Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

nasty virus...can I get rid of it without reformat?


  • Please log in to reply
3 replies to this topic

#1 humanracer

humanracer

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:01:20 PM

Posted 28 October 2009 - 08:14 AM

I probably got this from an mp3 site I visited using Firefox. I have had similar infections before but usually combofix gets rid of them. However this one is awful. Basically when I load windows, the system takes ages to load then I get an error saying "logonui.exe application error" and then asks me if I want to debug or terminate. Finally after a while a login box appears then when I click enter the system finally loads with a blue screen as a background. I tried running malware bytes and it found registry infections but then when I try to remove it says the program has an error then closes. Spybot keeps alerting me changes to my registry. Combofix wont load at all. I cant boot in safe mode, it comes up with the blue screen of death then restarts. There are lots of files running such as a.tmp etc which are most probably viruses. I cant run regedit or msconfig, it says access is denied. My internet connection also stops after a while.

I have backed up my data but dont want to go to the hassle of reformatting. Can I get rid of this some other way?


Thanks



Robert

BC AdBot (Login to Remove)

 


#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,762 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:02:20 PM

Posted 28 October 2009 - 12:29 PM

I tried running malware bytes and it found registry infections but then when I try to remove it says the program has an error then closes.

What does the error say and when did it occur (during installation or after when performing a scan)?
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#3 humanracer

humanracer
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:01:20 PM

Posted 28 October 2009 - 02:16 PM

I tried running malware bytes and it found registry infections but then when I try to remove it says the program has an error then closes.

What does the error say and when did it occur (during installation or after when performing a scan)?


I can't quite remember, it happened very fast. I think it was something like "this program has encountered a problem and needs to close", now I can't access the program at all. It says the program is inaccessable. I can't seem to reinstall it either. The error happened at the end of the scan when I clicked to delete the infected items.

#4 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,762 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:02:20 PM

Posted 28 October 2009 - 02:21 PM

Some types of malware will disable Malwarebytes Anti-Malware and other security tools to keep them from running properly. Others may delete the main mbam.exe executable file during installation or when attempting to perform a scan which results in various errors.

To resolve this, download and install Malwarebytes Anti-Malware on a non-infected computer.
  • After installation, open Windows Explorer and navigate to the C:\Program Files\Malwarebytes' Anti-Malware\ folder where mbam.exe is located.
  • Copy the mbam.exe file to the Desktop and rename it to wuauclt.exe or explorer.exe.
  • Save the renamed file to a usb flash drive or CD, then transfer to the infected computer.
    • Another option is to upload the file somewhere so you can download it later to the infected computer.
    • If you do not have access to another computer, ask a friend to email or upload a renamed mbam.exe for you and provide a link to download it.
  • Place the renamed mbam.exe in the C:\Program Files\Malwarebytes' Anti-Malware folder on the infected computer, then double-click on it to launch the program.
  • If that still did not work, then try changing the file extension. <- click this link if you do not see the file extension
    If using Windows Vista, refer to these instructions.
  • Right-click on the wuauclt.exe file, and change the .exe extension to .scr, .com, .pif, or .bat.
  • Double-click on wuauclt.scr (or whatever extension you renamed it) to launch the program.
  • Check for database definition updates through the program's interface.
  • Then perform a Quick Scan, check all items found for removal and reboot afterwards.
  • Failure to reboot will prevent MBAM from removing all the malware.
  • When done, click the Logs tab and copy/paste the contents of the report in your next reply.

Edited by quietman7, 28 October 2009 - 02:25 PM.

.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users