Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Problem: Malwarebytes won't run under Administrator


  • Please log in to reply
5 replies to this topic

#1 wj2

wj2

  • Validating
  • 12 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:04 PM

Posted 23 July 2009 - 05:06 PM

Operating System: Windows XP Professional using Administrator account

Here's what I've done so far after discovering Malwarebytes Version 1.39 (July 13) will not run and getting the following error message: Microsoft Visual C++ Library/Runtime Error! C:\ProgramFiles\Malwarebytes' Anti-malware/mbam.exe This application has requested the Runtime to terminate in an unusual way. Please contact the application's support team for more information."

Uninstalled/reinstalled Malwarebytes using REVO several times. Restarted CP each time.

Prior to saving a downloaded file, I renamed Malwarebytes by changing the .exe extensions.. When that didn’t work, I opened the MB folder in Program Files and changed the .exe extenstions. No success.

Tried installing in Safe Mode w/networking: Didn’t work.
Tried installed in Safe Mode w/networking and changing extensions: Didn’t work
All attempts to download Malwarebytes: installation screen freezes

I was able to run SuperAntispyware software. Nothing found.

I created a New User account and was able to run Malwarebytes in regular mode. I was able to run the update, a quick scan, and full scan. Results: no problems found under the New User!

I noticed that Stopzilla was popping up here and there today. I renamed the Malwarebytes files “Stopzilla” but couldn’t fool it into installing Malwarebytes.

I ran CWShredder and nothing found. I ran HiJackThis and am unsure about a few entries. I found Stopzilla in HiJackThis and deleted. Went through computer and found no more traces of Stopzilla.

I used CCleaner after completing the above steps.

I downloaded Combofix and have a log.

Looking forward to a fix. Thanks so much!

Edited by wj2, 23 July 2009 - 06:48 PM.


BC AdBot (Login to Remove)

 


#2 garmanma

garmanma

    Computer Masochist


  • Members
  • 27,809 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Cleveland, Ohio
  • Local time:06:04 PM

Posted 24 July 2009 - 09:29 PM

Can you get Dr. Web cureIt to run?

Please download Dr.Web CureIt, the free version & save it to your desktop. DO NOT perform a scan yet.

Reboot your computer in "Safe Mode" using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".

Scan with Dr.Web CureIt as follows:
  • Double-click on launch.exe to open the program and click Start. (There is no need to update if you just downloaded the most current version
  • Read the Virus check by DrWeb scanner prompt and click Ok where asked to Start scan now? Allow the setup.exe to load if asked by any of your security programs.
  • The Express scan will automatically begin.
    (This is a short scan of files currently running in memory, boot sectors, and targeted folders).
  • If prompted to dowload the Full version Free Trial, ignore and click the X to close the window.
  • If an infected object is found, you will be prompted to move anything that cannot be cured. Click Yes to All.
  • When complete, click Select All, then choose Cure > Move incurable.
    (This will move any detected files to the C:\Documents and Settings\userprofile\DoctorWeb\Quarantine folder if they can't be cured)
  • Now put a check next to Complete scan to scan all local disks and removable media.
  • In the top menu, click Settings > Change settings, and UNcheck "Heuristic analysis" under the "Scanning" tab, then click Ok.
  • Back at the main window, click the green arrow "Start Scanning" button on the right under the Dr.Web logo.
  • When the scan is complete, a message will be displayed at the bottom indicating if any viruses were found.
  • Click "Yes to all" if asked to cure or move the file(s) and select "Move incurable".
  • In the top menu, click file and choose save report list.
  • Save the DrWeb.csv report to your desktop.
  • Exit Dr.Web Cureit when done.
  • Important! Reboot your computer because it could be possible that files in use will be moved/deleted during reboot.
  • After reboot, post the contents of the log from Dr.Web in your next reply. (You can use Notepad to open the DrWeb.cvs report)

Mark
Posted Image
why won't my laptop work?

Having grandkids is God's way of giving you a 2nd chance because you were too busy working your butt off the 1st time around
Do not send me PMs with problems that should be posted in the forums. Keep it in the forums, so everyone benefits
Become a BleepingComputer fan: Facebook and Twitter

#3 wj2

wj2
  • Topic Starter

  • Validating
  • 12 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:04 PM

Posted 26 July 2009 - 04:28 PM

Thanks for helping.

