MBAM hangs quickly on scanning

[Bill of PA]

I said I've been busy looking into 'stuff', more today too. Looking into areas that may be mis-setup. I did more comparing to other 2000 systems I have. Noticed some things. BUT -- in checking the HIDDEN and xxxxxx, I noticed several (6 different) 'odd' entries @SHELL32.DLL,-30501 etc). These are supposed to be specific text words.

These seem to be the 'missing' text from the Folders Options | View settings. For example, where 30501 is, should be 'Do not show hidden files and folders' (one of the items that don't display on my wayward IBM laptop).

Google search using 30501 with @SHELL32, seems these could (probably are) result of WORM_RASTY.A malware. Etc, etc.

'Maybe' these text changes were 'left over' (after the infection is detected and fixed), but maybe not. They say anyway. I would hope, think that all the various 'cleaners/etc' we used would catch it ---- but, but ....again.

There are many possible solutions to correct these, 'they' say, but I wanted to run this by you before I did anything rash. Of course, there are all kinds of 'free' scans, with $ to fix after (there are so many, unknown too... etc). I don't mind spending money, if it is really necessary. But.....

I do have ERUNT now, so any changes are restorable - I hope anyway.

I would surely appreciate your comments about this, even if it is dire. I know we have come a long way already. I sure have learned a lot in the process at least.

Thanks again.

Bill

[Bill of PA]

[i MESSED up, in a hurry, & don't know to edit --added this after the first post -- this was supposed to be in FRONT of the info in my last post. Sorry.]

Well, here is an up to date 'report', as well as I can determine anyway.

In a nutshell, everything 'seems' OK -- *Except* the three malware/virus related programs that can't run 'properly'. Uninstalled MBAM and SuperAntiSpyware. Re-installed MBAM, it updated OK and ran -- again for about 7 seven second and hung (with settings set to all four areas) resting on a file.

ReInstalled SAS, or seemed to (including getting updates), but starting it just sat there 'initialling' --y and hung. Couldn't close it (said it was being 'debugged'). Only way out, Restart.

As I said yesterday, Avira installed OK (tho had to do it in Safe Mode), updated -- but can't run the scan (tries, but just sits there - not running at all.

///// Now, continue at my first post of today. Gheeeshh

[AdvancedSetup]

Well at this point you seem to either have a really messed up system or some as yet undetected Malware/Virus on the system.

Do you have the original Windows 2000 CD or can you get a hold of one?

I think we need to do a repair re-install of Windows to try and fix this. You could also try re-apply Service Pack 4 but I doubt that would fix it at this point either.

[AdvancedSetup]

Hi Bill,

How are things going? Any update on this ?

[Bill of PA]

Well, I've been busy. No solutions though, all three 'anti -malware' programs *still* don't function. Even after I did/re-did some things.

Decided, with my back against wall, I might as well just try some things, knowing full well that I could kill the patient. But, what the heck, I'll probably have to bite the bullet and wipe/re-install anyway. So why not try to learn something along the way.

I replaced the missing text in the Folder Options (those five places that the @shell32.dll, - 30xxx instead its proper text). Some research seemed to indicate that these 'code' lines were a result of WORM_Rasty.A malware. But I don't know. The 'repair' went well (I did it in stages, to check if it stuck -- or, even if it run at all). When all five were replaced, the Folder Options then showed like it was supposed to (compared to my 'good' W2K system). Now I could setup to NOT hide system files and folders, etc.

Also, I could now see SYS files, etc (although, 'something' I did a bit earlier allowed seeing some of them a few days ago). FIND located over 500 *.sys files now (many days prior I saw *none*).

I followed up on your mention of SP4 (possibly of re-install it). Found out that there was a 'new' Rollup 1 (my SP4 came on CD, years old by now). I didn't know about it (well, I lie, -- looking back to older help messages I had in the Avira forum, somebody in July '07 suggested I should get that new rollup (even gave me KBnumber!); I just didn't do it).

I downloaded that and, just today, ran it. I had nothing to lose at this point. It installed just fine -- 156MB of stuff. Still ran fine. Whew....

But no joy concerning my wayward non-functioning malware programs. Tried each.

Now with SYS files now displayable, decided to re-run Avira rescueCD (even got the latest version, again) to see if that could flush out anything new. Did a few extras (15 files renamed, I guess that it couldn't delete).

But, all this didn't change anything. I could install Avira in SAFE mode OK, and could install its full manual update (using the downloaded IVDF zip file -- tho, updating online would not work, it refused to budge). But, Avira wouldn't scan at all; started, as 'usually', and hung - not responding, etc.

