Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Removal of MS Antispyware 2009


  • Please log in to reply
25 replies to this topic

#1 CShirey

CShirey

  • Members
  • 58 posts
  • OFFLINE
  •  
  • Local time:02:20 AM

Posted 17 November 2009 - 11:29 PM

Hello,
I am trying to remove the MS AntiSpyware 2009 using the following instructions and I can't get past the beginning of the process. The computer is a Dell Inspiron 6000 running XP SP2 which I will update to SP3 after this fun stuff is over!

How to remove MS Antispyware 2009 (Uninstall Instructions)
Posted by Grinler on December 14, 2008 @ 03:55 PM Views: 117,103
www.bleepingcomputer.com/virus-removal/remove-ms-antispyware-2009#files

I have started the computer in Safe Mode with Networking enabled so I do have internet access. I am able to download the mbam-setup files (or other program files for that matter) but am unable to run and install the programs. Nothing happens.

I've looked for other programs already installed on the computer that might be of use but they don't seem to be able to go to the internet to update their files. Currently, Norton PC Checkup is running but what is supposed to take a few moments has been running a half hour at least.

Suggestions and help will be appreciated!!!

cs.

Edited by CShirey, 17 November 2009 - 11:31 PM.


BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,166 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:03:20 AM

Posted 18 November 2009 - 12:35 AM

Does the PC run in normal mode. if so do this there. If not do it in Safe but let me know.

Please download Rkill by Grinler and save it to your desktop.Link 2
Link 3
Link 4
  • Double-click on the Rkill desktop icon to run the tool.
  • If using Vista, right-click on it and Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
  • If the tool does not run from any of the links provided, please let me know.
You will need to run the application again if rebooting the computer

Now Run MalwareBytes and post back the log.

FULL INSTRUCTIONS....
Next run MBAM (MalwareBytes):

NOTE: Before saving MBAM please rename it to zztoy.exe....now save it to your desktop.

Please download Malwarebytes Anti-Malware and save it to your desktop.

alternate download link

MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.

Edited by boopme, 18 November 2009 - 01:40 PM.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 CShirey

CShirey
  • Topic Starter

  • Members
  • 58 posts
  • OFFLINE
  •  
  • Local time:02:20 AM

Posted 18 November 2009 - 12:10 PM

I am grateful for the above directions but I am running into problems either way I try to approach it. I am using my computer to communicate with you and the first problem is that I can not use the links for RKill as they are downloaded to my computer. On the other computer, in regular start up mode the internet is extremely slow and will not allow me to go to the Bleeping Computer website. In Safe Mode, the internet seems fine (regular speed, etc) but again will not allow me to go to Bleeping Computer. How can I get this software from my computer to the other computer? Is there a way it can be emailed to the problem computer? I'd need more than a link directly to the program to do that.
Suggestions, please?
Thank you so much!

Edited by CShirey, 18 November 2009 - 12:12 PM.


#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,166 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:03:20 AM

Posted 18 November 2009 - 01:54 PM

can you get to another PC and copy RKill and Mabam to a flash drive or CD? Then run it on the infected PC from that.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 CShirey

CShirey
  • Topic Starter

  • Members
  • 58 posts
  • OFFLINE
  •  
  • Local time:02:20 AM

Posted 18 November 2009 - 08:52 PM

Sorry, should have gotten that answer. I put both programs on a removable drive and got the Rkill program to run; the only difference I noticed from the instructions is that the black DOS box did not briefly flash and disappear - it stayed around awhile as the program ran.

I then went back to the removable drive to run MalwareBytes (saved as zztoy.exe) and I am unable to access anything from the START BUTTON; I even tried the START key that I never use but I'm totally stuck. I even restarted the computer and tried again with no further success.

The "Your computer might be at risk" balloon is there in the system tray and the remove hardware safely utility has disappeared; I am concerned about removing my portable drive (a friend's MP3 player!)

More suggestions, please?

Thank you for your time.

cs.

#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,166 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:03:20 AM

Posted 18 November 2009 - 09:49 PM

Try this..
You need to run RKill again as it is needed each time you reboot if the tools don't run.

Use the method below to run RKill also if needed.

Click CTRL+SHIFT+ESC
This will bring up the Task Manager
Click New Task
Click Browse
Browse to your portable drive and select mbam.exe
This should run Mbam
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#7 CShirey

CShirey
  • Topic Starter

  • Members
  • 58 posts
  • OFFLINE
  •  
  • Local time:02:20 AM

Posted 18 November 2009 - 10:33 PM

Unable to do anything in regular start up mode. (BTW, although neither worked for me I am used to using CTRL+ALT+DEL as opposed to CTRL+SHIFT+ESC to bring up task manager. What is the difference?)

I was able to start the computer in SAFE MODE and get to MY COMPUTER however the removable drive no longer shows. On the face of the removable drive it reads, "Reading. Don't remove USB." How do I get the computer to recognize this removable drive in safe mode and what else do I need to know if I have to do this in safe mode?

Many, many thanks.

I did try Add Hardware - no go.

Edited by CShirey, 18 November 2009 - 10:37 PM.


#8 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,166 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:03:20 AM

Posted 18 November 2009 - 10:51 PM

It's just direct to task manager.
Can you do Safe Mode with Networking from the Advanced Menu options? If so try to get Mbam that way.

In normal mode is there an icon in the System tray that says safely remove hardware.

