BleepingComputer.com: Malware bytes problems

I can't run malware bytes in normal mode, or update in any mode.

Can anyone help?

If you're having issues or errors, uninstall, then reinstall Malwarebytes' as follows:

For Windows XP:

• First uninstall Malwarebytes' Anti-Malware using Add/Remove Programs in the Control Panel.
  
• Restart the computer.
  
• Download the mbam-clean.exe (MBAM Cleanup Utility) and save it to your Desktop.
  
• Double-click on mbamclean.exe to start the utility.
  
• When the cleanup routine has finished, it will ask to reboot your computer. Please allow the reboot.
  
• After the computer restarts, temporarily disable your Anti-Virus, then download and install the latest version of Malwarebytes' Anti-Malware (v1.46) from here.

For Windows Vista and Windows 7:

• First uninstall Malwarebytes' Anti-Malware using Programs and Features in Control Panel.
  
• Restart the computer.
  
• Download the mbam-clean.exe (MBAM Cleanup Utility) and save it to your Desktop.
  
• Double-click on mbamclean.exe to start the utility.
  
• When the cleanup routine has finished, it will ask to reboot your computer. Please allow the reboot.
  
• After the computer restarts, temporarily disable your Anti-Virus, then download and install the latest version of Malwarebytes' Anti-Malware (v1.46) from here.

-- If using the Pro version, you will need to reactivate the program using the license key you were sent. If using the free version, then just ignore that part.
-- Launch the program and set the Protection and Registration. Then go to the UPDATE tab and check for updates if not done during installation.
-- Restart the computer again and verify that MBAM is in the task tray if using the Pro version. Now setup any file exclusions as may be required in your Anti-Virus/Internet-Security/Firewall applications and restart your Anti-Virus/Internet-Security applications.


Note: If your computer is infected, be aware that some types of malware will target Malwarebytes Anti-Malware and other security tools to keep them from running properly. Other types of malware may delete the main mbam.exe executable file during installation or when attempting to perform a scan which results in various errors. If that's the case, please refer to the suggestions provided in For those having trouble running Malwarebytes Anti-Malware for using Rkill or downloading a renamed version of mbam.exe. Do not reboot after running Rkill. Immediately after running this tool, you need to perform your scan with Malwarebytes Anti-Malware.

Note: You may have to make repeated attempts to use Rkill several times before it will run as some malware variants try to block it.

If you get an alert that Rkill is infected, ignore it. The alert is a fake warning given by the rogue software which attempts to terminate tools that try to remove it. If you see such a warning, leave the warning on the screen and then run Rkill again. By not closing the warning, this sometimes allows you to bypass the malware's attempt to protect itself so that Rkill can perform its routine.

Whenever I try to access malwarebytes.org on any browser, the page fails to load. I get error message "Could not locate remote server".

When I scan I get hijack dns trojan as a result but it's there every time I scan.

I have just unintalled, reinstalled and attempted to run MBAM in normal mode, but it won't run.

Did you try the suggestions provided in For those having trouble running Malwarebytes Anti-Malware or running it in safe mode?

Ok after chnging the file name to wuauclt.exe it will run in normal mode, however I am still unable to update.

I am unable to access any web pages with malwarebytes in the URL so cannot manually update either.

EDIT: unable to update in safe or normal mode

If you cannot update MBAM through the program's interface and have already manually downloaded the latest definitions (mbam-rules.exe) shown on this page, be aware that mbam-rules.exe is not updated daily. Another way to get the most current database definitions if you're having problems updating, is to install MBAM on a clean computer, launch the program, update through MBAM's interface, copy the definitions (rules.ref) to a USB stick or CD and transfer that file to the infected machine. Copy rules.ref to the location indicated for your operating system. If you cannot see the folder, then you may have to Reconfigure Windows to show it.

• XP,Windows 2000, 2003: C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware
  
• Vista, Windows 7, 2008: C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware

I haven't manually downloaded the update because I cannot access the MBAM site. I get error messages whenever I try to access the webpage on any browser, in safe mode or not. I also don't have access to a computer I can install and update MBAM on

Then run MBAM as is for now.

