Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected computer will not stay up


  • Please log in to reply
31 replies to this topic

#1 amarie113

amarie113

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:12:00 PM

Posted 04 August 2009 - 05:27 PM

I am trying to run malwarebytes. My computer will not stay up long enough to get to the program, which is already installed on the computer. My computer ends up at the blue screen. I am on a different computer now. I was out of town, so I don't know what the kids did to it to make the computer do this. I do see that I have a screen that comes up "personal antivirus". Is this what I need to get rid of? Is there another way to run the Malwarebytes?

BC AdBot (Login to Remove)

 


#2 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,579 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:00 AM

Posted 04 August 2009 - 05:35 PM

Before we start fixing anything you should print out these instructions or copy them to a NotePad file so they will be accessible. Some steps will require you to disconnect from the Internet or use Safe Mode and you will not have access to this page.

Please download Dr.Web CureIt and save it to your desktop. DO NOT perform a scan yet.
alternate download link
Note: The file will be randomly named (i.e. 5mkuvc4z.exe).

Reboot your computer in "Safe Mode" using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".

Scan with Dr.Web CureIt as follows:
  • Double-click on the randomly named file to open the program and click Start. (There is no need to update if you just downloaded the most current version
  • Read the Virus check by DrWeb scanner prompt and click Ok where asked to Start scan now? Allow the setup.exe to load if asked by any of your security programs.
  • The Express scan will automatically begin.
    (This is a short scan of files currently running in memory, boot sectors, and targeted folders).
  • If prompted to dowload the Full version Free Trial, ignore and click the X to close the window.
  • If an infected object is found, you will be prompted to move anything that cannot be cured. Click Yes to All. (This will move any detected files to the C:\Documents and Settings\userprofile\DoctorWeb\Quarantine folder if they can't be cured)
  • After the Express Scan is finished, put a check next to Complete scan to scan all local disks and removable media.
  • In the top menu, click Settings > Change settings, and uncheck "Heuristic analysis" under the "Scanning" tab, then click Apply, Ok.
  • Back at the main window, click the green arrow "Start Scanning" button on the right under the Dr.Web logo.
  • Please be patient as this scan could take a long time to complete.
  • When the scan has finished, a message will be displayed at the bottom indicating if any viruses were found.
  • Click Select All, then choose Cure > Move incurable.
  • In the top menu, click file and choose save report list.
  • Save the DrWeb.csv report to your desktop.
  • Exit Dr.Web Cureit when done.
  • Important! Reboot your computer because it could be possible that files in use will be moved/deleted during reboot.
  • After reboot, post the contents of the log from Dr.Web in your next reply. (You can use Notepad to open the DrWeb.cvs report)

The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw

#3 amarie113

amarie113
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:12:00 PM

Posted 04 August 2009 - 05:46 PM

My computer health is such that I cannot get connected to the internet. The computer only stays up about 2 or 3 minutes.

#4 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,579 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:00 AM

Posted 04 August 2009 - 05:59 PM

You can download it on another computer and then copy it over.
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw

#5 amarie113

amarie113
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:12:00 PM

Posted 04 August 2009 - 06:22 PM

I am sorry....I don't know how to do that. Can you explain??

#6 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,579 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:00 AM

Posted 04 August 2009 - 06:28 PM

I mean download the file on a working computer. Then copy the file onto a CD or pen drive. Put this CD or pen drive into the trouble computer and copy it to the hard drive.
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw

#7 amarie113

amarie113
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:12:00 PM

Posted 05 August 2009 - 07:26 AM

Finally done. Here is the list:

