Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

msas2009 and then some...


  • Please log in to reply
3 replies to this topic

#1 colindubbs

colindubbs

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:01:50 AM

Posted 14 February 2009 - 04:59 PM

So having trouble with MSAS2009 malware.

Symptoms:

4 Errors on startup "Exception Processing Message c0000013 Parameters 75b6bf7c 4 75b6bf7c 75b6bf7c"
Browser hijacking, notably on google searches.
Icons on desktop "CasinoVIP..."
MSAS2009 'program' and multiple popups with bogus virus infections.
Blocking of installation/execution of malwareytes, spybotSD, HJT...


So far I've run an updated version of Ad-Aware that was already installed. It got rid of the obvious MSAS2009 program for now it seems, so no more annoying popups or messages, but the meat and potatoes of it seem to still be around.

I was able to download malwarebytes and HJT on another computer and transfer them over on an external HD, but was unable to run either of them, thus unable to follow any of the help guides on here...

Any help would be muchly appreciated! Thanks in advance.

Should I be worried about it spreading via my external HD?

-Colin

BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:02:50 AM

Posted 14 February 2009 - 06:38 PM

Some types of malware will disable MBAM and other security tools. If MBAM will not install, try renaming it. Right-click on the mbam-setup.exe file and change the .exe extension to .bat, .com, .pif, or .scr and then double-click on it to run.

If after installation, MBAM will not run, open the Malwarebytes' Anti-Malware folder in Program Files, right-click on mbam.exe and change the .exe as noted above. Then double-click on it to run..


***
Another work around is by not using the mouse to install it, Just use the arrow keys, tab, and enter keys.



If you cannot use the Internet,you will need access to another computer that has a connection.
From there save mbam-setup.exe to a flash,usb,jump drive or CD. Now transfer it to the infected machine, then install and run the program.
If you cannot transfer to or install on the infected machine, try running the setup (installation) file directly from the flash drive or CD by double-clicking on mbam-setup.exe so it will install on the hard drive.

Manually Downloading Updates:
Manually download them from HERE and just double-click on mbam-rules.exe to install. Alternatively, you can update through MBAM's interface from a clean computer, copy the definitions (rules.ref) located in C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware from that system to a usb stick or CD and then copy it to the infected machine.


It is possible to spread to the External drive.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 colindubbs

colindubbs
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:01:50 AM

Posted 14 February 2009 - 09:23 PM

renamed to *.everything, and finally *.scr worked... i should have kept trying them ;P

performing full scan now, I'll put up a log in a bit.

thanks for that :thumbsup:

#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:02:50 AM

Posted 14 February 2009 - 09:57 PM

Cool :thumbsup:
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users