Jump to content

Malwarebytes Not Scanning


Recommended Posts

I've followed all the instructions I could on this page : "http://forums.malwarebytes.org//index.php?showtopic=9573" and the steps that I couldn't follow are actually running Malwarebytes, when I try to do a scan it automatically closes and won't let me restart the program, giving me the message "Windows cannot access the specified device, path, or file. You may not have the appropriate permissions to access the item." And so I went ahead and moved on to the next step on that website, and it let me open DeFogger and DDS, but it won't let me run GMER Rootkit Scanner. So here are the log files from my DDS.

Please help, I really don't want to reformat my computer today :P

DDS.txt

Attach.txt

Link to post
Share on other sites

Hello unrena and welcome to Malwarebytes! :welcome:

I am D-FRED-BROWN and I will be helping you. :)

Please print or save this topic: it will make it easier for you to follow the instructions and complete all of the necessary steps.

***Note: In order for ComboFix to run properly AVG must be uninstalled. Please go here and follow the instructions to uninstall AVG.

AVG needs to remain uninstalled until I tell you its safest to reinstall it.

-------------

I see you have Daemon Tools installed. This program can and will interfere with some of the fixes I ask you to peform. DeFogger will temporarily disable these emulation drivers.

Please download DeFogger to your Desktop.

Double click DeFogger to run the tool.

  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger will now ask to reboot the machine - click OK

IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_disable which will appear on your Desktop.
Do not re-enable these drivers until otherwise instructed.
-------------
Please download maxhandle.exe by noahdfear to your desktop
  • Double click and run the application
  • An active internet connection is required so that maxhandle.exe may download a tool from SysInternals (every time it is run).
  • Log is saved to c:\maxhandle.txt
  • If Max++ is not found Nothing found! is echoed to the screen - no log is produced.

Please post the results for my review

-------------

XP

You must first verify that you can logon to the Windows Recovery Console.

To do so, you must have the Recovery Console installed or use the Windows XP installation cd.

How to install and use the Windows XP Recovery Console

Now, go back to Normal Mode.

Next, please download maxlook, saving the file to your desktop.

Double click maxlook.exe to run it. Note - you must run it only once!

As instructed when the tool runs, restart the computer and logon to the Recovery Console.

Execute the following bolded command at the x:\windows> prompt <--- the red x represents your operating system drive letter, usually C

batch look.bat

lookXP.gif

You will see 1 file copied many times then return to the x:\windows> prompt.

Type Exit to restart your computer then logon in normal mode.

Please run maxlook.exe again now. Note - you must run it only once!

It will produce looklog.txt on the desktop and open it.

Please post the results here.

-------------

Please download to your Desktop:

  • TDSSKiller.zip from here and extract it (right click on it => "Extract here").

>>> TDSSKiller: Double-click on TDSSKiller.exe to run the application.

  • Click on the Start Scan button and wait for the scan and disinfection process to be over.
  • If an infected file is detected, the default action will be Cure, click on Continue tdsskiller2.png
  • If a suspicious file is detected, the default action will be Skip, click on Continue tdsskiller3.png
  • If you are asked to reboot the computer to complete the process, click on the Reboot Now button. A report will be automatically saved at the root of the System drive ((usually C:\) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt" (for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt). Please copy and paste the contents of that file here.
  • If no reboot is required, click on Report. A log file will appear. Please copy and paste the contents of that file in your next reply.

In your next reply, please include the following (you may need to use two posts to get it all in):

  • TDSSKiller_log.txt
how the PC is running now?
-------------
Please download ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix
***IMPORTANT: save ComboFix to your Desktop***
* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
Please go here to see a list of programs that should be disabled.
**Note: Do not mouseclick ComboFix's window while it's running. That may cause it to stall**
Please include the C:\ComboFix.txt in your next reply for further review.
Also, please let me know if any problems still remain.
-------------
In your next reply, please include:
  • Maxhandle log (if one is created)
  • Maxlook looklog.txt
  • TDSSKiller log
  • C:\ComboFix.txt

How is your computer running now?

Link to post
Share on other sites

Couldn't get Maxlook because I'm using Vista and couldn't install the XP Recovery Console, it told me there were compatibility issues, and MaxHandle didn't create a log as it didn't find anything. But it would seem that ComboFix worked as Malwarebytes is running again. But now I have the issue of not having administrator privs as it won't let me delete some programs. I'm sure that I just have to delete a hidden account or something but I'm not sure how to do this. Any clues?

ComboFix.txt

TDSSKiller.2.5.9.0_10.07.2011_18.23.37_log.txt

Link to post
Share on other sites

Couldn't get Maxlook because I'm using Vista and couldn't install the XP Recovery Console,

My mistake. Please try it this way ;)

Make sure you run Maxlook.exe in Normal Mode before you go into the Recovery Environment ;)

VISTA

First, you must verify that you can access the Vista Recovery Environment.

To do so, restart your computer and begin tapping the F8 key to enable the Advanced Start menu.

If the option 'Repair your computer' is available, select it.

If not available, you will need to insert your Vista installation dvd and restart, then press any key when prompted to boot from the cd.

At the Install Windows screen, select Repair your computer. (image below)

3.gif

Next, please download maxlook, saving the file to your desktop.

Double click maxlook.exe to run it. Note - you must run it only once!

As instructed when the tool runs, restart the computer and logon to the Recovery Environment.

Once you get to the System Recovery Options screen, first take note of the drive letter assigned to the operating system, then select Command Prompt.

5.gif

Type the following bolded command at the x:\sources> prompt (or x:\windows\system32>) then hit Enter.

cd /d x:\windows <--- the red x represents your operating system drive letter, as shown in the image below

lookvis.gif

At the C:\Windows> prompt type the following command then hit Enter

look.bat

You will see many files copied then return to the x:\windows> prompt.

Type Exit then restart your computer and logon in normal mode.

Please run maxlook.exe again now. Note - you must run it only once!

It will produce looklog.txt on the desktop and open it.

Please post the results here.

Link to post
Share on other sites

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.