Jump to content

MBAM cannot remove


Recommended Posts

  • Root Admin

There is no attachment that I see. Please post the log and run this scanner as well and post back it's logs as well.

Download
DDS
and save it to your desktop

Disable any script blocker if your Anti-Virus/Anti-Malware has it.

Once downloaded you can disconnect from the Internet and disable your Ant-Virus temporarily if needed.

Then double click
dds.scr
to run the tool.

When done, the
DDS.txt
will open.

Click Yes at the next prompt for Optional Scan.


    When done, DDS will open two (2) logs:

  1. DDS.txt

  2. Attach.txt

  • Save both reports to your desktop
  • Please include the following logs in your next reply:
    DDS.txt
    and
    Attach.txt

Link to post
Share on other sites

  • Root Admin

Well according to the log you attached you told it not to fix it.

Please run MBAM again and check for updates. Then run the scan again and this time make sure you choose to remove/fix it.

HKEY_CLASSES_ROOT\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\shell\OpenHomePage\Command\(default) (Hijack.HomePage) -> Bad: (http://securityresponse.symantec.com/avcenter/fix_homepage/) Good: (iexplore.exe) -> No action taken.

However I also see that you have a full Comodo suite there which as I recall does have Registry monitoring as well so if you have run MBAM and told it to remove/fix it then it's possible that Comodo blocked that.

Though it certainly does not look like anything should be there preventing you from manually changing the home page

http://us.norton.com/security_response/fixhomepage.jsp

You also have an old entry for what would appear to possibly be either an old AVG product or a bogus one. It's not being used but still has an entry.

You should be able to run the following command from an elevated admin command prompt to remove it.

SC DELETE DDVAVG

I also see that you have PuranDefrag installed but 3rd party defrag software really shouldn't be needed on Windows 7 as it has fully automated defrag right out of the box when Windows 7 is installed, but up to you.

While looking at the logs it would also appear that you "might" have some type of root kit on this system.

viycnb68;Vba32 Armour Driver;c:\windows\system32\drivers\viycnb68.sys [2011-1-9 35904]

My recommendation is to go to the HJT forum and start a new topic and post NEW updated MBAM and DDS logs and have someone assist you with looking at your system.

Thanks

Link to post
Share on other sites

Lets see, I told it to fix it but it does not. Comodo does not block Mbam from doing anything, it had total free reign on the system.

I did have an old version of AVG installed so I will fix it, thanks.

The reason I run puran defrag is becasue it has a true booting defrag, it will defrag before windows starts so it can move flies windows normally locks.

On the VBA32 driver, it is a Virus BlokAda Antirootkit driver. http://www.virustotal.com/file-scan/report.html?id=4f064574c61d3d6f6d2d41c0b6dedf978891b23c1ce2ecc892ecd9309118c771-1309315216

Link to post
Share on other sites

  • Root Admin

Great thanks for the updated information. Wasn't sure on the VBA32 driver as it has plenty of hits as malware.

Open the Registry then and browse to that key and change it. If it errors or won't give access then take OWNERSHIP of the parent key on down and then change it.

Nothing wrong with running any tool you want such as Puran - just wanted you to be aware is all.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.