Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Malewarebytes won't run


  • Please log in to reply
20 replies to this topic

#1 manmountain8

manmountain8

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Local time:10:51 AM

Posted 18 July 2011 - 03:34 PM

Malewarebytes will not run. I have tried every suggestion from the "what to do if malewarebytes doesn't work" thread. Bringing over a renamed .exe file from another computer doesn't even work. I can install Mbam no problem, then about 5 seconds into the first scan it just stops. After that I lose all permissions to access or delete the .exe file, regardless of what it is renamed, or even if the extension is changed.

Rkill shut down the processes for now, and I deleted all the files manually, but obviously that doesn't get rid of it. I still can't use google or access yahoo mail, which means I can't look for a job. Without Malewarebytes I'm dead in the water. Can anyone help?

BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,344 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:12:51 PM

Posted 18 July 2011 - 03:44 PM

Hello, do you get an Error message? If so what is it?


Try this--from your browser open Tools, Internet Options, Connections tab, Lan settings, uncheck the box next to "use proxy...."

This routine will confirm that Internet Explorer is set to the Online mode.
Click on START - RUN and Copy/Paste the following into the run line (On Vista you can use the Search line) and click OK

REG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings" /v GlobalUserOffline /t REG_DWORD /d 0 /f

OR
1. Uninstall Malwarebytes' Anti-Malware using Add/Remove programs in the control panel.
2. Restart your computer (very important).
3. Download and run this utility. Mbam clean
4. It will ask to restart your computer (please allow it to).
5. After the computer restarts, install the latest version from here. http://www.malwarebytes.org/mbam-download.php
Note: You will need to reactivate the program using the license you were sent.
Note: If using Free version, ignore the part about putting in your license key and activating.
Launch the program and set the Protection and Registration.
Then go to the UPDATE tab if not done during installation and check for updates.
Restart the computer again and verify that MBAM is in the task tray and run a Quick Scan and post that log.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 manmountain8

manmountain8
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Local time:10:51 AM

Posted 21 July 2011 - 01:45 PM

Sorry it took so long for me to respond, and thanks for your help. I haven't had access to a working computer. I get this error message after trying to run Malewarebytes, "Windows cannot access the specified device, path, or file. You may not have the appropriate permissions to access the file." Google and the address bar are getting redirected, and yahoo mail loads a fake sign-in page. The pop ups and fake warning messages no longer return when I restart the computer though. When loading explorer I get the error message "object error". I'll try these suggestions and let you know how it goes. Thanks.

#4 manmountain8

manmountain8
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Local time:10:51 AM

Posted 21 July 2011 - 02:42 PM

Ok, proxy was not checked, and the REG ADD didn't do anything. I followed the rest of the instructions and even started a trial of the full version of Mbam. It still does the same thing. I can open malewarebytes off a fresh install and use all the other tools, but once I run a scan I lose all permissions for the MBAM.exe file and I can't even load the program anymore unless I reinstall it.

#5 manmountain8

manmountain8
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Local time:10:51 AM

Posted 21 July 2011 - 03:25 PM

I tried Super Anti-Spyware and it does the same thing. It shuts down during a scan and gives me that error message when I try to load it again. It does however detect a few things before it shuts down. This is what it found.

Trojan.Dropper/SVC Host-Fake

Browser Hijacker.Internet Explorer Zone Hijack

I am going to try cancelling the scan next time after it detects them and before it shuts down, to see if I can access the quarantine list and delete them.

#6 manmountain8

manmountain8
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Local time:10:51 AM

Posted 21 July 2011 - 03:27 PM

Boo! that doesn't work. They are not in the quarantine list yet. Damn!!!

#7 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,344 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:12:51 PM

Posted 21 July 2011 - 06:15 PM

Ok is this XP?.

ownload FixPolicies.exe,by Bill Castner, MS-MVP to your Desktop.

