Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Can't run updates for Malwarebytes


  • Please log in to reply
9 replies to this topic

#1 jjmm

jjmm

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:06:27 AM

Posted 04 May 2009 - 07:33 PM

I had several trojan infections and got rid of some of them by copying the newest Malwarebytes and mbam-rules.exe onto a flash drive from another computer. I ran MBAM in safe mode and it founds some things and then ran it in regular mode and it found a couple more but I see that the version is 2060 and I can't get it to run the updates. It says that I need to allow Malwarebytes through Windows firewall but I am allowing it and it still doesn't work. I can access the internet and don't have all of the annoying popups but I think that something is still wrong.

BC AdBot (Login to Remove)

 


#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,277 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:07:27 AM

Posted 05 May 2009 - 08:03 AM

Mbam-rules.exe is not updated daily. Another way to get the most current database definitions if you're having problems updating, is to install MBAM on a clean computer, launch the program, update through MBAM's interface, copy the definitions (rules.ref) to a USB stick or CD and transfer that file to the infected machine. Copy rules.ref to the location indicated for your operating system.
  • XP: C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware
  • Vista: C:\Documents and Settings\Users\All Users\Malwarebytes\Malwarebytes' Anti-Malware
If you cannot see the folder, then you may have to Reconfigure Windows to show it.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#3 jjmm

jjmm
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:06:27 AM

Posted 05 May 2009 - 08:55 AM

I also am not able to get the updates for AVG so this is blocking that too. I'll try to get the most recent mbam.ref file from a different computer. I won't be able to do this until after work -- in about 8 hours -- but am just posting this in case you think that I should try something else too.

#4 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,277 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:07:27 AM

Posted 05 May 2009 - 09:14 AM

Please download and scan with Dr.Web CureIt - alternate download link first.
Follow these instructions for performing a scan in "safe mode".
If you cannot boot into safe mode, then perform your scan in normal mode. Be aware, this scan could take a long time to complete.
-- Post the log in your next reply.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#5 DaChew

DaChew

    Visiting Alien


  • BC Advisor
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:07:27 AM

Posted 05 May 2009 - 09:17 AM

Your AVG should be 8.0 or higher

7.xx is no longer supported

http://free.avg.com/download-update

You might want to run a safe mode scan with AVG after updating or even a boot scan if you have that option.
Chewy

No. Try not. Do... or do not. There is no try.

#6 jjmm

jjmm
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:06:27 AM

Posted 08 May 2009 - 09:13 AM

I am finally running a Dr Web Cure It complete scan on the computer. I had to stop it before because it was taking so long. Now I will just let it run and post the results. The thing that I am wondering about is that it is finding some (or maybe all) of the antivirus/anti spyware executables as infected objects -- combofix.exe, sdfix.exe, smitrem.exe, etc. -- and wanting to move them. I realize that I can download them again but am just wondering if that is expected behavior.

Also, in response to another post, I am on 8.0 of AVG and even upgraded to 8.5 but it still won't allow me to get the updates.

I tried copying the latest MBAM rules.ref file from another computer. It found one more thing, but removing it didn't help. I still can't download updates for MBAM or AVG. Hopefully Dr. Web Cure It will help.

#7 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,277 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:07:27 AM

Posted 08 May 2009 - 01:28 PM

is finding some (or maybe all) of the antivirus/anti spyware executables as infected objects -- combofix.exe, sdfix.exe, smitrem.exe, etc. -- and wanting to move them

Certain embedded files that are part of legitimate programs or specialized fix tools like those you noted above, may at times be detected by some anti-virus and anti-malware scanners as a "Risk Tool", "Hacking Tool", "Potentially Unwanted Program", or even "Malware" (virus/trojan) when that is not the case. This occurs for a variety of reasons to include the tool's compiler, the files it uses, registry fixes and malware strings it contains.

Such programs have legitimate uses in contexts where an authorized user or administrator has knowingly installed it. When flagged by an anti-virus or security scanner, it's because the program includes features, behavior or files that appear suspicious or it can potentially be used for malicious purposes. These detections do not necessarily mean the file is malware or a bad program. It means it has the potential for being misused by others or that it was simply detected as suspicious due to the security program's Heuristic analysis engine which provides the ability to detect possible new variants of malware. Anti-virus scanners cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert you or even automatically remove them. In these cases the detection is a "False Positive".
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#8 jjmm

jjmm
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:06:27 AM

Posted 08 May 2009 - 01:34 PM

I just noticed that I missed the instruction 'uncheck "Heuristic analysis"' in the instructions to run Dr. Web. It has finally finished. Should I not do 'Select All' and 'Cure'? Is there a danger that I will change things that I shouldn't be changing? Do I need to run it again?

