Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infection: Antivirus Pro 2009 w/ .dll errors. System seems Uncleanable?


  • This topic is locked This topic is locked
7 replies to this topic

#1 echoclerk

echoclerk

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:06:55 PM

Posted 23 June 2009 - 06:05 AM

It seems my laptop (Win XP PRo - Hp Compaq nx8420) has become infected with this ironically named virus: AntiVirus Pro 2009 in the last few days. I think it may have disguised itself as a Flash Player update that I clicked on without thinking.

Iím having a hell of a time trying to get rid of it. The main issue is that I simply cannot seem to install or run any other programs to try and get rid of it.

Iíve kinda quarantined the computer for now and tried a variety of things but when I try and install anything (say Malwarebytes as everyone suggests) the computer just pops up a error box saying that some .dll in ../System32/ is corrupted or cannot be found. And then nothing happens. I can run the already install applications but nothing new. (I have no antivirus Apps installed).

I downloaded Malwarebytes on another computer and tried installing it from USB stick, CD-R, desktop etc. and I just get the .dll error and nothing happens. This happens in Safe Mode too.

So how can I clean the computer if I canít run any AntiVirus / AntiSpyware?

BC AdBot (Login to Remove)

 


#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,394 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:07:55 PM

Posted 23 June 2009 - 06:33 AM

Please download and scan with Dr.Web CureIt - alternate download link.
Follow these instructions for performing a scan in "safe mode".
If you cannot boot into safe mode, then perform your scan in normal mode. Be aware, this scan could take a long time to complete.
-- Post the log in your next reply. If you can't find the log, try to write down what was detected/removed before exiting Dr.WebCureIt so you can provide that information.

The .dll error is probably malware related. Some types of malware will disable Malwarebytes Anti-Malware and other security tools. If MBAM will not install, try renaming it first.
  • Right-click on the mbam-setup.exe file file and rename it to mysetup.exe.
  • Double-click on mysetup.exe to start the installation.
  • If that did not work, then try renaming and changing the file extension. <- click this link if you do not see the file extension
  • Right-click on the mbam-setup.exe file, rename it to mysetup and change the .exe extension to .scr, .com, .pif, or .bat.
  • Then double-click on mysetup.scr (or whatever extension you renamed it) to begin installation.
If after installation, MBAM will not run, open the Malwarebytes' Anti-Malware folder in Program Files.
  • Right-click on mbam.exe, rename it to myscan.exe.
  • Double-click on myscan.exe to launch the program.
  • If that did not work, then try renaming and change the .exe extension in the same way as noted above.
  • Double-click on myscan.scr (or whatever extension you renamed it) to launch the program.
If using Windows Vista, refer to How to Change a File Extension in Windows Vista.

Be sure to update MBAM through the program's interface (preferable method) or manually download the definition updates and just double-click on mbam-rules.exe to install. Then perform a Quick Scan in normal mode and check all items found for removal. Don't forgot to reboot afterwards. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. When done, click the Logs tab and copy/paste the contents of the report in your next reply.

Note: MBAM uses Inno Setup instead of the Windows Installer Service to install the program. If installation fails in normal mode, try installing in safe mode. Doing this is usually not advised as MBAM is designed to be at full power when running in normal mode and loses some effectiveness for detection & removal when used in safe mode. For optimal removal, normal mode is recommended so it does not limit the abilities of MBAM. Therefore, after completing a scan it is recommended to uninstall MBAM, then reinstall it in normal mode and perform another Quick Scan.

Edited by quietman7, 23 June 2009 - 06:34 AM.

.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#3 echoclerk

echoclerk
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:06:55 PM

Posted 23 June 2009 - 06:40 AM

I forgot to try renaming the MBAM file. or the Anti-Virus exes i have. I will try this next.

#4 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,394 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:07:55 PM

Posted 23 June 2009 - 06:44 AM

Ok but you probably should run DrWeb CureIt first. Sometimes DrWeb will remove enough of the infected files to allow MBAM to run properly.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#5 echoclerk

echoclerk
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:06:55 PM

Posted 23 June 2009 - 06:54 AM

Well I've never heard of this DrWeb CureIt whereas everyone seems to talk about MBAM so... I doin't know if its reliable.

#6 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,394 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:07:55 PM

Posted 23 June 2009 - 07:19 AM

Dr.Web CureIt is reliable or I would not have recommended scanning with it.

How do I get help? Who is helping me?
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#7 echoclerk

echoclerk
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:06:55 PM

Posted 24 June 2009 - 01:59 AM

some sucess removing these malwares.

do i post my logs here or in that Hijack this forum?

I posted the HiJack This Log here:

http://www.bleepingcomputer.com/forums/t/236320/antivirus-pro-2009-infection-hijack-this-logs-uacinitexe/

Edited by echoclerk, 24 June 2009 - 02:06 AM.


#8 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,394 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:07:55 PM

Posted 24 June 2009 - 08:00 AM

Now that your log is posted, you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a HJT Team member, nor should you continue to ask for help elsewhere. Doing so can result in system changes which may not show it the log you already posted. Further, any modifications you make on your own may cause confusion for the member assisting you and could complicate the malware removal process which would extend the time it takes to clean your computer.

From this point on the HJT Team should be the only members that you take advice from, until they have verified your log as clean.

To avoid confusion, I am closing this topic until you are cleared by the HJT Team. If you still need assistance after your log has been reviewed and you have been cleared, please PM me or another moderator and we will re-open this topic.

Good luck with your log.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users