Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Mbam


  • Please log in to reply
8 replies to this topic

#1 adowdy

adowdy

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:01:01 AM

Posted 10 March 2009 - 02:05 PM

Help!!!

Hello, my name is Aaron and my computer is running Windows 2k pro. I've been having trouble with it running slow and when I start Microsoft Word it would really slow down. So after some Google expeditions I downloaded and installed Malware Bytes. The installation seemed to go smooth enough, and the program would load and update. But when I scan it starts scanning for a maybe 20 seconds then disappears off the display, if I try to restart it I get a Mbam is already running message. A look in the processes confirms it's there.

Another Google expedition and I installed and ran ComboFix, which produced a log file. edit(I just read the note at the top of the page so I'm already not following instructions)lol.

Then I retried Mbam and got the same results as before.

Then Mark(garmanma) over in the welcome page instructed me to:
"If mbam won't install

Some types of malware will disable MBAM and other security tools. If MBAM will not install, try renaming it. Right-click on the mbam-setup.exe file and change the .exe extension to .bat, .com, .pif, or .scr and then double-click on it to run.

If after installation, MBAM will not run, open the Malwarebytes' Anti-Malware folder in Program Files, right-click on mbam.exe and change the .exe as noted above. Then double-click on it to run."

And I:
"I've tried renaming it 3 different names same results. Then I uninstalled it and deleted it out of the registry and reinstalled it with a renaming. Then renamed the program again, same results.

Please advise."

Mark then told me I really needed to be over here. So here I am.

Sorry for the long winded post. Just wanted to make sure I covered all the bases.

Help! Aaron

Edited by adowdy, 10 March 2009 - 02:08 PM.


BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,428 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:03:01 AM

Posted 10 March 2009 - 03:59 PM

Hi,maybe we can run these first then?
From your regular user account..
Download Attribune's ATF Cleaner and then SUPERAntiSpyware , Free Home Version. Save both to desktop ..
DO NOT run yet.
Open SUPER from icon and install and Update it
Under Scanner Options make sure the following are checked (leave all others unchecked):
Close browsers before scanning.
Scan for tracking cookies.
Terminate memory threats before quarantining
.
Click the "Close" button to leave the control center screen and exit the program. DO NOT run yet.

Now reboot into Safe Mode: How to enter safe mode(XP)
Using the F8 Method
Restart your computer.
When the machine first starts again it will generally list some equipment that is installed in your machine, amount of memory, hard drives installed etc. At this point you should gently tap the F8 key repeatedly until you are presented with a Windows XP Advanced Options menu.
Select the option for Safe Mode using the arrow keys.
Then press enter on your keyboard to boot into Safe Mode
.

Double-click ATF-Cleaner.exe to run the program.
Under Main "Select Files to Delete" choose: Select All.
Click the Empty Selected button.

If you use Firefox or Opera browser click that browser at the top and choose: Select All
Click the Empty Selected button.
If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program
.

NOW Scan with SUPER
Open from the desktop icon or the program Files list
On the left, make sure you check C:\Fixed Drive.
Perform a Complete scan. After scan,Verify they are all checked.
Click OK on the summary screen to quarantine all found items.
If asked if you want to reboot, click "Yes" and reboot normally.

To retrieve the removal information after reboot, launch SUPERAntispyware again.
Click Preferences, then click the Statistics/Logs tab.
Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
If there are several logs, click the current dated log and press View log.
A text file will open in your default text editor.
Please copy and paste the Scan Log results in your next reply.
Click Close to exit the program.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 adowdy

adowdy
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:01:01 AM

Posted 10 March 2009 - 04:19 PM

Is this the same for Windows 2k?

#4 adowdy

adowdy
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:01:01 AM

Posted 10 March 2009 - 05:53 PM

Super anti spy ware has been running 18 minutes it got stuck in a system 32 dll file after a few seconds and it hasn't done anything else.

I have to leave now I'll check this in the morning.

Thank you

#5 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,428 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:03:01 AM

Posted 10 March 2009 - 05:54 PM

Yes these are for ...Operating System: Windows 98/ME/2K/XP/Vista

Let it run it may need a few hours deoending on files size and the amount of infeections.

Edited by boopme, 10 March 2009 - 05:55 PM.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#6 adowdy

adowdy
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:01:01 AM

Posted 12 March 2009 - 12:20 PM

Super Anti-Spy ware, I let it run 15 hours and it never got past the 57th scanned item, the same as when I let it run 18 minute. What now???

#7 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,428 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:03:01 AM

Posted 12 March 2009 - 12:33 PM

Mbam still won't run either. I might suggest uninstalling and reinstalling.

Let's try one more scan (Online) if after an hour and looks like no progress let me know and we'll have to use a different method.

Please do an online scan with Kaspersky WebScanner

Click on Kaspersky Online Scanner

You will be prompted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#8 adowdy

adowdy
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:01:01 AM

Posted 13 March 2009 - 10:41 AM

Here is the report:





KASPERSKY ONLINE SCANNER 7 REPORT
Friday, March 13, 2009
Operating System: Microsoft Windows 2000 Professional Service Pack 4 (build 2195)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Thursday, March 12, 2009 21:03:28
Records in database: 1892449
Scan settings
Scan using the following database extended
Scan archives yes
Scan mail databases yes
Scan area My Computer
A:\
C:\
D:\
R:\
Scan statistics
Files scanned 62362
Threat name 6
Infected objects 7
Suspicious objects 0
Duration of the scan 02:26:59

File name Threat name Threats count
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\019C0000.VBN Infected: Exploit.JS.ADODB.Stream.ac 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\01DC0000.VBN Infected: Packed.Win32.Krap.e 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\04D00000.VBN Infected: Trojan-Downloader.Win32.FraudLoad.vdxq 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\04E40000.VBN Infected: Exploit.Win32.Pidief.gx 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\04E80000.VBN Infected: Trojan-Downloader.Win32.Agent.amoz 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\05580000.VBN Infected: Exploit.Win32.Pidief.gx 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\05900000.VBN Infected: Backdoor.Win32.UltimateDefender.a 1
The selected area was scanned.

#9 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,428 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:03:01 AM

Posted 13 March 2009 - 11:03 AM

Will MBam run now? You have/had a serious backdoor infection ther. So I want you to consider this.

One or more of the identified infections is a backdoor trojan.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users