Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Unable to update definitions


  • Please log in to reply
9 replies to this topic

#1 vp4

vp4

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:04:51 AM

Posted 15 February 2010 - 01:53 PM

Hi – all of a sudden I am unable to update Malwarebytes Anti-Malware, SuperAnti Spyware, Spybot Search & Destroy, etc on my laptop. It gives an error about firewall blocking it. I disabled my Window firewall, ran them in safe mode. SuperAnti Spyware didn’t find anything. But Malwarebytes Anti-Malware runs for a while and then suddenly reboots the computer and comes up in normal mode. So, I ran DDS.scr and found some exe files, DLLs and a registry key that I deleted manually.

c:\windows\system32\zzop93.dll
c:\windows\system32\l6zmxp.dll
C:\ytlmlfc.exe
C:\prviwvy.exe
C:\duehpow.exe
C:\sckw.exe
C:\ojjw.exe
C:\kkalf.exe
C:\dqccpnq.exe

I still can’t update definitions on Malwarebytes Anti-Malware, SuperAnti Spyware. I am sure there is still something left over. Any help is appreciated. Thanks.

BC AdBot (Login to Remove)

 


#2 cookmiester

cookmiester

  • Members
  • 65 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Stoke-on-Trent
  • Local time:09:51 AM

Posted 15 February 2010 - 02:24 PM

Hello, what do the icons look like on the executable files. If they are ones ive seen before. I know the type of infection.

#3 vp4

vp4
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:04:51 AM

Posted 15 February 2010 - 02:31 PM

Hi, I deleted those exe files already. The icons looked like a window, very generic. You might see those icons in the system32 folder for example.

#4 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,939 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:05:51 AM

Posted 15 February 2010 - 02:38 PM

If you cannot update MBAM through the program's interface and have already manually downloaded the latest definitions (mbam-rules.exe) shown on this page, be aware that mbam-rules.exe is not updated daily. Another way to get the most current database definitions if you're having problems updating, is to install MBAM on a clean computer, launch the program, update through MBAM's interface, copy the definitions (rules.ref) to a USB stick or CD and transfer that file to the infected machine. Copy rules.ref to the location indicated for your operating system. If you cannot see the folder, then you may have to Reconfigure Windows to show it.
  • XP: C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware
  • Vista: C:\Documents and Settings\Users\All Users\Malwarebytes\Malwarebytes' Anti-Malware
Some types of malware will target Malwarebytes Anti-Malware and other security tools to keep them from running properly. Other types of malware may delete the main mbam.exe executable file during installation or when attempting to perform a scan which results in various errors. If that's the case, please refer to the suggestions provided in For those having trouble running Malwarebytes Anti-Malware for using Rkill or downloading a renamed version of mbam.exe.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#5 vp4

vp4
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:04:51 AM

Posted 15 February 2010 - 03:28 PM

Thanks for the advice. My problem is not just Malware. It is with every Anti-spyware program I tried to download and update. When I try to update Malware, I get the following error.

Error code: 732 (12007,0)

I searched that error on google with numerous hits but I can't go to forums.malwarebytes.org.

I think there is trojan or something that is blocking me.

I am less concerned with Malware than the general inability to update any Anti-spyware programs I tried. I downloaded Ad-Aware this morning and right after installation, it tried to update but failed and I couldn't scan.

#6 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,939 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:05:51 AM

Posted 15 February 2010 - 04:29 PM

Anytime Malwarebytes Anti-Malware results in any error messages, check the Help file's list of error codes within its program folder first. Go to Start > All Programs > Malwarebytes' Anti-Malware folder or open Windows Explorer and navigate to its folder in Program Files. If you do not find any information, please refer to:

Error 732: Error updating the database or product. Check Internet connectivity.