I'm going back to the Avira forum (that's how I was directed here actually), to ask for installation/running help. We'll see.....

I'll probably re-run some of the utilities you put me onto (again, now that system files are 'uncovered').

I thought about changing the reformating from FAT32 to NTFS, thinking that may mess up 'odd' files. I doubt it. I would like to use NTFS anyway.

And, I plan to go to IBM forums (or similar) to seek info on putting XP pro over the W2K that IBM originally installed. There is a Restore partition for W2K, If need be.

As I said before, it's good that I'm retired to have time to waste. <G>

Thanks for listening -- again. I'd be interested in any comments you may think of.

Bill

[AdvancedSetup]

Well that is the odd part to me. If the PC wasn't in an odd state I'd do the convert to NTFS. But, since it is FAT32 then there are NO PERMISSIONS period to stop anything from being installed. Which to me pretty much points to a screwed up Registry, which it probably is. If so then you certainly don't want to do an upgrade of XP over that - much better to wipe and clean install XP. You can probably by an OEM CD online pretty cheap.

At this point I would try converting the C: volume to NTFS - not the D: volume which is probably the Restore volume.

CONVERT C: /FS:NTFS

Nothing to lose, but if maybe these utilities are somehow not compliant with FAT32 they might like NTFS and both of us would learn something, though I'm sure they do support FAT32

Did you try that Dial-a-Fix ? Not sure if it works on Windows 2000 but worth a shot too.

[Bill of PA]

Yes, I did run DialAFix when you suggested it (1/24). It seemed to run OK under Windows 2000 Pro (altho I am not familiar with that Util, and what it was supposed to do <g>).

I did run it again yesterday (1/29) too, because I thought maybe, since some things were altered (and the SYS files are now displayable, and that wasn't case on last run), it would run 'differently'. (Again, I don't know much about the program.)

I compared the two LOG files. The last run (1/29) was bigger than the first run (about 12K bytes vs 9K, 231 vs 168 lines). Seems like more files were 'touched'/listed (could not find any files with extension of .SYS tho, all files touched were in \SYSTEM32 mostly --I searched on 'SYS').

Biggest difference seems to be that there were about 29 Unregistered/Registered pairs in last run; only one in the first run. I don't know what this means but, at least, the last run seemed to do more 'things'.

I forget to mention, in my message about WORM_RASTY.A, that malware apparently hops on external disks to proliferate. (*if* that was even involved, where I said "30501 with @SHELL32, seems these could (probably are) result of WORM_RASTY.A malware. Etc, ".) I don't know.

I did use a USB flash drive to transfer files between my primary desktop system and the 'sick' laptop -- of course, before I knew of 'RASTY' characteristics. That worried me, but I since ran MBAM (and Avira AV and SuperAntiSpyware) from my desktop (where all 3 run fine -- XP Pro) to check the USB drive. Nothing found, all three said. So, not infected or missed or just lucky?

I'm starting to search those program's forums (in addition to MBAM) for any help on why they may not function on the laptop/W2K.

Since I had all three programs, that won't/function correctly, installed on the laptop at the present time, I decided to run all three in SAFE mode. (I had tried some earlier, but before I did 'some fixing'.

All three ran to completion, no detections found. Hmmmm.... I know SAFE mode is not recommeded because some 'things' are not loaded but, it shows 'something' runs OK.

I'm holding off converting to NTFS for awhile. Thanks for the Code tip. At some point (probably just before I reformat (?) re-install W2K from the Restore partition), I'll try the Conversion. Who knows, it might work. I don't know if the Restore process offers the choice of FAT32 or NTFS. We'll see. (I could use Partition Magic too. Whatever.....)

Thanks for the warning about not installing XP over my W2K (without re-formatting, anyway). I'm also going to check the IBM forums, for info about restoring/changing OS etc before doing anything on my own.

All I need now is the time to do all this. Even being retired, I do have some other work to do -- besides playing with sick computers. <VBG>

Bill

[AdvancedSetup]

Okay, well at this point I'm going to close this post Bill since I don't think it's due to any current Malware infection and is more than likely just damaged badly from Malware which often may not be much we can do.

Please start a NEW post with a link to this post in this forum PC Help

We'll take it from there and see what else we can do.

As for the option for NTFS it probably did / does not offer it as some of the older systems did not work properly on laptops for resuming from sleep with an NTFS partition. That is no longer the case these days but was for some years ago.