Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Definitely infected, pop-up messages, nothing helps


  • Please log in to reply
1 reply to this topic

#1 NeedAdvice

NeedAdvice

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:07:26 AM

Posted 28 April 2009 - 12:06 PM

Hello! My system is Windows XP. I have Spybot Search&Destroy, Windows Defender, AdAware, Comodo BOClean, Spyware Blaster and avast!Antivirus. I've gone through all of these in turn, during Windows operating and in the safe mode. A lot of malware, viruses and spyware were moved to chest. But I still get error messages when my desktop starts up:
'Generic Host rocess for Win32 Services encountered an error and needed to close. Send error report/ Don't send. ' The name of the application changes, error message reads the same.
'EULALauncher.exe aplication error. The aplication failed to initialize properly (0x0000007b). Click OK to terminate the aplication'. Again, instead of 'EULA....' there might be 'dsca.exe' or something else, but the same message.
'Internet Explorer SCript Error. URL:// jl.chura.pl/rc/ Do you want to continue running scripts on this page?'

In addition, my desktop doesn't always load up, have to restart several times. And I've noticed my Registry editing was disabled 'by the administrator' (or rather a virus), but I've fixed it (so now I can actually view my hidden files).

I've read the steps we're supposed to do before osting in the Malware removal section, but I can't run DDS for some reason. How do I disable script blocking and allow DDS to scan my computer? Or can I just run and post HijackThis log instead?

BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,489 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:02:26 AM

Posted 28 April 2009 - 07:40 PM

Hello and welcome. Let;s try to run MBAM and get a log, if not I'll help you get posted in the Malware removal forum.

Some types of malware will disable MBAM and other security tools. If MBAM will not install, try renaming it.

Before saving any of your security programs, rename them first. For example, before you save Malwarebytes', rename it to something like MBblah.exe and then click on Save and save it to your desktop. Same thing after you install it. Before running it, rename the main executable file first
***
Right-click on the mbam-setup.exe file and change the .exe extension to .bat, .com, .pif, or .scr and then double-click on it to run.

If after installation, MBAM will not run, open the Malwarebytes' Anti-Malware folder in Program Files, right-click on mbam.exe and change the .exe as noted above. Then double-click on it to run..


***
Another work around is by not using the mouse to install it, Just use the arrow keys, tab, and enter keys.
***
Open up command prompt, type in following commands:
XP >> click the Start menu at the lower-left of your computer's desktop and select "Run". Type cmd into the Run box and click "OK".
Vista >> click the Start menu at the lower-left of your computer's desktop and Type cmd in the search box.

regsvr32 mbamext.dll
regsvr32 ssubtmr6.dll
regsvr32 vbalsgrid6.ocx
regsvr32 zlib.dll

****

If you cannot use the Internet,you will need access to another computer that has a connection.
From there save mbam-setup.exe to a flash,usb,jump drive or CD. Now transfer it to the infected machine, then install and run the program.
If you cannot transfer to or install on the infected machine, try running the setup (installation) file directly from the flash drive or CD by double-clicking on mbam-setup.exe so it will install on the hard drive.

Manually Downloading Updates:
Manually download them from HERE and just double-click on mbam-rules.exe to install. Alternatively, you can update through MBAM's interface from a clean computer, copy the definitions (rules.ref) located in C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware from that system to a usb stick or CD and then copy it to the infected machine.

***
Try this random renamer for MBAM
http://kixhelp.com/wr/files/mb/randmbam.exe
****
Try using a System Retore Point prior to the date of infection. You may be able to update and run MBam. Note this did not remove the malware.
Windows XP System Restore Guide


Next run MBAM:
Please download Malwarebytes Anti-Malware (v1.36) and save it to your desktop.
alternate download link 1
alternate download link 2
If you have a previous version of MBAM, remove it via Add/Remove Programs and download a fresh copy.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself.
  • Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install. Alternatively, you can update through MBAM's interface from a clean computer, copy the definitions (rules.ref) located in C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware from that system to a usb stick or CD and then copy it to the infected machine.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you after scanning with MBAM. Please temporarily disable such programs or permit them to allow the changes.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users