Section D
Error Code 732 - Automatically Detect Settings in IE & Note for NetZero Users


That's why you should try updating from another computer and transfer the file to the infected one. Once most of the malware is removed, you should be able to update your other security programs. You can also download, transfer and scan with SUPERAntiSpyware Portable Scanner. Also, manually download the definitions from here so you can save and transfer them as well. Double-click on the hyperlink for Download Installer and save SASDEFINITIONS.EXE to a usb drive along with the others you are going to transfer. Afterwards, just double-click on SASDEFINITIONS.EXE to install the definitions.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#7 vp4

vp4
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:04:51 AM

Posted 16 February 2010 - 12:04 AM

It worked! I was able to delete 18 more infections and then had to reinstall Malware due to error code 703. Nw I can update definitions. Thanks much for the advice.

The DDS log file contained the following and that looks suspicious.

Trusted Zone: buy-internetsecurity10.com
Trusted Zone: buy-is2010.com
Trusted Zone: is-software-download.com
Trusted Zone: is10-soft-download.com
Trusted Zone: buy-internetsecurity10.com
Trusted Zone: buy-is2010.com

What is this?

#8 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,939 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:05:51 AM

Posted 16 February 2010 - 07:48 AM

They correspond to unwanted sites or IP addresses in the IE Trusted Zone & Protocol Defaults. Zone Map registry keys are relate to the Restricted Zone or the Trusted Zone of Internet Explorer. See: http://support.microsoft.com/kb/182569

In Internet Explorer 7 or Internet Explorer 8, go Posted Image > Control Panel > Internet Options > Advanced tab and click the Reset... button under "Reset Internet Explorer settings" to remove unwanted sites in the Trusted and Restricted Zones or let Microsoft Fix it do it for you.

Please post the complete results of your MBAM scan for review.

To retrieve the Malwarebytes Anti-Malware scan log information, launch MBAM.
  • Click the Logs Tab at the top.
    • The log will be named by the date of scan in the following format: mbam-log-date(time).txt
      -- If you have previously used MBAM, there may be several logs showing in the list.
  • Click on the log name to highlight it.
  • Go to the bottom and click on Open.
  • The log should automatically open in notepad as a text file.
  • Go to Edit and choose Select all.
  • Go back to Edit and choose Copy or right-click on the highlighted text and choose Copy from there.
  • Come back to this thread, click Add Reply, then right-click and choose Paste.
  • Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Logs are saved to the following locations:
-- In XP: C:\Documents and Settings\<Username>\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs
-- In Vista: C:\Documents and Settings\Users\All Users\Malwarebytes\Malwarebytes' Anti-Malware\Logs

Edited by quietman7, 16 February 2010 - 07:58 AM.

.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#9 vp4

vp4
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:04:51 AM

Posted 16 February 2010 - 10:30 PM

I actually use Firefox. Don't use IE much at all even though I have it and recently upgraded it to IE 8. Did manually reset but 4 of them are still around.

Trusted Zone: buy-internetsecurity10.com
Trusted Zone: buy-is2010.com
Trusted Zone: is-software-download.com
Trusted Zone: is10-soft-download.com

Here is the MBAM log.

Malwarebytes' Anti-Malware 1.44
Database version: 3743
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

2/15/2010 8:20:45 PM
mbam-log-2010-02-15 (20-20-45).txt

Scan type: Full Scan (C:\|)
Objects scanned: 32526
Time elapsed: 10 minute(s), 7 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 11

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\System Volume Information\_restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP2\A0004162.exe (Trojan.Vundo.Gen) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP2\A0004159.exe (Trojan.Goldun) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP2\A0004160.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP2\A0004161.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP2\A0004163.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP2\A0004165.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP2\A0004167.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP3\A0004203.dll (Trojan.Goldun) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP4\A0004912.DLL (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP4\A0005149.dll (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP6\A0006450.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Malwarebytes' Anti-Malware 1.44
Database version: 3743
Windows 5.1.2600 Service Pack 3 (Safe Mode)
Internet Explorer 8.0.6001.18702

