Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Virus Blocks Internet and Installation


  • This topic is locked This topic is locked
17 replies to this topic

#1 monochico

monochico

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:12:14 AM

Posted 02 March 2009 - 09:47 PM

Hello,
Two weeks ago I got hit with the AV2009 virus, and several other programs downloaded also themselves on my computer, including desktop icons for phone services and gambling sites. I’ve tried resolving the problem by following advice offered to others on this site and elsewhere, but it’s still not fixed. I have Windows XP on a Sony VAIO computer.

Symptoms include: Task manager has been disabled by your administrator… can’t copy/paste files or even text in Excel and Word… can’t run searches… can’t connect to internet (network option not even visible in lower right corner)... system administrator blocks installation of SuperAntiSpyware.

In safe mode, I downloaded AVG Anti-Virus, Trojan Hunter, and A-Squared Free from a memory stick. In regular mode, each program has deleted malware such as tracking cookies and Trojans. At least part of AV09 and GetModule32 (sp) viruses have been removed. But the problems cited above remain.

Malwarebytes seems to be the best thing out there, but during installation I get “Run-time error ‘372’ Failed to load control ‘vbalBrid’ from vbalsbrind6.ocx. Your version of vbalsgrind6.ocx may be outdated…”

Any suggestions?

BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:01:14 AM

Posted 02 March 2009 - 11:05 PM

Hello, for the task manager....
This step involves making changes in the registry. Always back up your registry before making any changes.

Go to Start » Run and type: regedit
Click OK.
On the left side, click to highlight My Computer at the top.
Go up to File » Export
Make sure in that window there is a tick next to "All" under Export Branch.
Leave the "Save As Type" as "Registration Files".
Under "Filename" put RegBackup.
Choose to save it to C:\
Click save and then go to File » Exit.

Or you can download and use ERUNT which is an excellent free tool that allows you to to take a snapshot (backup) of your registry before making changes and restore it when needed.

Click on the link below:
http://www.kellys-korner-xp.com/xp_tweaks.htm
Scroll down to #275 and click "Lift Restrictions - TM, Regedit and CMD" in the left column. Go to File, choose "Save page as" All Files and save regtmcmdrestore.vbs to your desktop. Double-click on that file to allow the script to run and reboot when done. Since the script modifies certain registry settings your anti-virus package may warn you about it. Ignore the warning and allow it to run.


I am looking for info on the MBAM error . have you un and re installed it yet.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 monochico

monochico
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:12:14 AM

Posted 03 March 2009 - 08:46 AM

Hi -- Thanks for responding so quickly. The registry backup went fine, and I then downloaded Lift Restrictions to a memory stick. But it wouldn't run on my computer (no errors either, just nothing). I did this in safe mode because my computer doesn't seem to recognize the stick otherwise. I'll also try unistalling and reinstalling MBAM.

#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:01:14 AM

Posted 03 March 2009 - 11:34 AM

OK let me know.

Some types of malware will disable MBAM and other security tools. If MBAM will not install, try renaming it. Right-click on the mbam-setup.exe file and change the .exe extension to .bat, .com, .pif, or .scr and then double-click on it to run.

If after installation, MBAM will not run, open the Malwarebytes' Anti-Malware folder in Program Files, right-click on mbam.exe and change the .exe as noted above. Then double-click on it to run..


***
Another work around is by not using the mouse to install it, Just use the arrow keys, tab, and enter keys.
***
Open up command prompt, type in following commands:
XP >> click the Start menu at the lower-left of your computer's desktop and select "Run". Type cmd into the Run box and click "OK".
Vista >> click the Start menu at the lower-left of your computer's desktop and Type cmd in the search box.

regsvr32 mbamext.dll
regsvr32 ssubtmr6.dll
regsvr32 vbalsgrid6.ocx
regsvr32 zlib.dll
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 monochico

monochico
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:12:14 AM

Posted 03 March 2009 - 10:41 PM

Hi -- here's an update:
1. uninstalled and deleted old MBAM and then redownloaded -- I got the same message as before: Run-time error ‘372’ Failed to load control ‘vbalGrid’ from vbalsbrind6.ocx. Your version of vbalsgrind6.ocx may be outdated. Make sure you are using the version of the control that was provided with your application.
2. After renaming with the different extentions, each one came back with the same message as above.
3. For the no mouse attempt, I got an error message saying "RegSvr32 -- LoadLibrary ("mbamext.dll") failed - The specified module could not be found."