I have run it as is, I need to update so I can remove the things it's missing.

The symptoms I have are redirected google searches, and I'm unable to connect to update most of my virus removal programs

Please follow these instructions: How to remove Google Redirects or the TDSS, TDL3, Alureon rootkit using TDSSKiller

• Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
  Vista/Windows 7 users right-click and select Run As Administrator.
  
• When the program opens, click the Start Scan button.
  
• If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  
• Ensure Cure is selected, then click Continue > Reboot now to finish the cleaning process. <- Important!!
  Note: If 'Suspicious' objects are detected, you will be given the option to Skip or Quarantine. Skip will be the default selection.
  
• A log file named TDSSKiller_version_date_time_log.txt will be created and saved to the root directory (usually Local Disk C:).
  
• Copy and paste the contents of that file in your next reply.

-- For any files detected as 'Suspicious', get a second opinion by submitting to Jotti's virusscan or VirusTotal. In the "File to upload & scan" box, browse to the location of the suspicious file and submit (upload) it for scanning/analysis.

2010/09/02 16:03:12.0148 TDSS rootkit removing tool 2.4.1.2 Aug 16 2010 09:46:23
2010/09/02 16:03:12.0148 ================================================================================
2010/09/02 16:03:12.0148 SystemInfo:
2010/09/02 16:03:12.0148
2010/09/02 16:03:12.0148 OS Version: 6.0.6002 ServicePack: 2.0
2010/09/02 16:03:12.0148 Product type: Workstation
2010/09/02 16:03:12.0148 ComputerName: LUKE-PC
2010/09/02 16:03:12.0148 UserName: Luke
2010/09/02 16:03:12.0148 Windows directory: C:\Windows
2010/09/02 16:03:12.0148 System windows directory: C:\Windows
2010/09/02 16:03:12.0148 Processor architecture: Intel x86
2010/09/02 16:03:12.0148 Number of processors: 2
2010/09/02 16:03:12.0148 Page size: 0x1000
2010/09/02 16:03:12.0148 Boot type: Safe boot with network
2010/09/02 16:03:12.0148 ================================================================================
2010/09/02 16:03:12.0414 Initialize success

This issue will require further investigation. Many of the tools we use in this forum are not capable of detecting all malware variants so more advanced tools are needed to investigate. Before that can be done you will need you to create and post a DDS/HijackThis log.

Please read the pinned topic titled "Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help". If you cannot complete a step, then skip it and continue with the next. In Step 7 there are instructions for downloading and running DDS which will create a Pseudo HJT Report as part of its log.

When you have done that, post your log in the Virus, Trojan, Spyware, and Malware Removal Logs forum, NOT here, for assistance by the Malware Response Team Experts. A member of the Team will walk you through, step by step, on how to clean your computer. If you post your log back in this thread, the response from the Malware Response Team will be delayed because your post will have to be moved. This means it will fall in line behind any others posted that same day.

Start a new topic, give it a relevant title and post your log along with a brief description of your problem, a summary of any anti-malware tools you have used and a summary of any steps that you have performed on your own. An expert will analyze your log and reply with instructions advising you what to fix. After doing this, we would appreciate if you post a link to your log back here so we know that your getting help from the Malware Response Team.

Please be patient. It may take a while to get a response because the Malware Response Team members are very busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have posted your log and are waiting, please DO NOT "bump" your post or make another reply until it has been responded to by a member of the Malware Response Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another Malware Response Team member is already assisting you and not open the thread to respond.

Hi quietman7

The user already has a Malware removal thread, an at the end of that one got told to go to another thread

http://www.bleepingcomputer.com/forums/ind...p;#entry1865818

Although I don't think the infection is gone, for instance the proxy server for the rogue is still there.
And looks like although TDSSkiller detected the driver it could not actually cure the driver involved, as the driver after does not show up in the modified list after.
Might be a newer variant with older TDSSkiller that means TDSSkiller couldn't fix.

Hope that helps

Quads

@quads

Towards the end of the malware topic no progress was being made, hence posting in here to see if I could get some help