Edited by jjmm, 08 May 2009 - 01:34 PM.


#9 jjmm

jjmm
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:06:27 AM

Posted 08 May 2009 - 02:05 PM

Here is the contents of the Dr. Web report list. I did not try to do anything with the results yet until someone tells me whether I need to run it again without running heuristics.

ComboFix.exe/data002\32788R22FWJFW\c.bat;C:\Documents and Settings\El Bandito\Desktop\antivrus\ComboFix.exe/data002;Probably BATCH.Virus;;
ComboFix.exe/data002\32788R22FWJFW\psexec.cfexe;C:\Documents and Settings\El Bandito\Desktop\antivrus\ComboFix.exe/data002;Program.PsExec.171;;
data002;C:\Documents and Settings\El Bandito\Desktop\antivrus;Archive contains infected objects;;
ComboFix.exe;C:\Documents and Settings\El Bandito\Desktop\antivrus;Container contains infected objects;;
SDFix.exe\SDFix\apps\Process.exe;C:\Documents and Settings\El Bandito\Desktop\antivrus\SDFix.exe;Tool.Prockill;;
SDFix.exe;C:\Documents and Settings\El Bandito\Desktop\antivrus;Archive contains infected objects;;
smitRem.exe\smitRem/Process.exe;C:\Documents and Settings\El Bandito\Desktop\antivrus\smitRem.exe;Tool.Prockill;;
smitRem.exe\smitRem/pv.exe;C:\Documents and Settings\El Bandito\Desktop\antivrus\smitRem.exe;Program.PrcView.3741;;
smitRem.exe;C:\Documents and Settings\El Bandito\Desktop\antivrus;Archive contains infected objects;;
Process.exe;C:\Documents and Settings\El Bandito\Desktop\antivrus\SmitfraudFix\SmitfraudFix;Tool.Prockill;;
restart.exe;C:\Documents and Settings\El Bandito\Desktop\antivrus\SmitfraudFix\SmitfraudFix;Tool.ShutDown.14;;
Process.exe;C:\Documents and Settings\El Bandito\Desktop\antivrus\smitRem;Tool.Prockill;;
pv.exe;C:\Documents and Settings\El Bandito\Desktop\antivrus\smitRem;Program.PrcView.3741;;
dlccppx.dl_;C:\drivers\printer\924\drivers\Win_XP2K\x64;Modification of Linux.Diesel.969;;
3 Months Free NetZero.exe;C:\Program Files\Dell\Launcher\files;Trojan.Click.1487;Deleted.;
A_VPEngine.dll;C:\Program Files\SmitFraudFixPro;Trojan.Fakealert.origin;;
A0008411.reg;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP25;Trojan.StartPage.1505;Deleted.;
A0009597.exe/data002\32788R22FWJFW\c.bat;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP35\A0009597.exe/data002;Probably BATCH.Virus;;
A0009597.exe/data002\32788R22FWJFW\psexec.cfexe;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP35\A0009597.exe/data002;Program.PsExec.171;;
data002;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP35;Archive contains infected objects;;
A0009597.exe;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP35;Container contains infected objects;;
A0012046.exe;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP51;Win32.HLLW.Facebook.60;Deleted.;
A0012074.exe;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP51;Trojan.DownLoad.36180;Deleted.;
A0012075.exe;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP51;Trojan.Proxy.5834;Deleted.;
A0012382.exe;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP57;Trojan.Click.1487;Deleted.;
fko.sbt;C:\WINDOWS;Trojan.DownLoad.36240;Deleted.;

#10 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,277 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:07:27 AM

Posted 08 May 2009 - 04:40 PM

No need to rerun Dr.Web.

If you still cannot update AVG or MBAM, can you follow my instructions in Post #2 to manually download the updates from another machine, transfer and install them on yours? If so, do a Quick Scan in normal mode and check all items found for removal. Don't forgot to check for database definition updates through the program's interface (preferable method) before scanning and to reboot afterwards. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. When done, click the Logs tab and copy/paste the contents of the new report in your next reply.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users