Is there another way to install or could you suggest another antivirus program? Thanks.

#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:01:14 AM

Posted 03 March 2009 - 11:01 PM

Hi,yes I am still awaiting an answer on that error.

Run SAS

From your regular user account..
Download Attribune's ATF Cleaner and then SUPERAntiSpyware

, Free Home Version. Save both to desktop ..
DO NOT run yet.
Open SUPER from icon and install and Update it
Under Scanner Options make sure the following are checked (leave all others unchecked):
Close browsers before scanning.
Scan for tracking cookies.
Terminate memory threats before quarantining
.
Click the "Close" button to leave the control center screen and exit the program. DO NOT run yet.

Now reboot into Safe Mode: How to enter safe mode(XP)
Using the F8 Method
Restart your computer.
When the machine first starts again it will generally list some equipment that is installed in your machine, amount of memory, hard drives installed etc. At this point you

should gently tap the F8 key repeatedly until you are presented with a Windows XP Advanced Options menu.
Select the option for Safe Mode using the arrow keys.
Then press enter on your keyboard to boot into Safe Mode
.

Double-click ATF-Cleaner.exe to run the program.
Under Main "Select Files to Delete" choose: Select All.
Click the Empty Selected button.

If you use Firefox or Opera browser click that browser at the top and choose: Select All
Click the Empty Selected button.
If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program
.

NOW Scan with SUPER
Open from the desktop icon or the program Files list
On the left, make sure you check C:\Fixed Drive.
Perform a Complete scan. After scan,Verify they are all checked.
Click OK on the summary screen to quarantine all found items.
If asked if you want to reboot, click "Yes" and reboot normally.

To retrieve the removal information after reboot, launch SUPERAntispyware again.
Click Preferences, then click the Statistics/Logs tab.
Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
If there are several logs, click the current dated log and press View log.
A text file will open in your default text editor.
Please copy and paste the Scan Log results in your next reply.
Click Close to exit the program.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#7 monochico

monochico
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:12:14 AM

Posted 04 March 2009 - 06:53 PM

My progess is still pretty slow here. I can access my memory stick only in safe mode, and while installing SuperAnitiSpyware from the stick, I get this message: "The system administrator has set policies to prevent this installation."

But ATF Cleaner did work and deleted some of the files.

#8 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:01:14 AM

Posted 04 March 2009 - 09:27 PM

Are you running Norton Antivirus?

Here's the vbalsgrid6.ocx in a zip, it should help.

http://www.malwarebytes.org/forums/index.p...post&id=622
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#9 monochico

monochico
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:12:14 AM

Posted 06 March 2009 - 10:33 AM

Hi Boopme. I really appreciate your help for this stubborn virus. Is there a particular spot where I should save vbalsgrid6.ocx? Last night I downloaded it to both my desktop and Program Files folder. On reinstalling Malwarebytes, the same message appeared as before. I don't have Norton on this computer either. I'll have the forums and my personal computer up throughout the day, so perhaps this can get resolved for the weekend.

Thanks,
David

#10 monochico

monochico
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:12:14 AM

Posted 06 March 2009 - 06:02 PM

Thought this might help -- the log from a scan earlier this week using A-Squared showed these viruses: Trojan.Generic!IK, Backdoor.Win32.Hupigon!IK, Win32.SuspectCrc!IK, Trojan-PWS.Win32.Barrio.305!IK, Exploit.Win32.Pidief!IK. They were all deleted. I just reran A-Squared, and nothing new turned up.

#11 rigel

rigel

    FD-BC


  • Members
  • 12,944 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:South Carolina - USA
  • Local time:01:14 AM

Posted 06 March 2009 - 08:16 PM

boopme is away this weekend. I will be helping you for a bit. I need to check on the location for your file and research your error. Until then, please try this...

