Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Name Changing Rogue Uninstall Guide Issues


  • Please log in to reply
13 replies to this topic

#1 Malakov

Malakov

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:10:30 PM

Posted 03 September 2011 - 11:41 AM

Another computer here at the office had contracted the "XP Security 2012" virus. The computer runs WinXP Pro. After following the name changing rogue guide, I made it to step 11 to scan the system with MBAM. Without fail, any time I start the scan, within 4 seconds of the scan starting, the screen closes and MBAM does not open up anymore unless reinstalled.

I followed the prior steps exactly as posted. I'm at a loss as to what could be preventing MBAM from completing a scan.

Let me know what information you need.

Thanks.

BC AdBot (Login to Remove)

 


#2 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,662 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:07:30 PM

Posted 03 September 2011 - 12:45 PM

Welcome aboard Posted Image

Did you try to run MBAM from Safe Mode?

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#3 Malakov

Malakov
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:10:30 PM

Posted 03 September 2011 - 02:18 PM

No, I will try that now.

#4 Malakov

Malakov
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:10:30 PM

Posted 03 September 2011 - 02:23 PM

The scan lasted about 10-12s, usually only lasts 4. But again, like in normal boot, the screen disappeared and will no longer grant access into MBAM.

#5 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,662 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:07:30 PM

Posted 03 September 2011 - 03:59 PM

Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.

    Posted Image
  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and be sure to re-enable your anti-virus, Firewall and any other security programs you had disabled.

IMPORTANT! If for some reason GMER refuses to run, try again.
If it still fails, try to UN-check "Devices" in right pane.
If still no joy, try to run it from Safe Mode.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#6 Malakov

Malakov
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:10:30 PM

Posted 04 September 2011 - 09:12 AM

I tried running the file in normal windows, it locked up and wouldn't do the initial scan. I booted into safe mode, the initial scan went through. After clicking no on the rootkit activity warning, I pressed scan, it began to do it's thing, and just the same as MBAM, it closed and will not let me run it again.

#7 Malakov

Malakov
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:10:30 PM

Posted 04 September 2011 - 09:21 AM

After shutting down the computer, I just restarted to try GMER again in safe mode. The computer will no longer boot into any form of windows at all. It says:

"Windows could not start because the following file is missing or corrupt: C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM

You can attempt to repair this file by starting Windows setup using the original CD-ROM. Select 'r' at the first screen to start repair."


Not good.

#8 lti

lti

  • Members
  • 581 posts
  • OFFLINE
  •  
  • Local time:08:30 PM

Posted 04 September 2011 - 09:51 AM

It looks like it is time to back up your files and reinstall Windows. It is possible to replace that file and make Windows boot again (instructions here - you have to replace all of those files at the same time), but the infection would still exist.

#9 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,662 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:07:30 PM

Posted 04 September 2011 - 11:18 AM

You can try the above.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#10 Malakov

Malakov
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:10:30 PM

Posted 04 September 2011 - 11:31 AM

This requires the OS CD correct?

#11 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,662 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:07:30 PM

Posted 04 September 2011 - 11:35 AM

Correct.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#12 Malakov

Malakov
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:10:30 PM

Posted 04 September 2011 - 02:20 PM

I don't know where they might be around here, I'll have to track them down. Is this my only option?

#13 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,662 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:07:30 PM

Posted 04 September 2011 - 02:29 PM

I believe so.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#14 lti

lti

  • Members
  • 581 posts
  • OFFLINE
  •  
  • Local time:08:30 PM

Posted 04 September 2011 - 05:01 PM

You can connect the hard drive in this computer to a working computer, but the infection might spread to that computer.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users