Some types of malware will target Malwarebytes and other security tools to keep them from running properly. If that's the case, try this first
> All Programs > Malwarebytes Anti-Malware folder > Tools > click on Malwarebytes Chameleon
and follow the onscreen instructions. The Chameleon folder can be accessed by opening the program folder for Malwarebytes Anti-Malware (normally C:\Program Files\Malwarebytes' Anti-Malware or C:\Program Files (x86)\Malwarebytes' Anti-Malware).
Other Troubleshooting Suggestions: Note
: The information provided below and more can now be found in the Troubleshooting Malwarebytes' Anti-Malware section of Grinler's How to use Malwarebytes' Anti-Malware to scan and remove malware from your computer instruction guide which includes screenshots. Renaming
Some types of malware will target Malwarebytes Anti-Malware and other security tools to keep them from running properly. If MBAM will not install, try renaming
-- In some cases it may be necessary to redownload mbam-setup.exe and randomly rename it before downloading and saving to the computer.Note: Malwarebytes Anti-Malware uses Inno Setup instead of the Windows Installer Service to install the program. If installation coninues to fail in normal mode, try installing and scanning in safe mode. Doing this is usually not advised as MBAM is designed to be at full power when running in normal mode and loses some effectiveness for detection & removal when used in safe mode. For optimal removal, normal mode is recommended so it does not limit the abilities of MBAM. Therefore, after completing a scan it is recommended to uninstall MBAM, then reinstall it in normal mode and perform another Quick Scan.
- Right-click on the mbam-setup.exe file file and rename explorer.exe or winlogon.exe.
- Double-click on the renamed file to start the installation.
- If that did not work, then try changing the file extension.
Vista/Windows 7 users, refer to these instructions.
- Right-click on explorer.exe and change the .exe extension to .scr, .com, .pif, or .bat.
- Then double-click on explorer.com (or whatever extension you renamed it) to begin installation.
If after installation, MBAM will not run, open the Malwarebytes' Anti-Malware folder in Program Files.
- Right-click on mbam.exe and rename it to wuauclt.exe or explorer.exe.
- Double-click on wuauclt.exe to launch the program.
- If that did not work, then change the .exe extension in the same way as noted above.
- Double-click on wuauclt.com (or whatever extension you renamed it) to launch the program.
It is also possible the malware targeted your .exe files and alter associations. Without repairing the file association .exe files will lose functionality. If you are unable to run your programs you can also try this: Download FixExe.reg
and save it to your desktop. Double-click on the file and select Yes
when it asks if you want to merge the data into your Registry. Once that is completed you should be able to run other programs.Using RKill
If the above does not work, you can try using RKill before
scanning with Malwarebytes Anti-Malware. This tool terminates certain processes and fixes certain registry keys that stop us from using security and clean up tools. There will be a list of RKill download links using different file extensions and renamed versions. Read the comments which explains why they are offered. The iExplore.exe version is generally more effective but you may want to download more than one version before proceeding.
-- If you get an alert that Rkill is infected, ignore it. The alert is a fake warning given by the rogue software which attempts to terminate tools that try to remove it. If you see such a warning, leave the warning on the screen and then run Rkill again. By not closing the warning, this sometimes allows you to bypass the malware's attempt to protect itself so that Rkill can perform its routine.-- Some security tools may flag RKill as malware when renamed to iexplore.exe, explorer.exe, winlogon.exe, etc because they have definitions in place that flag reserved file names used outside their normal path. If you encounter such an alert when running Rkill, you can safely ignore it and continue to allow the program to run.
- Temporarily disable your anti-virus before performing a scan so it will not interfere with running RKill or falsely detect is as a threat.
- Double-click on the Rkill desktop icon to run the tool.
Vista/Windows 7 users right-click and select Run As Administrator.
- A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
- If not, delete the file, then download and use the one provided in Link 2.
- If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
- Note: You may have to make repeated attempts to use Rkill several times before it will run as some malware variants try to block it.
- Do not reboot until after scanning with Malwarebytes Anti-Malware.
Other types of malware may delete
the main mbam.exe
executable file during installation or when attempting to perform a scan which results in various errors such as code 2...The system cannot find the file specified
or mbam.exe - Application error
One way to resolve this is to download and install Malwarebytes Anti-Malware on a non-infected computer.
- After installation, open Windows Explorer and navigate to the C:\Program Files\Malwarebytes' Anti-Malware\ folder where mbam.exe is located.
- Copy the mbam.exe file to the Desktop and rename it to wuauclt.exe or explorer.exe.
- Save the renamed file to a usb flash drive or CD, then transfer to the infected computer.
- Alternatively, you can download a randomized renamed mbam.exe version (i.e. jdRjuT7Hk.exe) from here and use that.
- Another option is to upload the file somewhere so you can download it later to the infected computer.
- If you do not have access to another computer, ask a friend to email or upload a renamed mbam.exe for you and provide a link to download it.
- Place the renamed mbam.exe in the C:\Program Files\Malwarebytes' Anti-Malware folder on the infected computer, then double-click on it to launch the program.
- Check for database definition updates through the program's interface.
- Then perform a Quick Scan, check all items found for removal and reboot afterwards.
- Failure to reboot will prevent MBAM from removing all the malware.
- When done, click the Logs tab and copy/paste the contents of the report in your next reply.
Another thing you can try, if you cannot run MBAM or complete a scan in normal mode, is to perform a Quick Scan
in "safe mode
Scanning with Malwarebytes Anti-Malware in safe or normal mode will work but removal functions are not as powerful in safe mode. MBAM is designed to be at full power when malware is running so safe mode is not necessary when using it. In fact, MBAM loses some effectiveness
for detection & removal when used in safe mode because the program includes a special driver which does not work in safe mode. Further, scanning in safe mode prevents some types of malware from running so it may be missed during the detection process. Additionally, there are various types of malware infections which target the safeboot keyset so booting into safe mode is not always possible. For optimal removal, normal mode is recommended
so it does not limit the abilities of MBAM but sometimes there is no alternative but to do a safe mode scan. If that is the case, after completing a safe mode scan, reboot normally and try rescanning again.
Before performing a scan, don't forgot to check for database definition updates
through the program's interface (preferable method
) before scanning and to reboot afterwards. Failure to reboot normally
(not into safe mode) will prevent MBAM from removing all the malware. When done, click the Logs
tab and copy/paste the contents of the new report in your next reply.
If you cannot update MBAM through the program's interface and have already manually downloaded the latest definitions (mbam-rules.exe) shown on this page
, be aware that mbam-rules.exe is not
updated daily. Another way to get the most current database definitions if you're having problems updating, is to install MBAM on a clean computer, launch the program, update through MBAM's interface, copy the definitions (rules.ref
) to a USB stick or CD and transfer that file to the infected machine. Copy rules.ref to the location indicated for your operating system. If you cannot see the folder, then you may have to Reconfigure Windows
to show it.
- XP: C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware
- Vista: C:\Documents and Settings\Users\All Users\Malwarebytes\Malwarebytes' Anti-Malware
: Some infections will alter the Proxy settings
in Internet Explorer which can affect your ability to browse or download tools required for disinfection. You may also receive Error 732 when trying to update MBAM
. If you are experiencing such a problem, check those settings. To do that, please refer to Steps 1-4
under the section Error 732 when trying to update Malwarebytes' Anti-Malware
in this guide
Edited by quietman7, 31 July 2012 - 08:10 AM.