Please perform a scan with Eset Onlinescan (NOD32).
(Requires Internet Explorer to work. If given the option, choose "Quarantine" instead of delete.)
Vista Users be sure to run Internet Explorer as Administrator. To do this, right-click on the IE icon in the Start Menu or Quick Launch Bar on the Taskbar and select "Run as Administrator" from the context menu.)
  • You will see the Terms of Use. Tick the check-box in front of YES, I accept the Terms of Use
  • Now click Start.
  • You may receive an alert on the address bar that "This site might require the following ActiveX control...Click here to install...". Click on that alert and then Click Insall ActiveX component.
  • A new window will appear asking "Do you want to install this software?" (OnlineScanner.cab)".
  • Answer Yes to install and download the ActiveX controls that allows the scan to run.
  • Click Start. (the Onlinescanner will now prepare itself for running on your pc)
  • To do a full-scan, check: "Remove found threats" and "Scan potentially unwanted applications"
  • Press Scan to start the online scan. (this could take some time to complete)[/color]
  • When the scan has finished, it will show a screen with two tabs "overview" and "details" and the option to get information or buy software. Just close the window.
  • Now click Start > Run... > type: C:\Program Files\EsetOnlineScanner\log.txt
  • The scan results will open in Notepad.
  • Copy and paste the log results in your next reply.
Note: Some online scanners will detect existing anti-virus software and refuse to cooperate. You may have to disable the real-time protection components of your existing anti-virus and try running the scan again. If you do this, remember to turn them back on after you are finished.

"In a world where you can be anything, be yourself." ~ unknown

"Fall in love with someone who deserves your heart. Not someone who plays with it. Will Smith


#12 rigel

rigel

    FD-BC


  • Members
  • 12,944 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:South Carolina - USA
  • Local time:01:14 AM

Posted 06 March 2009 - 08:31 PM

The file goes here: C:\Program Files\Malwarebytes

"In a world where you can be anything, be yourself." ~ unknown

"Fall in love with someone who deserves your heart. Not someone who plays with it. Will Smith


#13 monochico

monochico
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:12:14 AM

Posted 07 March 2009 - 03:14 PM

Hi Rigel. I'm afraid I'm not making any progress. My computer can't connect to the Internet to run that scan. I just put vbalsgrid6 in the MBAM folder, yet when I try running, the message is the same.

I bought and ran the AVG 8.5 last night from a memory stick. It found lots of rootkits in my 2006 Turbo Tax file. Does this sound right? There were also several locked files that AVG couldn't scan including:

Documents & Settings\Administrator\local settings\Applications Data\Microsoft\Windows\Usrclass.dat and .LOG
Documents & Settings\Administrator\Ntuser.dat. and .LOG
Documents & Settings\All Users\Applications Data\Microsoft\Dr Watson\user.dmp
C:\pagefile.sys
C:\System Volume Info
LOTS of files under C:ee13cf5ab319b9afb73fbf4282f202\WapRes\
LOTS of files under C:\Windows\system32\config\

Is this typical? Thanks!

#14 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:01:14 AM

Posted 07 March 2009 - 09:05 PM

If you cannot use the Internet,you will need access to another computer that has a connection.
From there save mbam-setup.exe to a flash,usb,jump drive or CD. Now transfer it to the infected machine, then install and run the program.
If you cannot transfer to or install on the infected machine, try running the setup (installation) file directly from the flash drive or CD by double-clicking on mbam-setup.exe so it will install on the hard drive.

Manually Downloading Updates:
Manually download them from HERE and just double-click on mbam-rules.exe to install. Alternatively, you can update through MBAM's interface from a clean computer, copy the definitions (rules.ref) located in C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware from that system to a usb stick or CD and then copy it to the infected machine.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#15 monochico

monochico
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:12:14 AM

Posted 09 March 2009 - 08:22 AM

Hi Boopme. I tried to install MBAM from a stick already and got the Vbalsgrid6 error. This happened even after renaming the .exe to a variety of different names as you suggested. This error message continued even after copying vbalsgrid6.ocx into the MBAM folder. Trying to install MBAM with the command line didn't work either.

Can I reset my admin policies so I can install superantispyware? Right now I get the message: "The system administrator has set policies to prevent this installation."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users