I.m asking someone about the drive. Thaey or I will reply,
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#9 CShirey

CShirey
  • Topic Starter

  • Members
  • 58 posts
  • OFFLINE
  •  
  • Local time:02:20 AM

Posted 19 November 2009 - 11:29 AM

Hello again. I thought I was getting somewhere; I was able to download Mbam from File Hippo and changed the name as in the instructions. I attempted to install it and it froze at the finishing part. I removed that attempt and tried again and it didn't even make it half way through. I have a Mbam icon on the desktop but the program doesn't run.

I decided to take the zztoy.exe one step further and renamed the program to fixthiscomputer whenever it had MalwareBytes and it did the same thing as the first time - got to the end of installation and froze.

I don't know how long I should leave it like that but I think my next step is to try to go to bleepingcomputer.com and try to access the rkill files although it hasn't let me access your website at all although I am not having problems with other websites.

Suggestions? :thumbsup:

Since I can't get in to Bleeping Computer with that computer, I decided to Google Grinler Rkill and got results - all leading back to Bleeping Computer. I'm really stuck!

Edited by CShirey, 19 November 2009 - 11:40 AM.


#10 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,166 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:03:20 AM

Posted 19 November 2009 - 06:42 PM

Hello. Raw a BC Advisor has a copy. Try running RKill ,then MBAm and post a log.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#11 CShirey

CShirey
  • Topic Starter

  • Members
  • 58 posts
  • OFFLINE
  •  
  • Local time:02:20 AM

Posted 25 November 2009 - 10:14 AM

First of all, thank you for all of the above assistance. It is appreciated so much.

I have tried through safe mode with networking to get the files I need, by transferring them from a removable drive and every combination thereof. Nothing is quite working. One time Rkill worked then I couldn't get MBytes to run.

I am frustrated and wish I knew what it is I'm doing wrong - or not doing!

Half of the time I can't get to My Computer; nothing from the Start key. Can I do this in Safe Mode? That is if I can currently access it; that changes too. I've removed some viruses before but this one is really hard and I'd like to get this computer back to its owner.

Thank you for your time and Happy Holidays to all.

Update: I was able to start the computer in Safe Mode and started Rkill. I got the following error message: "Can not create some of your include files.
pev.eve
rkill.reg
ncmd.cfxxe
Continue?"


What do I do next? Thanks, again . . .

cs.

An update to an update? Rkill was run from a CD I had copied it to. I went back and (still in Safe Mode) was able to have my removable drive recognized and ran it from there. Black screen came and went as promised and I am taken back to the desktop and the same reminder as when I first start that I am running in Safe Mode - do I want to continue, etc. This is the point where MBam will not run; even renamed.
Sorry for all the details.

Edited by CShirey, 25 November 2009 - 11:58 AM.


#12 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,166 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:03:20 AM

Posted 25 November 2009 - 01:18 PM

This is very infected and we may end up in a reformat..

Try running this from a flash or CD drive.. It may take a very long time.
Vipre Rescue Program
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#13 CShirey

CShirey
  • Topic Starter

  • Members
  • 58 posts
  • OFFLINE
  •  
  • Local time:02:20 AM

Posted 27 November 2009 - 05:23 PM

Well, I'm almost excited - I "think" this might have worked. Unfortunately, I had to leave it running alone (after watching the line after line of red infections for awhile :thumbsup: ) and when I came back the screen was frozen at the Windows XP page.

I restarted the computer and tried to run the additional scan suggested and noticed that logging is off and I wasn't able to add the /log to get a log to verify the contents. I was foolish enough to think I'd remember the real DOS commands to run it but . . . like I said, foolish.

How do I verify that the program has done what I hope it has and (exactly) how do I enable logging?

Thanks to all for your help with this. I can't wait to get through this one and I couldn't do it without you.

cs

Found a couple of issues:
-Uninstaller will not work; unable to delete any programs.
-Windows Updates are ready to install; I believe SP3 is one of them. I thought I should wait until I know the other problems are taken care of. Opinions?
-Same thing with Java update although not as important.

Forgot to say "Thanks!!"

Edited by CShirey, 27 November 2009 - 05:40 PM.


#14 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,166 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:03:20 AM

Posted 27 November 2009 - 06:24 PM

Hello it most likely ran.
The command line is * /log
The log may still be found in the C:\VIPRERESCUE directory and are stored in an .xml file

Did you run RKill again before trying SAS or MBAM? It must be rerun each time the PC is rebooted. It may take several attempts to run Rkill.

Can you boot Normally?
Can you boot into Safe mode?

Try running an Online scan from Normal or safe With Networking.

I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Check Posted Image
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#15 CShirey

CShirey
  • Topic Starter

  • Members
  • 58 posts
  • OFFLINE
  •  
  • Local time:02:20 AM

Posted 30 November 2009 - 11:19 PM

Well I'm stuck again right from the beginning. I started the computer in safe mode and although I can access many websites, two of the ones I can not access are bleepingcomputer.com to use your link and the eset.com website to use the online scanner. I even emailed the link to the scanner to my gmail account and tried to connect there and although I got the email with no problem, I can not access the scanner.

What else can I do?

Ok, I used to know the answer to this question but . . .

The command line is * /log

is the part I knew. What I don't know is if that is entered within the program (how?) or if we are working from the DOS command line and I couldn't remember how to get even close to where I need to be. I came in at the time when DOS was beginning to be hidden by the GUI so I didn't get much exposure to it.

Thanks. I'm really annoyed with this (and myself!) I am trying everything numerous times and still can't seem to get rid of it. Thought I was close a couple of times . . .

Update: I found a Vipre log in the Excel format dated 11/28/2009. Can we do anything with that? It is 13,248 lines of text.
Thanks.


BTW: I haven't ever been able to get MBam to run.

Edited by CShirey, 30 November 2009 - 11:29 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users