shopathometoolbar.dll;c:\program files\selectrebates\toolbar;Adware.Softomate.origin;;
sfx.dll;c:\program files\sfx;Trojan.DownLoad.42048;Deleted.;
sfx.sys;c:\program files\sfx;Trojan.Sfx;Deleted.;
netfilter.exe;c:\windows\system32;Trojan.AntiAV;Deleted.;
MWSSETUP.EXE;C:\Documents and Settings\Angela Olson\Local Settings\Temp;Trojan.MulDrop.32756;Deleted.;
pp.10[1].exe;C:\Documents and Settings\Angela Olson\Local Settings\Temporary Internet Files\Content.IE5\06568G2S;Trojan.PWS.Brauz.11;Deleted.;
dllsetup[1].exe;C:\Documents and Settings\Angela Olson\Local Settings\Temporary Internet Files\Content.IE5\6504GCJG;Trojan.DownLoad.42356;Deleted.;
pdrv[1].exe;C:\Documents and Settings\Angela Olson\Local Settings\Temporary Internet Files\Content.IE5\70HHKRDM;Trojan.MulDrop.33044;Deleted.;
10[1].exe;C:\Documents and Settings\Angela Olson\Local Settings\Temporary Internet Files\Content.IE5\BU0GN6VS;Trojan.DownLoad.42356;Deleted.;
setup[1].exe;C:\Documents and Settings\Angela Olson\Local Settings\Temporary Internet Files\Content.IE5\BU0GN6VS;Win32.HLLW.Facebook.140;Deleted.;
file[1].exe;C:\Documents and Settings\Angela Olson\Local Settings\Temporary Internet Files\Content.IE5\C2PYIFM0;Trojan.Corruptor.58;Deleted.;
ms.19[1].exe;C:\Documents and Settings\Angela Olson\Local Settings\Temporary Internet Files\Content.IE5\LW1AF1CM;Trojan.DownLoader.origin;Incurable.Moved.;
fb.52[1].exe;C:\Documents and Settings\Angela Olson\Local Settings\Temporary Internet Files\Content.IE5\N2AR8XZN;Win32.HLLW.Facebook.173;Deleted.;
10[1].exe;C:\Documents and Settings\Benjamin Olson\Local Settings\Temporary Internet Files\Content.IE5\EDEP4M0D;Trojan.DownLoad.42356;Deleted.;
setup[1].exe;C:\Documents and Settings\Benjamin Olson\Local Settings\Temporary Internet Files\Content.IE5\TE4OJB7I;Win32.HLLW.Facebook.140;Deleted.;
file[1].exe;C:\Documents and Settings\Benjamin Olson\Local Settings\Temporary Internet Files\Content.IE5\VRZZVPMP;Trojan.Corruptor.58;Deleted.;
Install-d97b0_02010-8[1].exe;C:\Documents and Settings\Jacob Olson\Local Settings\Temporary Internet Files\Content.IE5\8XEB8DI7;Trojan.Siggen.3097;Deleted.;
Driver[1].exe\NetFilter.exe;C:\Documents and Settings\Jacob Olson\Local Settings\Temporary Internet Files\Content.IE5\SHEVWPQR\Driver[1].exe;Trojan.AntiAV;;
Driver[1].exe;C:\Documents and Settings\Jacob Olson\Local Settings\Temporary Internet Files\Content.IE5\SHEVWPQR;Archive contains infected objects;Moved.;
ShopAtHomeToolbar.dll;C:\Program Files\SelectRebates\Toolbar;Adware.Softomate.origin;;
UAConcgxjolax.dll;C:\WINDOWS\system32;BackDoor.Tdss.49;Deleted.;

#8 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,579 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:00 AM

Posted 05 August 2009 - 04:18 PM

Will Malwarebytes now run?
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw

#9 amarie113

amarie113
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:12:00 PM

Posted 05 August 2009 - 04:24 PM

No.

#10 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,579 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:00 AM

Posted 05 August 2009 - 04:26 PM

Rename this file:

C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe

to this:

winlogon.exe

Then double-click the renamed file and see if it will run.
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw

#11 amarie113

amarie113
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:12:00 PM

Posted 05 August 2009 - 04:30 PM

I had on file named mbam and I have another mbamgui. Neither has the extension .exe. I did try and change the mbam to winlogon without the .exe and I got nothing.

#12 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,579 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:00 AM

Posted 05 August 2009 - 04:36 PM

In Explorer go Tools > Folder Options > View tab and uncheck "Hide extensions for known file types". You should now be able to see the extensions.
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw

#13 amarie113

amarie113
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:12:00 PM

Posted 05 August 2009 - 04:39 PM

I don't think it works. I can't get it to run.

#14 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,579 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:00 AM

Posted 05 August 2009 - 04:45 PM

Try the renaming trick again but this time rename it to:

abcde.bat

Then double-click the renamed file.
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw

#15 amarie113

amarie113
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:12:00 PM

Posted 05 August 2009 - 04:50 PM

I changed the name to abcde.bat and it still will not run.


The first time I tried to run it after I changed the name I had a screen come up from the internet that said "warning visiting this site may harm your computer. I then closed that window and tried again. Now it won't do it again.

Edited by amarie113, 05 August 2009 - 04:55 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users