Double-click FixPolicies.exe.
Click the Install button on the bottom toolbar. This will create a new folder called FixPolicies.
Double-click to Open the new Folder, and then double-click the file within: Fix_Policies.cmd.
A black box will briefly appear and then close.
The active malware may revert these changes at your next startup. You can safely run the utility again.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#8 manmountain8

manmountain8
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Local time:10:51 AM

Posted 21 July 2011 - 08:18 PM

It's actually server 2003. LOL I'll give that a shot. Thanks

#9 manmountain8

manmountain8
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Local time:10:51 AM

Posted 21 July 2011 - 08:36 PM

I tried fixpolicies.exe with no success. I think I am infected with crap from Zedo.com which is blocking malewarebytes. I looked it up and most people have to remove it manually. I need a refresher course in how to delete registry keys though. I'll look that up tomorrow.

#10 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,344 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:12:51 PM

Posted 21 July 2011 - 08:41 PM

I have another
Use Inherit.exe to fix inappropriate permissions.
Use this fix, when you see a box that states “Windows cannot not access the specified device, path, or file. You may have inappropriate permissions to access the item”.

Download This File
Save it next to mbam.exe (this file is located in the Malwarebytes Anti-malware home folder). Once done, drag and drop mbam.exe into Inherit.exe. Click OK and attempt to run Malwarebytes Anti-malware once again.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#11 manmountain8

manmountain8
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Local time:10:51 AM

Posted 22 July 2011 - 11:57 AM

Inherit.exe does allow me to load malewarebytes again after the file has been locked without doing a fresh install, but unfortunately running a scan produces the same results.

#12 manmountain8

manmountain8
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Local time:10:51 AM

Posted 22 July 2011 - 03:48 PM

I have positvely identified the culprit as Trojan.Dropper/SVCHost-Fake. I found this on many other forums and threads and they all have the exact same symptoms. Unfortunately no one was able to solve this problem in any of the other threads I read. They were all asked to post as many logs as they could, like DDS and others, which apparently was of no help, but none of them were able to run Combofix which also shuts down in midscan. There is also an associated file and memory process by the same name which is...

\.\GLOBALROOT\DEVICE\SVCHOST.EXE\SVCHOST.EXE

Rkill claims it shuts down this malicious SVCHOST.EXE process, but running Rkill again immediately afterward shows that it just comes right back.

The file by the same name can not be found or deleted manually either.

My computer is useable again thanks to Firefox, but it would be nice if I could remove this threat without reformatting my HD again. I am beginning to think it isn't possible though.

Edited by manmountain8, 22 July 2011 - 04:03 PM.


#13 manmountain8

manmountain8
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Local time:10:51 AM

Posted 22 July 2011 - 04:38 PM

After more endless digging I have concluded that this is a particularly nasty rootkit that no one has been able to remove yet. It disables every single tool that could be used to help remove it. Since I don't have any OS to reload, and firefox seems to be working fine for now, I would like be the guinea pig and continue to try new things to remove this. Would it be ok to start this in a new thread, with the information better organized, more appropriate title, etc? This one is going to take more than one person to solve.

#14 manmountain8

manmountain8
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Local time:10:51 AM

Posted 22 July 2011 - 04:42 PM

Would there be a better forum to post this in?

#15 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,344 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:12:51 PM

Posted 22 July 2011 - 06:12 PM

Hello,what operating system is this?

Can you boot to safe mode with networking and run this?

We Need to check for Rootkits with RootRepeal
  • Download RootRepeal from the following location and save it to your desktop.
  • Extract RootRepeal.exe from the archive (If you did not use the "Direct Download" mirror).
  • Open Posted Image on your desktop.
  • Click the Report tab.
  • Click the Scan button.
  • Check all seven boxes: Posted Image
  • Click Ok
  • Check the box for your main system drive (Usually C:), and press Ok.
  • Allow RootRepeal to run a scan of your system. This may take some time.
  • Once the scan completes, a logfile will open Save the log to your desktop, using a distinctive name, such as RootRepeal.txt. Include this report in your next reply, please.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users