Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

bad infection


  • This topic is locked This topic is locked
27 replies to this topic

#1 Haerith

Haerith

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Local time:12:44 PM

Posted 06 March 2010 - 11:42 PM

I am absolutely clueless as to what to do. Usually I would run mbam and clean it up. However in this case I cannot do either since no .exe files can run with the exception (to my knowledge) of firefox. I don't know why it's only firefox.

"Application cannot be executed. The file _____.exe is infected. Do you want to activate your antivirus software now?"

This is the error I get for basically every single file. I can't run the dds file so I cannot post a log. All help is very much appreciated, thanks!

Edited by Pandy, 07 March 2010 - 03:37 AM.
Moved from Virus, Trojan, Spyware, and Malware Removal Logs as no logs are included ~Pandy


BC AdBot (Login to Remove)

 


#2 Guest_Funnel Web_*

Guest_Funnel Web_*

  • Guests
  • OFFLINE
  •  

Posted 07 March 2010 - 06:01 AM

try renaming mbam to say mbam2 and then try running it!!!

could you give exact error message

#3 Haerith

Haerith
  • Topic Starter

  • Members
  • 50 posts
  • OFFLINE
  •  

Posted 07 March 2010 - 01:52 PM

I tried as you said and the same error showed up.

"Application cannot be executed. The file mbam.exe is infected. Do you want to activate your antivirus software now?"

#4 Starbuck

Starbuck

    'r Brudiwr


  • Malware Response Team
  • 4,149 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midlands, UK
  • Local time:12:44 PM

Posted 07 March 2010 - 04:37 PM

Hi Haerith,

Try this first and see if this cures it:

Please download exeHelper to your desktop.
If your AV program throws up a warning about the program, ignore the warning. Some AV's flag this program because of how it works... that's all.
  • Double-click on exeHelper.com to run the fix.
  • A black window should pop up, press any key to close once the fix is completed.
  • Post the contents of exehelperlog.txt ( Will be created in the directory where you ran exeHelper.com and should open at the end of the scan)
Note : If the window shows a message that says "Error deleting file", please re-run the program before posting a log - and post the two logs together ( they will both be in the one file ).

Thanks

Edited by Starbuck, 07 March 2010 - 05:04 PM.

BBPP6nz.png


#5 Haerith

Haerith
  • Topic Starter

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Local time:05:44 PM

Posted 07 March 2010 - 05:07 PM

I got the same error from before and the helper would not run for more than a second. I got a small log out of it but it has no information on it, but I'll post it anyway.

exeHelper by Raktor
exeHelper by Raktor
Build 20091220
Build 20091220
exeHelper by Raktor
Build 20091220
Run at

and that's it.

#6 Starbuck

Starbuck

    'r Brudiwr


  • Malware Response Team
  • 4,149 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midlands, UK
  • Local time:12:44 PM

Posted 07 March 2010 - 05:16 PM

Hi Haerith

Ok, It could be something like Anti Virus Soft that's on your system.
Let's work on that assumption.
The fix includes MBAM, as you have it already.... try it. if it won't work, remove it and download a fresh copy when it's needed.

Step 1

Please reboot your computer in Safe Mode with Networking by doing the following :

* Restart your computer
* After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
* Instead of Windows loading as normal, a menu with options should appear;
You will need to use the 'keyboard arrow keys' to navigate on this menu.
* Select the option, to run Windows in Safe Mode with Networking, then press "Enter".
* Then choose your usual account.

Step 2

Start Internet Explorer, and when the program is open, click on the Tools menu and then select Internet Options
Click on the Connections tab
Click on the Lan Settings button
Under the Proxy Server section, please uncheck the checkbox labeled Use a proxy server for your LAN. Then press the OK button to close this screen
Then press the OK button to close the Internet Options screen.

Internet Explorer should now work.
Or you can use Firefox to complete the next few steps.

Step 3
Please download:
Rkill
and save it to your Desktop.
Run the tool by clicking on it.

If you get a message that rkill is an infection, do not be concerned. This message is just a fake warning given by Antivirus Soft when it terminates programs that may potentially remove it. If you run into these infections warnings that close Rkill, a trick is to leave the warning on the screen and then run Rkill again. By not closing the warning, this typically will allow you to bypass the malware trying to protect itself so that rkill can terminate Antivirus Soft .

If the malware is persistant, you may have to RKill a number of times.
When it has finished, the black window will automatically close and you can continue with the next step.

