Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Unable to run Malwarebytes


  • Please log in to reply
25 replies to this topic

#1 Norrin_Radd

Norrin_Radd

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:06:13 PM

Posted 22 August 2011 - 04:58 PM

Hello,

Overnight something must have snagged my computer. When I noticed the internet was not working, I started doing my rounds to solve to problem. I discovered that all of my anti-virus tools were not working. Not just not working, they could not be opened.

I tried to open Malwarebytes and Xoftspy, and both were met with a pop up that exclaims:

Windows cannot access the specified device, path, or file. You may not have the appropriate permissions to access the item.


So I booted up into safe mode and tried the same thing, only to be greeted with the same pop up.

So I downloaded Malwarebytes on a different computer and installed it again on the infected computer in safe mode. It opened, and got 10 seconds in to a scan before mysteriously shutting off. Now when I click on it, I am once again greeted with the pop up.

One last thing to note: In both safe mode and normal mode, there is a mysterious process running when I open task manager. It is called "2460529860:994793325.exe" I've never seen a process with a name like that before, but it doesn't look very good.

Can you guys help me fix this thing, or find out what is wrong?

This is on Windows XP, I should mention.

BC AdBot (Login to Remove)

 


#2 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,697 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:04:13 PM

Posted 22 August 2011 - 05:43 PM

Welcome aboard Posted Image

Please run this tool from Safe Mode...

Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.

    Posted Image
  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and be sure to re-enable your anti-virus, Firewall and any other security programs you had disabled.

IMPORTANT! If for some reason GMER refuses to run, try again.
If it still fails, try to UN-check "Devices" in right pane.
If still no joy, try to run it from Safe Mode.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#3 Norrin_Radd

Norrin_Radd
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:06:13 PM

Posted 22 August 2011 - 06:04 PM

Thanks for the quick response! Unfortunately, this must be worse than I thought.

I am in Safe Mode, with the internet unplugged.

I am able to get GMER to start scanning, following your steps exactly. But after about 20 seconds in, it mysteriously shuts off too, in the exact same way that Malwarebytes was doing. I tested it with Devices disabled, and got the same result as well.

Edited by Norrin_Radd, 22 August 2011 - 06:05 PM.


#4 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,697 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:04:13 PM

Posted 22 August 2011 - 06:06 PM

Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

There are 4 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click Rkill and choose Run as Administrator

You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

* Rkill.com
* Rkill.scr
* Rkill.exe


* Double-click on the Rkill desktop icon to run the tool.
* If using Vista or Windows 7 right-click on it and choose Run As Administrator.
* A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
* If not, delete the file, then download and use the one provided in Link 2.
* If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
* Do not reboot until instructed.
* If the tool does not run from any of the links provided, please let me know.

=================================================================

Download TDSSKiller and save it to your desktop.
  • Doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#5 Norrin_Radd

Norrin_Radd
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:06:13 PM

Posted 22 August 2011 - 06:16 PM

rkill.exe ran successfully. However, when I started TDSSKiller.exe, it got about 5 seconds in to the scan before suddenly shutting off as like the others. It can no longer be opened, like the others.

:(

#6 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,697 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:04:13 PM

Posted 22 August 2011 - 06:19 PM

Run rKill again and then right away this...

Download the FixTDSS.exe

Save the file to your Windows desktop.
Close all running programs.
If you are running Windows XP, turn off System Restore. How to turn off or turn on Windows XP System Restore
Double-click the FixTDSS.exe file to start the removal tool.
Click Start to begin the process, and then allow the tool to run.
Restart the computer when prompted by the tool.
After the computer has started, the tool will inform you of the state of infection (make sure to let me know what it said)
If you are running Windows XP, re-enable System Restore.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#7 Norrin_Radd

Norrin_Radd
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:06:13 PM

Posted 22 August 2011 - 06:32 PM

Hmmm. After running the process, and having it reboot the computer, I think I may be stuck in a reboot loop. It keeps getting about a minute into the reboot before just shutting off and starting over. I've tried rebooting into Safe Mode, and normal mode, and neither is actually getting into the windows start up.

Edit: If it helps, during the Safe Mode boot up, it freezes on agp440.sys. I did have my USB stick inserted, but have since removed it. I still can't get passed apg440.sys though.

Edited by Norrin_Radd, 22 August 2011 - 06:41 PM.


#8 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,697 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:04:13 PM

Posted 22 August 2011 - 06:44 PM

Turn the computer off. Wait couple of minutes.
Try to start it again.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#9 Norrin_Radd

Norrin_Radd
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:06:13 PM

Posted 22 August 2011 - 06:50 PM

I had it turned off for at least 5 minutes, and I just tried it again, just now, upon your direction. I am still unable to get passed agp440.sys. :(

Edited by Norrin_Radd, 22 August 2011 - 06:50 PM.


#10 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,697 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:04:13 PM

Posted 22 August 2011 - 06:52 PM

Do you have Windows XP CD?

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#11 Norrin_Radd

Norrin_Radd
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:06:13 PM

Posted 22 August 2011 - 06:53 PM

I have it somewhere, I'll have to look for it. But I am pretty sure I do, yes.

Found it! Wow, that was quite the epic search. I selected to boot from the CD, but I have actually never done that before, so I am not sure what I need to do here. Do I want to:

1. Set up Windows XP now?

2. Repair a Windows XP installation using Recovery Console?

3. Quit Setup without installing Windows XP?

Edited by Norrin_Radd, 22 August 2011 - 07:27 PM.


#12 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,697 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:04:13 PM

Posted 22 August 2011 - 07:26 PM

1. Insert your Windows XP CD into your CD and assure that your CD-ROM drive is capable of booting the CD.
2. Once you have booted from CD, do NOT select the option that states: Press F2 to initiate the Automated System Recovery (ASR) tool.
You're going to proceed until you see the following screen, at which point you will press the "R" key to enter the recovery console:

Posted Image

3. After you have selected the appropriate option from step two, you will be prompted to select a valid Windows installation (typically number 1).
Select the installation number, and hit Enter.
If there is an administrator password for the administrator account, enter it and hit Enter (if asked for the password, and you don't know it, you're out of luck).
You will be greeted with this screen, which indicates a recovery console at the ready:

Posted Image

4. Type with an Enter after each line:

fixmbr

(If it asks you if you are sure then say "Y".)

fixboot

exit

5. Reboot computer.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#13 Norrin_Radd

Norrin_Radd
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:06:13 PM

Posted 22 August 2011 - 08:13 PM

I made it to the black screen shot, but instead of having exactly what you have displayed, I ended up with this:

Microsoft Windows XP™ Revocery Console

The Recovery Console Provides system repair and recovery functionality.

Type EXIT to quit the Recovery Console and restart the computer

C:\>


If I just type "1", it says the command is not recognized. If I type "cd WINDOWS", it says the path or file specified is not valid.

Am I doing something way wrong?

#14 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,697 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:04:13 PM

Posted 22 August 2011 - 08:52 PM

At this point continue with step 4, typing those commands.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#15 Norrin_Radd

Norrin_Radd
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:06:13 PM

Posted 22 August 2011 - 08:56 PM

After fixboot I got:

The target partiction is C:.
Are you sure you want to write a new bootsector to the partition C: ?


Yes?

PS: By the way, I really appreciate your help so far!

Edited by Norrin_Radd, 22 August 2011 - 08:57 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users