My name is Rick. My Windows 7 Home PC got infected with something that has disabled Malwarebytes along with blocking any attempt to visit the Malwarebytes website and certain other "help" websites as well. Before I begin detailing my issue I have the executable file that messed everything up. It's a 35.9MB file called "pmdg.737.ng-griso.exe" and I would like to know if there is a way I could safely upload it to you guys for analysis? Or if not here at bleepingcomputer.com then somewhere else maybe that you could suggest?... just thought it might help you to understand the thing.
Anyway, here's what happened:
I was cleaning out old files on my Windows 7 Home PC and clicked on a file named "pmdg.737.ng-griso.exe". The file didn't actually open a program i.e. nothing appeared to happen after my having double clicked it. That was unusual and it concerned me so I ran Avast on it and it said it was clean. I then tried running Malwarebytes on it and that's when I knew it was an infected file. Malwarebytes opened and then closed without scanning... it just closed it's window. I then noticed that Malwarebytes had also disappeared from the "right click" drop down menu, where I usually access it.
The Malwarebytes program was still installed in "Program Files (x86)" but was disabled. I was even booted out of the Malwarebytes website in both IE Explorer and Chrome web browsers. Not only that, but in addition I was not allowed to open certain help websites where I'd used the keyword "Malwarebytes".
Things I have done in a failed attempt to resolve the issue and in this order:
(1) Tried deleting Malwarebytes thinking maybe a re-install might work however the "uninstall" executable would not open i.e. same behavior as trying to run Malwarebytes executable... nothing happened.
(2) Booted computer into Safe Mode with networking whereupon I uninstalled Malwarebytes through its uninstall program.
(3) Booted back into normal mode where a few little things had changed like the Windows splash screen showed the word "Welcome" where it hadn't before, and the border on the taskbar and open windows borders had all changed colors from what they were supposed to be.
(4) Tried going to Malwarebytes website to download latest version but still blocked. I think IE Explorer said something either attempted to or actually did change my homepage, or something to that effect (I don't remember exactly what it read), but actually my homepage (Google) had not changed.
(5) Downloaded Malwarebytes onto a thumb drive using different computer. I think I then installed it onto infected computer while in Safe Mode however I'm not sure if I was Safe Mode or not. At any rate Malwarebytes is now re-installed but still won't work and computer is still blocked from opening certain "help" websites.
(6) Researched what to do and ran "Malwarebytes Chameleon". On the very first option it ran it's DOS thing then it actually ran the Malwarebytes scan where it found stuff and (I think) quarantined them, but still I could not run Malwarebytes in normal mode.
(7) The last thing I did before giving up and coming here to bleepingcomputer.com was to download, install, then partially run "HitmanPro". It found a bunch of stuff and then I think it started uploading a log file for analysis or something. I stopped it mid-stream because the progress bar that was uploading the file was going really slow and there appeared to be a few of them waiting in the queue.
That is the best of my recollection as to what I did to resolve the issue to no avail.
Any help would be very much appreciated.
EDIT: I posted the above using my infected computer. It uploaded my post and I'm able to open the bleepingcomputer.com website but then when I try opening my post (this one) it immediately boots me out of the website and back to my desktop. Hence I am typing this edit using a different computer.
Edited by epii, 18 October 2015 - 03:33 PM.