Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

MBAM and SAS wont update


  • Please log in to reply
23 replies to this topic

#1 Paintbrush

Paintbrush

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:08:59 PM

Posted 11 May 2009 - 11:36 AM

Hi
I've been running MBAM and SAS since early this month trying to find a suspected gremlin in my Acer desktop. So far every scan has come back clean. This morning, these two programs won't update. SAS says the vista home premium firewall is blocking it (even though I listed it as an exception, and MBAM is just sitting here pretending to look for the website.
I opened my task manager last week and noticed that the following processes have no user name or description
Ati2evxx.ex.
csrss.exe
winlogon.exe
I uploaded these to virus.org and NoVirusThanks. The results came back clean.
My Firefox browser locked up while I was typing this, lasted for a couple of seconds and then came back. Never done that before. I've got that "creepy movie" feeling that I am not alone.
Any suggestions are most welcome. - (help?)
Thanks,

Paintbrush

BC AdBot (Login to Remove)

 


#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,597 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:12:59 AM

Posted 11 May 2009 - 12:21 PM

If you cannot update through the program's interface (preferable method), try to manually download the definition updates and just double-click on mbam-rules.exe to install. If necessary, download mbam-rules from another computer, save to a USB stick or CD, transfer the file to the infected machine and then doubl-click on it to install.Mbam-rules.exe is not updated daily. Another way to get the most current database definitions if you're having problems updating, is to install MBAM on a clean computer, launch the program, update through MBAM's interface, copy the definitions (rules.ref) to a USB stick or CD and transfer that file to the infected machine. Copy rules.ref to the location indicated for your operating system. If you cannot see the folder, then you may have to Reconfigure Windows to show it.
  • XP: C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware
  • Vista: C:\Documents and Settings\Users\All Users\Malwarebytes\Malwarebytes' Anti-Malware
Then perform a new Quick Scan in normal mode and check all items found for removal. Don't forgot to reboot afterwards. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. When done, click the Logs tab and copy/paste the contents of the new report in your next reply.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#3 Paintbrush

Paintbrush
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:08:59 PM

Posted 11 May 2009 - 01:40 PM

Thanks quietman7,
I'll be back shortly with the goods (I hope).
I ran Avast while I was waiting (it still updates) and it caught Win32Malwarior. That is now sitting in avasts quarantine.
Talk to you soon.

#4 Paintbrush

Paintbrush
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:08:59 PM

Posted 11 May 2009 - 02:05 PM

So far so good. The update went in OK and the scan completed. Here is the log.

Malwarebytes' Anti-Malware 1.36
Database version: 2060
Windows 6.0.6000

11/05/2009 11:46:43 AM
mbam-log-2009-05-11 (11-46-43).txt

Scan type: Quick Scan
Objects scanned: 63737
Time elapsed: 2 minute(s), 47 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

I rebooted, nothing odd happened. I'm still holding my breath.

#5 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,597 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:12:59 AM

Posted 11 May 2009 - 02:24 PM

As i said, Mbam-rules.exe is not updated daily. Your database shows 2060 which is the latest posted update for manual download. However, the latest update last I checked was 2108.

I still recommend you download them to another computer and transfer as I indicated in my previous post for your OS.

Please download and scan with Dr.Web CureIt - alternate download link.
Follow these instructions for performing a scan in "safe mode" after running ATF-Cleaner.
If you cannot boot into safe mode, then perform your scan in normal mode. Be aware, this scan could take a long time to complete.
-- Post the log in your next reply.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#6 Paintbrush

Paintbrush
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:08:59 PM

Posted 11 May 2009 - 05:54 PM

Thanks again.
I'll update MBAM with another computer later. Might take a while as I'm sort of a force of one here. Would reinstalling the program do the trick?
In the meantime, Ive run DrWeb Express and Full scan in safe mode. It came up clean and there was no log to save.

#7 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,597 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:12:59 AM

Posted 12 May 2009 - 08:35 AM

I doubt reinstalling the program will help. The malware will continue to block the updating of these programs until fully identified and removed.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#8 Paintbrush

Paintbrush
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:08:59 PM

Posted 12 May 2009 - 06:06 PM

I updated DrWeb and re scanned the computer (safe mode) This time I paid attention to where it put the log file. Do you really want all 7.3m of this?

-----------------------------------------------------------------------------
Scan statistics
-----------------------------------------------------------------------------
Scanned: 51625
Infected: 0
Modifications: 0
Suspicious: 0
Adware: 0
Dialers: 0
Jokes: 0
Riskware: 0
Hacktools: 0
Cured: 0
Deleted: 0
Renamed: 0
Moved: 0
Ignored: 0
Scan speed: 2873 Kb/s
Scan time: 00:18:05
-----------------------------------------------------------------------------

=============================================================================
Total session statistics
=============================================================================
Scanned: 52806
Infected: 0
Modifications: 0
Suspicious: 0
Adware: 0
Dialers: 0
Jokes: 0
Riskware: 0
Hacktools: 0
Cured: 0
Deleted: 0
Renamed: 0
Moved: 0
Ignored: 0
Scan speed: 2975 Kb/s
Scan time: 00:18:43
=============================================================================

#9 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,597 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:12:59 AM

