Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Antivirus Live on XP, Dell Dimensions 8400


  • Please log in to reply
4 replies to this topic

#1 minwoo718

minwoo718

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:07:26 AM

Posted 12 December 2009 - 12:45 AM

I was recently infected with the Antivirus Live program.
I tried following the steps on http://www.bleepingcomputer.com/virus-remo...-antivirus-live and transferred MalwareBytes from a clean computer and tried installing it onto the infected computer (running Windows XP, Dell Dimension 8400). The installation would complete, but it would not allow me to execute the actual program. The Antivirus program would pop up with error messages about infections and would say that the .exe file could not be found or run.
I tried unchecking the LAN properties, but now I am no longer even able to open up IE at all. I installed Firefox from a clean computer, but now the infected one won't open Firefox either.
I wanted to post a log, but I cannot access the Internet at all now on my infected computer. This seems to be very malicious, and I'm not sure what the next step should be. I appreciate any help that can be provided. Thank you, everyone!

BC AdBot (Login to Remove)

 


#2 WillShattuck

WillShattuck

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:04:26 AM

Posted 12 December 2009 - 03:08 AM

Some of these fake antivirus programs are looking for specific programs to run and then terminating the program after launch. One step you can do to run Malwarebytes is to rename mbam.exe to something else; blah.exe for example.
  • Open My Computer
  • Double click on the C: drive
  • Double click on the Program Files folder
  • Double click on the Malwarebytes' Anti-Malware folder
  • Right click on mbam.exe (or just mbam), left click on copy
  • Left click on EDIT at the top, Left click on Paste. A file called "Copy of mbam.exe" (or "Copy of mbam) will be created.
  • Right click on "Copy of mbam.exe" or "Copy of mbam", left click on Rename
  • Type in: blah.exe
    • If you do not see the ".exe" extension, please just type: blah
  • Hit the Enter key
  • Double click on blah.exe or blah, wait a few seconds and Malwarebytes should open up.
I figured this out one night when a friend's computer was infected and all the normal programs for killing running programs were being killed by the spy(mal)ware program.

Let me know if this works or not for you.

#3 azfreetech

azfreetech

  • Members
  • 182 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Mesa, AZ
  • Local time:05:26 AM

Posted 12 December 2009 - 10:39 AM

Have you tried logging in to safemode? To get in to safemode gently tap F8 as the computer reboots. When you see the menu, select safemode with networking.

Install, update and run Malwarebytes. You can get it HERE . Install, update and run it. If you have problems installing it then try renaming the file before saving it to your desktop. I like renaming it to bgmama. Get rid of what it finds.

Remove what MBAM finds and then install and run ATF Cleaner (for WINdows XP and 2000 only!). Check the box for select all and then click the button Empty Selected. This will help clear out temp files, cookies and other junk that clutters up Windows.

Next install, update and run SUPERAntiSpyware. Get rid of what it finds. Finally update and run your antivirus program and get rid of anything that it finds. If you are able to run MBAM and SAS please post the logs in your next response.
DJ Digital Gem

I gave up on computers and now I just DJ!

#4 minwoo718

minwoo718
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:07:26 AM

Posted 19 December 2009 - 12:02 AM

Hi everyone.
I tried renaming the file. That did no good.
My computer won't start in Safe Mode with networking, or in any safe mode at all actually. I get the blue screen of death telling me to check my computer for viruses and to check my drives. When I start up in regular mode, my Firefox and IE will not work at all. They both keep running fatal errors and I can't open Malware at all. When I click on the icon, it says that it can't locate mbam.exe and asks me if I want to manually browse for it. I've tried opening up the "blah"/ renamed files, but that didn't work...
Is there anything I can do before I give up?

Thank you...

#5 WillShattuck

WillShattuck

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:04:26 AM

Posted 19 December 2009 - 02:24 AM

bummer. In reading other posts, there is a program called rkill that is supposed to kill all running malicious software and allow you to run Malwarebytes and other software. I found a link in this article.

http://www.bleepingcomputer.com/virus-remo...e-security-tool

It is about 3 page downs. After you download it follow the rest of the instructions on running Malwarebytes.

I personally have not tried using rkill and have no personal experience with it. You may want to read more about it before using it. What I have seen shows that it kills running processes that are preventing you from running MBAM. Please research on your own before using this as I don't have any first hand experience with it.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users