Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Spybot Search and Destroy not starting...


  • This topic is locked This topic is locked
43 replies to this topic

#1 G-Force

G-Force

  • Members
  • 55 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:26 PM

Posted 14 August 2009 - 11:26 AM

I posted this exact topic under the Windows XP Home and Professional section, but i was suggested that i should post this here as my PC might be infected.

Hey Folks,
I have a Windows XP Professional SP2 running on my desktop PC. The problem is sometimes when i start my PC the screen at which we choose our Windows User account freezes. The pointer is moving fine but the accounts cannot be accessed. The icon in the lower left corner used for restarting or shutting down the PC doesn't work. Besides this sometimes the screen freezes at "Windows is loading....." screen. Sometimes it just shows a black screen with the pointer in the middle. All i can do about this is press the restart button. There is no specific pattern about this. It happens randomly.

I have tried running the "chkdsk" utility from the cmd, but that doesn't seem to help. I have a Quickheal Total Security antivirus running on my PC. I have performed a full system scan, but nothing has changed. I have tried scanning using the Spybot Search and Destroy but it does not open.

I hope you guys can help me with this. Cheers!

BC AdBot (Login to Remove)

 


#2 Computer Pro

Computer Pro

  • Members
  • 2,448 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:56 AM

Posted 14 August 2009 - 11:39 AM

Hello and welcome to Bleeping Computer.

Please subscribe to your topic so that you will be notified as soon as I post a reply, instead of you having to check the topic all of the time. This will allow you to get an email notification when I reply.

To subscribe, go to your topic, and at the top right hand corner by your first post, click the Options button and then click Track this topic. The bullet the immediate notification bubble. Then press submit.


Lets take a look with Malwarebytes

Please download Malwarebytes' Anti-Malware from here:
Malwarebytes
Please rename the file BEFORE downloading to zztoy.exe instead of mbam-setup.exe

MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.

Double Click zztoy.exe to install the application.
* Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select "Perform Full Scan", then click Scan.
* The scan may take some time to finish,so please be patient.
* When the scan is complete, click OK, then Show Results to view the results.
* Make sure that everything is checked, and click Remove Selected.
* When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
* The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
* Copy&Paste the entire MBAM report (even if it does not find anything) in your next reply

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.


If Malwarebytes won't install or run

Some types of malware will disable MBAM and other security tools. If MBAM will not install, try renaming it. Right-click on the mbam-setup.exe file and change the .exe extension to .bat, .com, .pif, or .scr and then double-click on it to run.

If after installation, MBAM will not run, open the Malwarebytes' Anti-Malware folder in Program Files, right-click on mbam.exe and change the .exe as noted above. Then double-click on it to run.
Computer Pro

#3 G-Force

G-Force
  • Topic Starter

  • Members
  • 55 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:26 PM

Posted 15 August 2009 - 01:48 AM

Hey thanx for your reply. I clicked on the link which you have provided but the site does not open. I searched it up on google but even then the site does not open. So i downloaded the program (Malwarebytes Anti-Malware 1.40) through www.cnet.com. After downloading the program i installed it exactly the way you told me to. After completing the setup the program did not launch so i opened the Malwarebytes folder and tried running it from there. But it did not work so i changed the .exe to .bat, .com, .pif and finally .scr but none of them seem to work.

I apologise for the late reply. Waiting for your reply. Cheers!

#4 G-Force

G-Force
  • Topic Starter

  • Members
  • 55 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:26 PM

Posted 15 August 2009 - 05:01 AM

In my earlier post i said that the Malwarebytes' Anti-Malware program was not working, but i managed to start it by changing the Compatibility mode to Windows 2000 in the mbam properties :flowers: . Then i performed a full system scan and removed all the infected files and folders and restarted. The log is as follows:

Malwarebytes' Anti-Malware 1.36
Database version: 1945
Windows 5.1.2600 Service Pack 2

8/15/2009 2:45:54 PM
mbam-log-2009-08-15 (14-45-54).txt

Scan type: Full Scan (C:\|D:\|E:\|F:\|)
Objects scanned: 270701
Time elapsed: 49 minute(s), 11 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 7
Folders Infected: 1
Files Infected: 3

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\CheckedValue (Hijack.System.Hidden) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.112,85.255.112.212 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{94562eca-7067-4c94-86e0-06cfc1fc4b62}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.112,85.255.112.212 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.112,85.255.112.212 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{94562eca-7067-4c94-86e0-06cfc1fc4b62}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.112,85.255.112.212 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.112,85.255.112.212 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\Interfaces\{94562eca-7067-4c94-86e0-06cfc1fc4b62}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.112,85.255.112.212 -> Quarantined and deleted successfully.