Posted 12 May 2009 - 08:52 PM

To see what was detected/removed, scroll down to the bottom and look under the "Scan statistics" section and just copy/paste that part into your next reply.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#10 Paintbrush

Paintbrush
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:08:59 PM

Posted 13 May 2009 - 12:30 PM

Sorry to keep you waiting (the yard needed some serious attention).
Here are the results

-----------------------------------------------------------------------------
Scan statistics
-----------------------------------------------------------------------------
Scanned: 51625
Infected: 0
Modifications: 0
Suspicious: 0
Adware: 0
Dialers: 0
Jokes: 0
Riskware: 0
Hacktools: 0
Cured: 0
Deleted: 0
Renamed: 0
Moved: 0
Ignored: 0
Scan speed: 2873 Kb/s
Scan time: 00:18:05
-----------------------------------------------------------------------------

=============================================================================
Total session statistics
=============================================================================
Scanned: 52806
Infected: 0
Modifications: 0
Suspicious: 0
Adware: 0
Dialers: 0
Jokes: 0
Riskware: 0
Hacktools: 0
Cured: 0
Deleted: 0
Renamed: 0
Moved: 0
Ignored: 0
Scan speed: 2975 Kb/s
Scan time: 00:18:43
=============================================================================

...and the winner is Virus 2, Paintbrush Nil ?

#11 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,597 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:12:59 AM

Posted 13 May 2009 - 12:37 PM

Lets try something else.

Please perform an online scan with Kaspersky WebScanner.
(Requires free Java Runtime Environment (JRE) be installed before scanning for malware as ActiveX is no longer being used.)
  • Click on the Posted Image ...button.
  • The program will launch and fill in the Information section ... on the left.
  • Read the "Requirements and Limitations" then press... the Posted Image ...button.
  • The program will begin downloading the latest program and definition files.
    It takes a while... please be patient and let it finish.
  • Once the files have been downloaded, click on the Posted Image ...button.
    In the scan settings make sure the following are selected:
    • Detect malicious programs of the following categories:
      Viruses, Worms, Trojan Horses, Rootkits
      Spyware, Adware, Dialers and other potentially dangerous programs
    • Scan compound files (doesn't apply to the File scan area):
      Archives
      Mail databases
      By default the above items should already be checked.
    • Click the Posted Image ...button, if you made any changes.
  • Now under the Scan section on the left:Select My Computer
  • The program will start and scan your system. This will run for a while, be patient... let it run.
    Once the scan is complete, it will display if your system has been infected.
  • Save the scan results as a Text file ... save it to your desktop.
  • Copy and paste the saved scan results file in your next reply.

.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#12 Paintbrush

Paintbrush
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:08:59 PM

Posted 13 May 2009 - 01:05 PM

Something went wrong here. I started to download JRE, but start is all it did. I now have the "Downloading Java" window on my screen, but it is no longer doing anything. I can't cancel, close or move it. This is not good, is it?
I checked the settings in the Firefox browser to make sure java was enabled before I started.
The real world is calling so I used the task manager to kill the download. Several windows opened in succession.
1st window Avast Antivirus Setup
Downloading packages
file downloaded serversdef.vpustamp
2nd window Microsoft Windows
Java (SE) Platform not responding
Details
Description:
A problem caused this program to stop interacting with Windows.

Problem signature:
Problem Event Name: AppHangB1
Application Name: jxpiinstall-6u13-fcs-bin-b03-windows-i586-09_mar_2009.exe
Application Version: 6.0.130.3
Application Timestamp: 49b521b8
Hang Signature: 5dcd
Hang Type: 6144
OS Version: 6.0.6000.2.0.0.768.3
Locale ID: 4105
Additional Hang Signature 1: 6ad2bdce5f21902d013eb36d5209a587
Additional Hang Signature 2: a6cb
Additional Hang Signature 3: 90b0a7e097acadae3d219c9ef03bfa1d
Additional Hang Signature 4: 5dcd
Additional Hang Signature 5: 6ad2bdce5f21902d013eb36d5209a587
Additional Hang Signature 6: a6cb
Additional Hang Signature 7: 90b0a7e097acadae3d219c9ef03bfa1d

3rd Window Question
Update did not finish. If you interupt now blah blah etc.

Windows 2 -close the program - window went away
Window 3 went away
window 1 wants attention displays a summary as follows
Information about current update:
Total time: 16:57

- Vps: Already up to date
(current version 090513-0)

Server: a651sm.avast.com (75.125.47.146:80)
Downloaded files: 2 (0.02 KB)
Download time: 3 s

closed normally. I'll try again tomorrow

Edited by Paintbrush, 13 May 2009 - 02:18 PM.


#13 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,597 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:12:59 AM

Posted 13 May 2009 - 02:12 PM

Reboot your computer and try again.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#14 Paintbrush

Paintbrush
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:08:59 PM

Posted 14 May 2009 - 10:02 AM

New day, new battle. I have java now, the online install failed again so I used the offline install. The Kaspersky scanner is still telling me that Java is not enabled even though I have checked every button I could find.

#15 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,597 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:12:59 AM

Posted 14 May 2009 - 10:16 AM

Try BitDefender Online Virus and Malware Scan.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users