Here are the Dr.Web CureIt log contents:

Process.exe;C:\SDFix\apps;Tool.Prockill;Moved.;
A0058730.msi/stream003\STOPzillaExe;C:\System Volume Information\_restore{47FFD2F9-351D-40F6-B6EF-3DB4F0DBBC89}\RP656\A0058730.msi/stream003;Trojan.Fakealert.4602;;
stream003;C:\System Volume Information\_restore{47FFD2F9-351D-40F6-B6EF-3DB4F0DBBC89}\RP656;Archive contains infected objects;;
A0058730.msi;C:\System Volume Information\_restore{47FFD2F9-351D-40F6-B6EF-3DB4F0DBBC89}\RP656;Archive contains infected objects;Moved.;
A0058842.exe;C:\System Volume Information\_restore{47FFD2F9-351D-40F6-B6EF-3DB4F0DBBC89}\RP661;Trojan.Fakealert.4602;Deleted.;
A0059161.dll;C:\System Volume Information\_restore{47FFD2F9-351D-40F6-B6EF-3DB4F0DBBC89}\RP666;Adware.Coupons.34;Moved.;
A0059194.exe;C:\System Volume Information\_restore{47FFD2F9-351D-40F6-B6EF-3DB4F0DBBC89}\RP666;Tool.Prockill;Moved.;
A0059455.reg;C:\System Volume Information\_restore{47FFD2F9-351D-40F6-B6EF-3DB4F0DBBC89}\RP667;Trojan.StartPage.1505;Deleted.;
A0059574.reg;C:\System Volume Information\_restore{47FFD2F9-351D-40F6-B6EF-3DB4F0DBBC89}\RP668;Trojan.StartPage.1505;Deleted.;
A0059770.exe\SDFix\apps\Process.exe;C:\System Volume Information\_restore{47FFD2F9-351D-40F6-B6EF-3DB4F0DBBC89}\RP670\A0059770.exe;Tool.Prockill;;
A0059770.exe;C:\System Volume Information\_restore{47FFD2F9-351D-40F6-B6EF-3DB4F0DBBC89}\RP670;Archive contains infected objects;Moved.;
A0059771.exe\data012;C:\System Volume Information\_restore{47FFD2F9-351D-40F6-B6EF-3DB4F0DBBC89}\RP670\A0059771.exe;Adware.Coupons.34;;
A0059771.exe\data013;C:\System Volume Information\_restore{47FFD2F9-351D-40F6-B6EF-3DB4F0DBBC89}\RP670\A0059771.exe;Adware.Coupons.34;;
A0059771.exe\data015;C:\System Volume Information\_restore{47FFD2F9-351D-40F6-B6EF-3DB4F0DBBC89}\RP670\A0059771.exe;Adware.Coupons.34;;
A0059771.exe\data016;C:\System Volume Information\_restore{47FFD2F9-351D-40F6-B6EF-3DB4F0DBBC89}\RP670\A0059771.exe;Adware.Coupons.34;;
A0059771.exe;C:\System Volume Information\_restore{47FFD2F9-351D-40F6-B6EF-3DB4F0DBBC89}\RP670;Container contains infected objects;Moved.;

#4 garmanma

garmanma

    Computer Masochist


  • Members
  • 27,809 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Cleveland, Ohio
  • Local time:06:04 PM

Posted 27 July 2009 - 04:16 PM

I'm rereading your first post
Exactly what problem are you experiencing at the moment?
Mbam not running?

I'm sending you a PM

Edited by garmanma, 27 July 2009 - 04:20 PM.

Mark
Posted Image
why won't my laptop work?

Having grandkids is God's way of giving you a 2nd chance because you were too busy working your butt off the 1st time around
Do not send me PMs with problems that should be posted in the forums. Keep it in the forums, so everyone benefits
Become a BleepingComputer fan: Facebook and Twitter

#5 wj2

wj2
  • Topic Starter

  • Validating
  • 12 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:04 PM

Posted 28 July 2009 - 08:15 AM

Initially I was unable to run Mbam.

After running Dr. Web, I was then able to run Malwarebytes. No malware found. I also ran Flash_Disinfector.exe on my flash drive just in case.

Seems like everything is OK now. Thanks so much for the help!

#6 garmanma

garmanma

    Computer Masochist


  • Members
  • 27,809 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Cleveland, Ohio
  • Local time:06:04 PM

Posted 28 July 2009 - 07:26 PM

If there are no longer signs of malware then please....

Create a New Restore Point to prevent possible reinfection from an old one. Some of the malware you picked up could have been saved in System Restore. Since this is a protected directory your tools cannot access to delete these files, they sometimes can reinfect your system if you accidentally use an old restore point. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state.

The easiest and safest way to do this is:
  • Go to Start > Programs > Accessories > System Tools and click "System Restore".
  • Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name, then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
  • Then use Disk Cleanup to remove all but the most recently created Restore Point.
  • Go to Start > Run and type: Cleanmgr
  • Click "Ok"
  • Disk Cleanup will scan your files for several minutes, then open.
  • Click the "More Options" Tab.
  • Click the "Clean up" button under System Restore.
  • Click Ok. You will be prompted with "Are you sure you want to delete all but the most recent restore point?"
  • Click Yes, then click Ok.
  • Click Yes again when prompted with "Are you sure you want to perform these actions?"
  • Disk Cleanup will remove the files and close automatically.
Vista Users can refer to these links: Create a New Restore Point and Disk Cleanup.
Mark
Posted Image
why won't my laptop work?

Having grandkids is God's way of giving you a 2nd chance because you were too busy working your butt off the 1st time around
Do not send me PMs with problems that should be posted in the forums. Keep it in the forums, so everyone benefits
Become a BleepingComputer fan: Facebook and Twitter




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users