Folders Infected:
C:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013 (Trojan.Agent) -> Quarantined and deleted successfully.

Files Infected:
C:\Documents and Settings\J@€€\My Documents\My Received Files\SmileyCentralPFSetup2.2.60.1.exe (Adware.MyWeb) -> Quarantined and deleted successfully.
C:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\Desktop.ini (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\7b22stez59081.dll (Trojan.Agent) -> Quarantined and deleted successfully.


:thumbsup: However, i have a new problem. My internet connection has suddenly stopped working. This was after the system restarted. Luckily i had one of those "Plug to surf" thingy with me. I am posting this using the same connection.
Also after the system restarted i got an error saying "The system has recovered from a serious error". It also says that "For more information about this error click here". When i click it it opens another window containing some "error signature". I have a screenshot of the error, but i couldn't attach it with this post as i don't know how to do it. Please tell me how to attach the screen shot so that you can have a look at it. I hope i have provided you with all the necessary info. Please tell me if you need anything more. Cheers!

#5 G-Force

G-Force
  • Topic Starter

  • Members
  • 55 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:26 PM

Posted 15 August 2009 - 10:03 AM

Bump.

#6 Computer Pro

Computer Pro

  • Members
  • 2,448 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:56 AM

Posted 15 August 2009 - 10:57 AM

Could you please update Malwarebytes by going to the "Update" tab? Your version is extremely outdated.

Then after you have done that, run a Quick Scan and post back the log.
Computer Pro

#7 G-Force

G-Force
  • Topic Starter

  • Members
  • 55 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:26 PM

Posted 15 August 2009 - 10:57 AM

Alright i'll do it right now.

#8 Computer Pro

Computer Pro

  • Members
  • 2,448 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:56 AM

Posted 15 August 2009 - 10:59 AM

Thank you, I will be waiting for the log.
Computer Pro

#9 G-Force

G-Force
  • Topic Starter

  • Members
  • 55 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:26 PM

Posted 15 August 2009 - 11:03 AM

I tried updating it but it says "Update failed. Make sure you are connected to the internet and your firewall is set to allow Malewarebytes' blah blah blah.."

I have disabled the firewall but the problem still persists. :-(

Edited by G-Force, 15 August 2009 - 11:03 AM.


#10 Computer Pro

Computer Pro

  • Members
  • 2,448 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:56 AM

Posted 15 August 2009 - 11:16 AM

Please download Malwarebytes v 1.40 from here:

http://download.cnet.com/Malwarebytes-Anti...4-10804572.html

This download should come with close to current defs.

Edited by Computer Pro, 15 August 2009 - 11:16 AM.

Computer Pro

#11 G-Force

G-Force
  • Topic Starter

  • Members
  • 55 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:26 PM

Posted 15 August 2009 - 11:20 AM

I think i downloaded the same one before. But anyways i'll download it and post the log here. Thanks again.

#12 Computer Pro

Computer Pro

  • Members
  • 2,448 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:56 AM

Posted 15 August 2009 - 11:23 AM

Ok
Computer Pro

#13 G-Force

G-Force
  • Topic Starter

  • Members
  • 55 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:26 PM

Posted 15 August 2009 - 11:35 AM

Ok i have installed it and now it's scanning. I tried updating it but this time it gave me an "Error code: 732(0, 0)". The error also said that i should report this error code to the Malwarebytes' team. Anyways the scan takes about 45-50 mins, so ill post the log then.

#14 Computer Pro

Computer Pro

  • Members
  • 2,448 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:56 AM

Posted 15 August 2009 - 11:38 AM

Ok, i'll be waiting
Computer Pro

#15 G-Force

G-Force
  • Topic Starter

  • Members
  • 55 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:26 PM

Posted 15 August 2009 - 12:25 PM

Alright done with the scan, but now i see u offline :thumbsup: . Please be there. Anyways here goes the log:

Malwarebytes' Anti-Malware 1.40
Database version: 2551
Windows 5.1.2600 Service Pack 2

8/15/2009 10:45:14 PM
mbam-log-2009-08-15 (22-45-14).txt

Scan type: Full Scan (C:\|D:\|E:\|F:\|)
Objects scanned: 292127
Time elapsed: 42 minute(s), 24 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{28abc5c0-4fcg-11cf-aax5-81cx5c625612} (Generic.Bot.H) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
F:\PC_GTA -ViceCity- (ripped+dipped)\PC_GTA.ViceCity -rip-\PC_GTA.ViceCity -rip-\GTA ViceCity\ToeD.exe (Malware.Packer) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ESQULzcounter (Trojan.Agent) -> Delete on reboot.

Waiting for your reply.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users