Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Cannot install MalwareBytes' Anti-Malware or Update my Spybot - S&D


  • This topic is locked This topic is locked
1 reply to this topic

#1 Don't Fidget

Don't Fidget

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:10:50 PM

Posted 12 September 2009 - 03:07 AM

I am running Windows XP Home Edition Version 2002, updating to SP3, with all critical updates installed (to date). IE8 and Firefox. ESET Smart Security, COMODO Firewall, Wired DSL (Belkin) modem/router. (System Summary at the end of this post.)

My two main concerns that I'd like to address right now are listed directly below. Other anomalies and steps I have already taken are explained further down. You might like to know upfront that I did have a rootkit several months ago. Since then, I have reformatted twice.

1. When trying to install MalwareBytes' Anti-Malware I receive the following error message:

C:\WINDOWS\system32\drivers\mbamswissarmy.sys

An error occured while trying to create a file in the destination directory:
Access is denied

2. When trying to update Spybot - Search & Destroy I receive -two- error messages, both indicating the same problem. (ie. unable to copy certain files across.) I am currently unable to replicate the error to provide exact error codes as Spybot - S&D says that there are no updates available. But I fear the updates were not properly implemented because of these two error messages.

----------

Other Anomalies

. I am unable to rename or copy some of my files & folders. I have noticed this seems to happen to files and folders I have recently been working on. The windows error message states that it is being used by another program.

. My computer's fan is peddling its little heart out, sounding like my PC is about to take-off. :o) For the past year, up until now, this usually only occured when running games like Far Cry 2 for an extended period of time. Now, this can last for days on end, even when my System Idle Process is running at 99%.

(I understand that this can happen after recently installing certain Windows updates too. I believe in that case it is normal. But now, it seems to be becomming rather excessive.)

. A few days ago, while the system was idling, out of the blue, I received a windows pop-up stating that Comodo's help file could not be located.

(Occuring as of JUST NOW):

. A blue dot intermittently appears on my mouse pointer. It is approx. 3x3 pixels and appears at the very point the of the arrow head. If I click anywhere on my desktop, it leaves a copy of the blue dot on the desktop until I click somewhere else, whereby leaving a copy of it there instead.

(The blue dot under my mouse pointer usually stays for less than a minute then disappears, only to reappear every so often.)

When I type, it is sometimes sluggish (To me, this seems to indicate the possibility of a key-logger). This doesn't seem to last long, and happens intermittently.

. When I double-click ESET smart security, it appears on my taskbar but I cannot maximize the window.

. a blank entry has been added to my startup (msconfig | startup tab).

. Just now, I have noticed that as I type, the mouse pointer turns into an hourglass. It happens so quickly it is hard to notice. But only happens when I type.

. Just now, my speakers made a very quick pop sound (twice now). (Usually only occurs when I turn my mic on or off. As you can probably gather, I have done neither)

. Just now, my cursor is jumping around everywhere in this message, making it extremely difficult to type.

----------

Steps I Have Taken

I am not usually one to advocate a complete reinstall of windows, but this seems to be becomming more par for the course (at least for me).
So, in a nutshell: a few weeks ago, I was experiencing similar problems with being unable to rename, move, or copy files and folders. Though SpyBot - S&D seemed to be running fine and uptodate. Unfortunately, everything was running sluggish back then aswell. (I particularly noticed this when moving the mouse pointer around.

. I have discovered a blank entry under MSCONFIG | startup. I removed all entries from startup except egui, which I believe is ESET Smart Security. Upon reboot, the blank entry didn't retick itself, but these entries did: NvCpl, ctfmon.


Other information that might or might not be pertinent right now:

. Before my most recent install of Windows XP, I -wasn't- running COMODO Firewall.

. Even though my modem/router was unplugged, after reformatting and reinstalling Windows XP, the modem/router was still listed under "System Information. This was before I had even turned the modem/router back on:

(Taken from System Information, Components, Network, Adapter: [00000001] Realtek RTL8139 Family PCI Fast Ethernet NIC)

. A few months ago, a rootkit was detected on my system. I believe that I removed it. Yet, I reformatted my PC and reinstalled Windows XP just in case.
(My logs concerning this rootkit have been since lost.)

Please note: whenever I reinstall my system, I always remove the partitions, create new ones and do a complete format (not a QUICK Format).

