dll,C:\WINDOWS\SYSTEM32\kawdwn.dll

But I did not delete that since it was not exactly what you'd listed.

I tried downloading MBAM by clicking SAVE and it put the info in My Documents but did not start anything automatically, and would not do anything when I double clicked on the saved file icon.

So I tried downloading MBAM by clicking on RUN but it got stuck on the "extracting files" screen with the green bar halfway across. It's been that way for about an hour.

I apologize for the problems, I'm not the best computer jockey....

Steve

Link to post
Share on other sites

Hi guys...

Just a friendly note from me.. :)

Please acquire any survivors from the machine if possible that MBAM misses so that we won't miss them again in the future. Thanks!

Thanks. So what would be the proper forum and how do I get there. And what do you mean by acquiring survivors?

Steve

Link to post
Share on other sites

Hello again, I believe what was meant by the proper forum would be here: http://www.malwarebytes.org/forums/index.php?showforum=7 That's where users get assisted by the experts to clean their machines. Just follow the instructions here as closely as possible: http://www.malwarebytes.org/forums/index.php?showtopic=2936 If you are unable to run one or more of the scans in that topic, just skip it and move on to the next one. What Raid meant by acquiring survivors would be grabbing samples from you by the expert who will be helping you of malware that MBAM isn't detecting/removing (the stuff that requires manual removal with the expert's assistance).

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.