Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Cannot update malwarebytes, rogue killer, kaspersky, etc.


  • Please log in to reply
4 replies to this topic

#1 jdlicciardello

jdlicciardello

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:01:30 PM

Posted 29 December 2015 - 10:19 PM

Cannot download or update various antivirus tools. I have been scouring various forums for weeks to try and download and run chameleon versions, etc. and nothing works. Please help.



BC AdBot (Login to Remove)

 


#2 buddy215

buddy215

  • Moderator
  • 13,301 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:01:30 PM

Posted 30 December 2015 - 07:42 AM

Try using Rkill before attempting the updates. Do Not reboot after running Rkill.

 

RKill is a program that was developed at BleepingComputer.com that attempts to terminate known malware processes so that your normal security software can then run and clean your computer of infections. When RKill runs it will kill malware processes and then removes incorrect executable associations and fixes policies that stop us from using certain tools. When finished it will display a log file that shows the processes that were terminated while the program was running.

As RKill only terminates a program's running process, and does not delete any files, after running it you should not reboot your computer as any malware processes that are configured to start automatically will just be started again. Instead, after running RKill you should immediately scan your computer using some sort of anti-malware or anti-virus program so that the infections can be properly removed. Use this obfuscated link to download Rkill: iExplore.exe Download Link


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#3 jdlicciardello

jdlicciardello
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:01:30 PM

Posted 30 December 2015 - 11:15 AM

I do not know if it helped or not, I still cannot get malwarebytes to work consistently. If I run in safe mode and terminate a bunch of services (I only vaguely understand what I am doing, I know not to terminate some critical services necessary to keep my operating system running, but I try to terminate any and all services that are not critical to operating system and may be corrupted) I was able to get malwarebytes to run, it seemed to find the malware but upon clicking delete, it freezes and cannot do anything. Now I tried to run it again after the Rkill, but I cannot get it to run and I forget how I did it previously. I was able to get RogueKiller to work though after Rkill, although it was already working before, and it finds the malicious PUM.proxy below which definitely seem like they are the problem, but it seems like Roguekiller cannot delete them? (it says error[2] ...??) Anyway thanks in advance for any guidance. 

 

RogueKiller V11.0.5.0 [Dec 28 2015] (Free) by Adlice Software
 
Operating System : Windows 8.1 (6.3.9600) 64 bits version
Started in : Safe mode with network support
User : jdl_000 [Administrator]
Started from : C:\Users\jdl_000\Desktop\RogueKiller.exe
Mode : Delete -- Date : 12/30/2015 11:01:46
 
¤¤¤ Processes : 0 ¤¤¤
 
¤¤¤ Registry : 8 ¤¤¤
[PUM.Proxy] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1  -> Replaced (0)
[PUM.Proxy] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1  -> Replaced (0)
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1  -> Replaced (0)
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1  -> Replaced (0)
[PUM.Proxy] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:60206;https=127.0.0.1:60206  -> Deleted
[PUM.Proxy] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:60206;https=127.0.0.1:60206  -> ERROR [2]
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:60206;https=127.0.0.1:60206  -> ERROR [2]
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:60206;https=127.0.0.1:60206  -> ERROR [2]
 
¤¤¤ Tasks : 0 ¤¤¤
 
¤¤¤ Files : 0 ¤¤¤
 
¤¤¤ Hosts File : 0 ¤¤¤
 
¤¤¤ Antirootkit : 0 (Driver: Not loaded [0xc000035f]) ¤¤¤
 
¤¤¤ Web browsers : 0 ¤¤¤
 
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: WDC WD10JPVT-55A1YT0 +++++
--- User ---
[MBR] 975edba1893eb2054d3af747e4bd96f8
[BSP] d686b4c4100e0a0eb09cc45e7a6418f0 : Empty MBR Code
Partition table:
0 - [SYSTEM][MAN-MOUNT] EFI system partition | Offset (sectors): 2048 | Size: 260 MB
1 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 534528 | Size: 1474 MB
2 - [MAN-MOUNT] EFI system partition | Offset (sectors): 3553280 | Size: 260 MB
3 - [MAN-MOUNT] Microsoft reserved partition | Offset (sectors): 4085760 | Size: 128 MB
4 - Basic data partition | Offset (sectors): 4347904 | Size: 920486 MB
5 - [SYSTEM][MAN-MOUNT]  | Offset (sectors): 1889503232 | Size: 450 MB
6 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 1890424832 | Size: 30810 MB
User = LL1 ... OK
User = LL2 ... OK
 
+++++ PhysicalDrive1: AXM13S2-24GM-B +++++
--- User ---
[MBR] 85a08f7f2ea9176af4dff029023f7d84
[BSP] a75e69051ac4bc13ab6de876da8da2a7 : Empty MBR Code
Partition table:
0 - HFS | Offset (sectors): 16814080 | Size: 14692 MB
1 - [SYSTEM]  | Offset (sectors): 2048 | Size: 8208 MB
User = LL1 ... OK
User = LL2 ... OK


#4 buddy215

buddy215

  • Moderator
  • 13,301 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:01:30 PM

Posted 30 December 2015 - 11:25 AM

I think it best for you to start a new topic in the Malware Removal Forum.

 

Please follow the instructions in the Malware Removal and Log Section Preparation Guide starting at Step 6.

  • If you cannot complete a step, then skip it and continue with the next.
  • In Step 6 there are instructions for downloading and running FRST which will create two logs.

When you have done that, post your logs in the Virus, Trojan, Spyware, and Malware Removal Logs forum, NOT here, for assistance by the Malware Response Team.

Start a new topic, give it a relevant title and post your log(s) along with a brief description of your problem, a summary of any anti-malware tools you have used and a summary of any steps that you have performed on your own. If you cannot produce any of the required logs...start the new topic anyway. Explain that you followed the Prep. Guide, were unable to create the logs, and describe what happened when you tried to create them. A member of the Malware Removal Team will walk you through, step by step, on how to clean your computer.

After doing this, please reply back in this thread with a link to the new topic so we can close this one.

 

DO NOT bump your new topic. Wait for a response from one of the Team Members.


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#5 jdlicciardello

jdlicciardello
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:01:30 PM

Posted 30 December 2015 - 11:52 AM

Very strange. It seemed as though it would not let me make a post on the forum because the connection would timeout, but then I checked to see if it actually posted and it did, so I accidently made two posts. 

http://www.bleepingcomputer.com/forums/t/600860/cannot-update-malwarebytes-rogue-killer-kaspersky-etc/






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users