2/15/2010 11:16:21 PM
mbam-log-2010-02-15 (23-16-21).txt

Scan type: Full Scan (C:\|)
Objects scanned: 252276
Time elapsed: 1 hour(s), 47 minute(s), 28 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 5
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\seagate (Backdoor.Bot) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 93.188.164.111,93.188.166.103 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{19da7e09-1750-4884-b65e-02578c53cb1b}\NameServer (Trojan.DNSChanger) -> Data: 93.188.164.111,93.188.166.103 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{2ad0df13-0956-4797-9d3a-172942d4fc40}\NameServer (Trojan.DNSChanger) -> Data: 93.188.164.111,93.188.166.103 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{702f8c93-9c44-4f1e-b495-5b4fe334c689}\NameServer (Trojan.DNSChanger) -> Data: 93.188.164.111,93.188.166.103 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{ce98f657-4414-4554-8d12-b3c4c399c3ba}\NameServer (Trojan.DNSChanger) -> Data: 93.188.164.111,93.188.166.103 -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\YTWZ8XE7\ftp[1].exe (Trojan.Inject) -> Quarantined and deleted successfully.

#10 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,939 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:05:51 AM

Posted 17 February 2010 - 08:32 AM

To remove unwanted sites in Firefox, go to Tools > Options... > Privacy tab and click on the Exceptions... button. Scroll through the list, right-click on any entry you want to remove and click the Remove Site. Click Close and then click OK.

Then I recommend you download and install SpywareBlaster. Click on Updates, then the Check for updates button. If any are found, download them all and click Enable Protection for All Unprotected items when finished.

Please download TFC (Temp File Cleaner) by Old Timer and save it to your desktop.
alternate download link
  • Save any unsaved work. TFC will close ALL open programs including your browser!
  • Double-click on TFC.exe to run it. If you are using Vista, right-click on the file and choose Run As Administrator.
  • Click the Start button to begin the cleaning process and let it run uninterrupted to completion.
  • TFC will clear out all temp folders for all user accounts (temp, IE temp, Java, FF, Opera, Chrome, Safari), including Administrator, All Users, LocalService, NetworkService, and any other accounts in the user folder.
  • Important! If TFC prompts you to reboot, please do so immediately. If not prompted, manually reboot the machine anyway to ensure a complete clean.
Note: It is normal for the computer to be slow to boot after running TFC cleaner the first time.

Please download and scan with SUPERAntiSpyware Free
  • Double-click SUPERAntiSypware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If it will not start, go to Start > All Prgrams > SUPERAntiSpyware and click on Alternate Start.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download them from here. Double-click on the hyperlink for Download Installer and save SASDEFINITIONS.EXE to your desktop. Then double-click on SASDEFINITIONS.EXE to install the definitions.)
  • In the Main Menu, click the Preferences... button.
  • Click the "General and Startup" tab, and under Start-up Options, make sure "Start SUPERAntiSpyware when Windows starts" box is unchecked.
  • Click the "Scanning Control" tab, and under Scanner Options, make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the control center screen and exit the program.
  • Do not run a scan just yet.
Reboot your computer in "Safe Mode" using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".

Scan with SUPERAntiSpyware as follows:
  • Launch the program and back on the main screen, under "Scan for Harmful Software" click Scan your computer.
  • On the left, make sure you check C:\Fixed Drive.
  • On the right, under "Complete Scan", choose Perform Complete Scan and click "Next".
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes" and reboot normally.
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.
-- If you cannot boot into safe mode or complete a scan, then perform your scan in normal mode.

-- If you have a problem downloading, installing or getting SAS to run, try downloading and using the SUPERAntiSpyware Portable Scanner instead. Save the randomly named file (i.e. SAS_1710895.COM) to a usb drive or CD and transfer to the infected computer. Then double-click on it to launch and scan. The file is randomly named to help keep malware from blocking the scanner.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users