Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Something causing Malwarebytes to disappear


  • This topic is locked This topic is locked
3 replies to this topic

#1 epii

epii

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:01:45 PM

Posted 18 October 2015 - 02:23 PM

Hi,

My name is Rick. My Windows 7 Home PC got infected with something that has disabled Malwarebytes along with blocking any attempt to visit the Malwarebytes website and certain other "help" websites as well. Before I begin detailing my issue I have the executable file that messed everything up. It's a 35.9MB file called "pmdg.737.ng-griso.exe" and I would like to know if there is a way I could safely upload it to you guys for analysis? Or if not here at bleepingcomputer.com then somewhere else maybe that you could suggest?... just thought it might help you to understand the thing.

Anyway, here's what happened:

I was cleaning out old files on my Windows 7 Home PC and clicked on a file named "pmdg.737.ng-griso.exe". The file didn't actually open a program i.e. nothing appeared to happen after my having double clicked it. That was unusual and it concerned me so I ran Avast on it and it said it was clean. I then tried running Malwarebytes on it and that's when I knew it was an infected file. Malwarebytes opened and then closed without scanning... it just closed it's window. I then noticed that Malwarebytes had also disappeared from the "right click" drop down menu, where I usually access it.
 
The Malwarebytes program was still installed in "Program Files (x86)" but was disabled. I was even booted out of the Malwarebytes website in both IE Explorer and Chrome web browsers. Not only that, but in addition I was not allowed to open certain help websites where I'd used the keyword "Malwarebytes".
 
Things I have done in a failed attempt to resolve the issue and in this order:
 
(1)  Tried deleting Malwarebytes thinking maybe a re-install might work however the "uninstall" executable would not open i.e. same behavior as trying to run Malwarebytes executable... nothing happened.
 
(2) Booted computer into Safe Mode with networking whereupon I uninstalled Malwarebytes through its uninstall program.
 
(3) Booted back into normal mode where a few little things had changed like the Windows splash screen showed the word "Welcome" where it hadn't before, and the border on the taskbar and open windows borders had all changed colors from what they were supposed to be.
 
(4) Tried going to Malwarebytes website to download latest version but still blocked. I think IE Explorer said something either attempted to or actually did change my homepage, or something to that effect (I don't remember exactly what it read), but actually my homepage (Google) had not changed.
 
(5) Downloaded Malwarebytes onto a thumb drive using different computer. I think I then installed it onto infected computer while in Safe Mode however I'm not sure if I was Safe Mode or not. At any rate Malwarebytes is now re-installed but still won't work and computer is still blocked from opening certain "help" websites.
 
(6) Researched what to do and ran "Malwarebytes Chameleon". On the very first option it ran it's DOS thing then it actually ran the Malwarebytes scan where it found stuff and (I think) quarantined them, but still I could not run Malwarebytes in normal mode.

(7) The last thing I did before giving up and coming here to bleepingcomputer.com was to download, install, then partially run "HitmanPro". It found a bunch of stuff and then I think it started uploading a log file for analysis or something. I stopped it mid-stream because the progress bar that was uploading the file was going really slow and there appeared to be a few of them waiting in the queue.

That is the best of my recollection as to what I did to resolve the issue to no avail.

Any help would be very much appreciated.
 

EDIT: I posted the above using my infected computer. It uploaded my post and I'm able to open the bleepingcomputer.com website but then when I try opening my post (this one) it immediately boots me out of the website and back to my desktop. Hence I am typing this edit using a different computer.

 

Thanks,
-Rick


Edited by epii, 18 October 2015 - 03:33 PM.


BC AdBot (Login to Remove)

 


#2 buddy215

buddy215

  • Moderator
  • 13,389 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:02:45 PM

Posted 18 October 2015 - 04:11 PM

Welcome to BC !

 

I think it best, based on what you report, to start a new topic in the Malware Removal Forum.

 

Please follow the instructions in the Malware Removal and Log Section Preparation Guide starting at Step 6.

  • If you cannot complete a step, then skip it and continue with the next.
  • In Step 6 there are instructions for downloading and running FRST which will create two logs.

When you have done that, post your logs in the Virus, Trojan, Spyware, and Malware Removal Logs forum, NOT here, for assistance by the Malware Response Team.

Start a new topic, give it a relevant title and post your log(s) along with a brief description of your problem, a summary of any anti-malware tools you have used and a summary of any steps that you have performed on your own. If you cannot produce any of the required logs...start the new topic anyway. Explain that you followed the Prep. Guide, were unable to create the logs, and describe what happened when you tried to create them. A member of the Malware Removal Team will walk you through, step by step, on how to clean your computer.

After doing this, please reply back in this thread with a link to the new topic so we can close this one.

 

DO NOT bump your new topic. Wait for a response from one of the Team Members.


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#3 epii

epii
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:01:45 PM

Posted 18 October 2015 - 04:37 PM

Thanks, and I love your spaghetti monster avatar and the Krauss quote. I saw the video some time back where Krauss said that and I thought at the time "yeah but the hydrogen atoms in my body were here before any stars existed" (a minor detail). Still love his quote though. Sagan, of course, said it first; "We are all ssstar ssstuff". I miss Carl.

Thanks again.

-Rick



#4 Platypus

Platypus

  • Global Moderator
  • 15,415 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Australia
  • Local time:07:45 AM

Posted 18 October 2015 - 09:52 PM

Continued here:

http://www.bleepingcomputer.com/forums/t/593752/i-clicked-file-that-broke-malwarebytes-it-just-disappears/
Top 5 things that never get done:

1.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users