Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

denied access to Spybot


  • Please log in to reply
3 replies to this topic

#1 farmjohn

farmjohn

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:06:15 PM

Posted 15 January 2010 - 05:39 PM

A while back I tried to look at something on the internet and was told to download an exe in order to do that.
My computer gave me the warning that doing that can cause probelms.
And, it has, I can't use Spybot and, I'm not sure if it's related but, my bookmarks have been deleted and before that were listed multiple times for one bookmark, which didn't work to use it.
So, I was in touch with Spybot support and they had me download and run a few things.
Exe helper, Inherit, Combofix (I still have the log)
they told me twice they didn't receive the combofix log I sent to them. I can only think my problem is what's blocking that from happening.
They had me run GMER, win32K diag (the log read : WARNING: Could not get backup privileges!)
A while ago Spybot support who were really helpful, even though my problem is still not fixed told me:
your logs are showing a win32k.sys rootkit infection. Most probably there is also a maxx++ rootkit varaint and a patched eventlog library
The deleted msa.exe is a FraudLoad variant. Usually it nags nags the user with faked security warnings
Then that they needed the combofix log.
I ran combofix twice as carefully as possible. Somehow when I sent it to Spybot support they don't receive it.
Thanks for your time and attention to this.
below is the window that pops up when I try to open Spybot:

C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
Windows cannot access the specified device, path, or file. You may not have the appropriate permissions to access the item.

BC AdBot (Login to Remove)

 


#2 roadclosed

roadclosed

  • Members
  • 138 posts
  • OFFLINE
  •  
  • Local time:06:15 PM

Posted 15 January 2010 - 06:21 PM

Assuming you are running XP can you please try both of these scans ?

Malwarebytes
Please download Malwarebytes' Anti-Malware from Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
    • If the program won't start, go to MBAM's program folder (normally C:\Program Files\Malwarebytes' Anti-Malware), rename mbam.exe to a random file name (keep the .exe extension) and double-click on it to start the program.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy & Paste the entire report into this thread when you have completed the next scan

Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.




Superantispyware
Download
Superantispyware
  • Load Superantispyware and click the check for updates button.
  • Once the update is finished click the scan your computer
    button.
  • Check Perform Complete Scan and then next.
  • Superantispyware will now scan your computer and when its finished
    it will list all the infections it has found.
  • Make sure that they all have a check next to them and press
    next.
  • Click finish and you will be taken back to the main
    interface.
  • Click Preferences and then click the statistics/logs
    tab. Click the dated log and press view log and a text file will
    appear.
  • Please copy and paste the log from this scan and the Malwarebytes scan on to the forum for someone to check for you .

( A note;for the time being only post the reports from those two programs )

#3 farmjohn

farmjohn
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:06:15 PM

Posted 16 January 2010 - 10:15 PM

Thanks so much for helping me.
Here's the logs you asked for.

Malwarebytes' Anti-Malware 1.44
Database version: 3580
Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512

1/16/2010 9:15:05 PM
mbam-log-2010-01-16 (21-15-05).txt

Scan type: Quick Scan
Objects scanned: 110056
Time elapsed: 10 minute(s), 16 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Documents and Settings\John Carey\My Documents\downloads\registryfix.exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\WINDOWS\win32k.sys (Trojan.Dropper) -> Quarantined and deleted successfully.



SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 01/16/2010 at 10:08 PM

Application Version : 4.33.1000

Core Rules Database Version : 4485
Trace Rules Database Version: 2303

Scan type : Complete Scan
Total Scan Time : 00:18:29

Memory items scanned : 414
Memory threats detected : 0
Registry items scanned : 4051
Registry threats detected : 0
File items scanned : 7593
File threats detected : 0

thanks again really

#4 farmjohn

farmjohn
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:06:15 PM

Posted 16 January 2010 - 10:17 PM

sorry I just tried to open Spybot again and guess what I'm still denied access
thought you might want to know




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users