Note
Please do not reboot your system until you have completed the following step, or the Malware will restart itself:

Step 4
Please download Malwarebytes Anti-Malware and save it to your desktop.
  • Make sure you are connected to the Internet.
  • Double-click on Download_mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
  • On the Scanner tab:
    • Make sure the "Perform Full Scan" option is selected.
    • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

There's a detailed guide here if you need it:
http://www.bleepingcomputer.com/virus-remo...-antivirus-soft

BBPP6nz.png


#7 Haerith

Haerith
  • Topic Starter

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Local time:05:44 PM

Posted 07 March 2010 - 07:21 PM

Here's the log, thanks for the help so far! :]

Malwarebytes' Anti-Malware 1.44
Database version: 3740
Windows 5.1.2600 Service Pack 3 (Safe Mode)
Internet Explorer 8.0.6001.18702

3/7/2010 7:14:40 PM
mbam-log-2010-03-07 (19-14-40).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 241668
Time elapsed: 1 hour(s), 40 minute(s), 19 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\xjjcnplp (Trojan.FakeAlert.Gen) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Documents and Settings\Joseph Coyne\Local Settings\Temporary Internet Files\Content.IE5\QRMB6NEF\eH13cebf20V03f01830002R96bce1fc102T585c31bdQ00000041901807F002a000aJ11000601l0409K8bbaa4b3316P000001071[1] (Trojan.Dropper) -> Quarantined and deleted successfully.


#8 Starbuck

Starbuck

    'r Brudiwr


  • Malware Response Team
  • 4,149 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midlands, UK
  • Local time:12:44 PM

Posted 08 March 2010 - 12:53 PM

Hi Haerith

Your copy of MBAM is out of date.
Todays version number is 3838, which means it's been updated 98 times since your copy was last updated:

Please update MBAM and run another scan:
Start MBAM
Click on the Update tab >> click Search for Updates
If it says that MBAM needs to close to update it... let it close and then restart it.
On restart >> click the Scan button.

Don't forget:
QUOTE
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Thanks


BBPP6nz.png


#9 Haerith

Haerith
  • Topic Starter

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Local time:05:44 PM

Posted 08 March 2010 - 05:35 PM

I tried to update it and I got the following error:

"An error occurred. Please report the following error code to the Malwarebyte's Anti-Malware support team. Error code: 732(12007,0)"

#10 Starbuck

Starbuck

    'r Brudiwr


  • Malware Response Team
  • 4,149 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midlands, UK
  • Local time:12:44 PM

Posted 08 March 2010 - 06:01 PM

As the malware is still active at the moment, did you follow the steps to reboot into safemode with networking and then run rkill before trying to open MBAM and update it?
Sorry, i should have pointed that out.
Try that and see if it works.

Edited by Starbuck, 08 March 2010 - 06:02 PM.

BBPP6nz.png


#11 Haerith

Haerith
  • Topic Starter

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Local time:05:44 PM

Posted 08 March 2010 - 10:06 PM

Yes, I have tried that and I have the same error.

#12 Starbuck

Starbuck

    'r Brudiwr


  • Malware Response Team
  • 4,149 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midlands, UK
  • Local time:12:44 PM

Posted 09 March 2010 - 02:51 PM

Hi Haerith

Bare with me for awhile, i'm going to get one of the Mods to move this thread to the Malware removal forum.
We'll continue there.


BBPP6nz.png


#13 Starbuck

Starbuck

    'r Brudiwr


  • Malware Response Team
  • 4,149 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midlands, UK
  • Local time:05:44 PM

Posted 10 March 2010 - 03:32 PM

Hi Haerith

do you have another pc that we could download some stuff to and then transfer it to the infected system?

BBPP6nz.png


#14 Haerith

Haerith
  • Topic Starter

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Local time:05:44 PM

Posted 10 March 2010 - 05:42 PM

Yes I do and thank you again for the help

#15 Starbuck

Starbuck

    'r Brudiwr


  • Malware Response Team
  • 4,149 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midlands, UK
  • Local time:12:44 PM

Posted 11 March 2010 - 04:10 PM

Hi Haerith

As MBAM seems to run but won't update, let's get it on to another system and get it updated.
Then we'll move the updated definitions over to the infected m/c.

Please download Malwarebytes Anti-Malware and save it to your desktop.
and update it, now copy the definitions (rules.ref) to a USB stick or CD and transfer that file to the infected machine.
Copy rules.ref to the location indicated for your operating system. If you cannot see the folder, then you may have to show Hidden Files

Rules.ref can be found here:
* XP: C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware
* Vista: C:\Documents and Settings\Users\All Users\Malwarebytes\Malwarebytes' Anti-Malware

Then perform a new Quick Scan in normal mode if possible and check all items found for removal. Don't forgot to reboot afterwards. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.
When done, click the Logs tab and copy/paste the contents of the new report in your next reply.

Thanks

BBPP6nz.png





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users