Just to summarize:

1. I reformatted a few months ago after finding and supposedly removing a rootkit.
2. I reformatted a few weeks ago after many strange occurences (too many to list, or even remember now) The most infuriating was being unable to rename/copy/move certain files and folders.
3. I have today began noticing discrepencies with my system again. This time, far worse than before.


Any help would be more than greatly appreciated. I heard whispers that you guys are the best. :o)


Cheers,
Don't Fidget

System Summary

OS Name Microsoft Windows XP Home Edition
Version 5.1.2600 Service Pack 3 Build 2600
OS Manufacturer Microsoft Corporation
System Name DEEP-THOUGHT
System Manufacturer 7515L
System Model 775Dual-915GL
System Type X86-based PC
Processor x86 Family 15 Model 4 Stepping 1 GenuineIntel ~2993 Mhz
BIOS Version/Date American Megatrends Inc. P1.20, 11/03/2005
SMBIOS Version 2.3
Windows Directory C:\WINDOWS
System Directory C:\WINDOWS\system32
Boot Device \Device\HarddiskVolume1
Locale Australia
Hardware Abstraction Layer Version = "5.1.2600.5512 (xpsp.080413-2111)"
User Name DEEP-THOUGHT\Dev Env
Time Zone AUS Eastern Standard Time
Total Physical Memory 2,047.23 MB
Available Physical Memory 1.50 GB
Total Virtual Memory 2.00 GB
Available Virtual Memory 1.96 GB
Page File Space 3.85 GB
Page File C:\pagefile.sys

BC AdBot (Login to Remove)

 


#2 Don't Fidget

Don't Fidget
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:10:50 PM

Posted 13 September 2009 - 08:21 AM

Problem abated.

Infection Trojan.Agent removed.

Trojan.Agent
Date spotted:
First seen on 2008-01-15.
Last seen on 2009-09-13.

Detection statistics:
This object is 6.34% of all objects detected.
109,666,256 instances detected worldwide.

The reason why various files and folders couldn't be copied/moved/renamed was do to Comodo's Proactive Defense system.

When you first load Comodo Internet Security (version 3.11), you should be on the "summary" tab. Near the bottom right you will find, Proactive Defense. Undernearth Proactive defense, click "waiting for your review".

I had over a thousand entries in the My Pending Files window, so I ticked the "All" box to select them all. Then I clicked the "Move to" button and selected, "My own safe files". Then I was able to install MalwareBytes' Anti-Malware, which is what found the above-mentioned Trojan, which incidently, was a file called:

EXE.exe

So if anyone else is having similar problems, particularly with noticing a blue dot intermittently appearing on or under your mouse pointer, search your computer for this file. Of course, it is more than likely to be called something else on your system; obviously it would be best to run MalwareBytes' Anti-Malware, as the following listed programs (to date) didn't pick it up:

ESET Smart Security
COMODO Anti-Virus (part of COMODO internet security)
SpyBot Search & Destroy

-----

Just to tidy up a little,

Re:

"Even though my modem/router was unplugged, after reformatting and reinstalling Windows XP, the modem/router was still listed under "System Information. This was before I had even turned the modem/router back on:

"(Taken from System Information, Components, Network, Adapter: [00000001] Realtek RTL8139 Family PCI Fast Ethernet NIC)"

I realize, quite bashfully now, that this relates to the connector, or the plug, on the back of my PC and not the actually modem/router itself. :o)

I wouldn't have made such a faux pas if it wasn't for my ISP. I ran the question by them via the helpdesk before posting in here, and they said, "Yes. That sounds strange. I don't know." Well, let me tell you, -I- "don't know" if this is supposed to be rudimentary knowledge (for someone working on a helpdesk) or not, but if so, I guess they'll hire anyone these days. I do of course take proper ownership of my contretemps in the matter. ;)

Oh, and also, having a blank entry under startup (msconfig | startup tab) is apparently normal, albeit if anyone else is concerned, they'd do good to follow up on it elsewhere, as I am about to do.

The only other program I'd recomment from a user's perspective, is Rootkit Revealer, which I downloaded from Microsoft TechNet a while ago. Coming in at a mere 231 pounds, er KB, there's no excuse not to have it. (It's how I found my initial rootkit.)

Cheers,
Don't Fidget
"Battening down the hatches!"




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users