Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Malwarebytes & Windows Defender freeze on file(s) in same folder


  • This topic is locked This topic is locked
5 replies to this topic

#1 mich2394

mich2394

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:05:09 PM

Posted 15 January 2010 - 11:46 PM

Hi!

I have vista sp1.

Tonight I tried to play a dvd in the pc as the dvd wasn't working on my dvd player. I never tried using the dvd player on the pc before and since it wasn't coming up in windows media I thought it may need a setting and I saw a dvd setting and while I'm very careful not to mess with things, this looked innocent, it said no region for dvd selected, so I chose united states.

The dvd did not play and then I noticed a 2nd dvd in the pack which said it was a digitized one. No clue what that was, but it had the same movie title, so I put that in, and got a message saying something about I can't watch this..something with legalities or licensing. I noticed it said blue ray, and then I realized that was why it wouldn't work in my player or the pc.

I had to use task manager to stop windows media as both of those dvd's caused the program to go into 'not responding' mode.

Windows defender then alerted me that some program was added which will autostart. The message vanished so quick I don't know what it was, but I did check the start up programs later and didn't find anything that seemed it could be a problem.

I then ran ccleaner which had normal stuff.

Then I ran a full scan of Malwarebytes.

Hours earlier I had run a quick scan of Malwarebytes and it ran fine and still does.

I have Malwarebytes 1.44; updated to database 3573; fingerprints loaded 178202 which was current a few hours ago.

On the full scan it stops at about 4 minutes into it on a file in program data\uninstall\(a lot of numbers in here)\setup.exe

I let it sit there a long time, until it said not responding then stopped the program using task manager.

I then ran a full scan of superantispyware which is current and up to date and that came back with no infections.

I then ran NIS2009 which came back no problems. (never does, but what the heck) :thumbsup:

I then ran the file through virus total which came back with no results next to the program names and will show the bottom portion of the result page below.

Then I ran malwarebytes full scan again, same problem.. freezes same place.

Then I ran windows defender which also froze in same folder but after the (number file portion) it was halted on a different sub folder.

I ran that through virus total as well, with no results or problems.

I ran malwarebytes one more time (I'm stubborn. lol) and still not getting past this file.

Here is the bottom (additional information) of the Virus Total scan result as I do not know if this information is important. This is only from the one malwarebytes stopped on.

Additional information

File size: 4819440 bytes
MD5...: b7360f71f8181264768227df7c26e91c
SHA1..: 029a177cce0ddce391c209d5b202944d034332d8
SHA256: 5dbad134ee8abb8167b226b5d3dd007c77d9dec0451824398c92b6bc03503932
ssdeep: 24576:VcKG9RRULcbDkW+78U3BeipqUjkFG3zY2oD4LF833Xcu0hu0Bu0Du0Hu0/
QzJgKm:V3irU3BTjk83zqELCqQzJgK0LQMotm19
PEiD..: -
PEInfo: -
RDS...: NSRL Reference Data Set
-
pdfid.: -
trid..: Win32 Executable MS Visual C++ (generic) (59.5%)
Windows Screen Saver (20.6%)
Win32 Executable Generic (13.4%)
Generic Win/DOS Executable (3.1%)
DOS Executable Generic (3.1%)
sigcheck:
publisher....: Sonic Solutions
copyright....: Copyright 2004 Sonic Solutions
product......: Setup Application
description..: Setup Application
original name: n/a
internal name: Crysalis
file version.: 3.52.14e
comments.....: n/a
signers......: Sonic Solutions
VeriSign Class 3 Code Signing 2004 CA
Class 3 Public Primary Certification Authority
signing date.: 1:52 AM 12/21/2007
verified.....: -



I was going to reinstall malwarebytes but when windows defender also freezes in that folder realized is not malwarebytes.

Does anyone know what I can do to be able to get through a full scan and if this is a virus/trojan?

I do not know if is safe to remove that uninstall folder.

I have not restarted since this problem, as I am concerned what that might do.

I appreciate your reading this and your help.

:flowers:

Edited by mich2394, 15 January 2010 - 11:51 PM.


BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,199 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:05:09 PM

Posted 16 January 2010 - 12:47 AM

Try running this then MBAM immediately.

RKill....

Please download Rkill by Grinler and save it to your desktop.Link 2
Link 3
Link 4
  • Double-click on the Rkill desktop icon to run the tool.
  • If using Vista, right-click on it and Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
  • If the tool does not run from any of the links provided, please let me know.
You will need to run the application again if rebooting the computer occurs along the way.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 mich2394

mich2394
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:05:09 PM

Posted 16 January 2010 - 01:13 AM

Hi,

Thanks for your helping me!

I ran the first one which did bring up a dos screen which stayed a few seconds, like about 10 seconds, then the desktop refreshed itself. I ran full scan malwarebytes but now it is freezing up sooner.

This time it is freezing up at 2 minutes and not responding on program data\symantec temporary files\nis09en.exe

So, just in case, I ran the rkill program one more time and again got the dos screen and again reran malwarebytes full scan and it again froze on same file.

I want to make sure I followed your directions correctly and so from what I understood from what you wrote as long as the program ran then I did not need run the other ones..so have just done the above with the rkill program.

So will await your further directions.

Thank you for your help!

Edited by mich2394, 16 January 2010 - 01:13 AM.


#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,199 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:05:09 PM

Posted 16 January 2010 - 01:16 AM

Yes that was correct..
It seems your infection will require a deeper look.
You will need to run HJT/DDS. If you cannot perform a step move along.
Please follow this guide. Preparation Guide For Use Before Using Hijackthis. Then go here HijackThis Logs and Virus/Trojan/Spyware/Malware Removal ,click New Topic,give it a relevant Title and post that complete log.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 mich2394

mich2394
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:05:09 PM

Posted 16 January 2010 - 01:21 AM

Thank you so much, I will start the process.

I had a question before I start that. Will it be all right to turn off my pc later when done? I guess I'm afraid of what might happen on restart in the morning but I never leave my pc on at night and prefer it off.

Thanks.

#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,199 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:05:09 PM

Posted 16 January 2010 - 10:23 AM

I don't think it will be a problem.

Now that your log is properly posted, you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a HJT Team member, nor should you continue to ask for help elsewhere. Doing so can result in system changes which may not show it the log you already posted. Further, any modifications you make on your own may cause confusion for the helper assisting you and could complicate the malware removal process which would extend the time it takes to clean your computer.

From this point on the HJT Team should be the only members that you take advice from, until they have verified your log as clean.

Please be patient. It may take a while to get a response because the HJT Team members are very busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT make another reply until it has been responded to by a member of the HJT Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another HJT Team member is already assisting you and not open the thread to respond.

To avoid confusion, I am closing this topic.

Edited by boopme, 16 January 2010 - 10:30 AM.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users