Malwarebytes' won't run,

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by Odeho19, Feb 22, 2009.

  1. Odeho19

    Odeho19 Private E-2

    I am trying to rid a machine with Antivirus360. I have copied Malwarebytes onto a CD, and have the program .exe file on the desktop. However, when I attempt to Run it, it stalls out. I've gotten help from How-to-geek, and they referred me to your site. I had to rename the install file, and have done what I can from your "Read and Run me" help section on this other machine. I haven't run Ccleaner on this other machine, and am hesitant to do so because of the problems with Malwarebytes. I have gotten the program to get as far as just before it opens and begins scanning. It will do all of it's install applications up to that point. The last screen I see is the one with the two check boxes asking whether or not to Update and Launch. I click on Finish, and it goes to the desktop. I double click on the Malwarebytes icon, and nothing happens.

    BTW, the download file from the CD I created on this machine, I renamed after it was installed to mabm.exe. So, from here on, I am at a loss as to what to do. ANY, advice would be helpful. Thanks for your time! :confused
     
  2. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Welcome to Major Geeks!

    You need to follow the instructions given below. Follow the instructions in order written.

    Please follow the instructions in the READ & RUN ME FIRST link given futher down and attach the requested logs when you finish these instructions.
    • If you have problems where no tools seem to run, please try following the steps given in the below and then continue on no matter what you find. You only need to try the TDSSserv steps if having problems getting scans in the Read & Run Me First.
    • If something does not run, write down the info to explain to us later but keep on going.
    • Do not assume that because one step does not work that they all will not.
    READ & RUN ME FIRST. Malware Removal Guide
    • After completing the READ & RUN ME and attaching your logs, make sure that you tell us what problems still remain ( if any still do )!
    Helpful Notes:

    1. If you run into problems trying to run the READ & RUN ME or any of the scans in normal boot mode, you can run the steps in safe boot mode but make sure you tell us what you did later when you post logs. See the below if you do not know how to boot in safe mode:
    2. If you have problems downloading on the problem PC, download the tools and the manual updates for SUPERAntiSpyware, Malwarebytes and Spybot ( links are given in the READ & RUN ME) onto another PC and then burn to a CD. Then copy them to the problem PC. You will have to skip getting updates if (and only if) your internet connection does not work. Yes you could use a flash drive too but flash drives are writeable and infections can spread to them.
    3. To avoid additional delay in getting a response, it is strongly advised that after completing the READ & RUN ME you also read this sticky:
    Any additional post is a bump which will add more delay. Once you attach the logs, your thread will be in the work queue and as stated our system works the oldest threads FIRST.
     
  3. Odeho19

    Odeho19 Private E-2

    This machine that is infected will not connect to the internet at all, so I can't perform any of the tasks that I've been told to do. As I stated before, Malwarebytes IS on this infected machine, I just can not get it to run.
     
  4. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Please read all of the notes in my previous message.
     
  5. Odeho19

    Odeho19 Private E-2

    Okay, I've done as requested. And of course this was my fault for not reading ALL of the instructions previously posted, and I'm sorry for wasting precious time. It won't happen again. I've completed the tasks requested, and the "patient" machine is not doing well.

    1) SuperAntispyware will not run at all. A window pops open stating that it has encountered a problem and needs to close.
    2) Spybot opened and installed and ran. It appeared to have found 2 registry errors, and changed them. I failed to get down what they were.
    3) And Malwarebytes is the same as earlier. It won't open or begin to load.

    All three have .exe icons on the desktop (in safe mode), but none will even open unless the installation CD is loaded in D drive. The machine is getting increasingly difficult to reboot into safe mode, and if I attempt to start a normal boot, the screen will freeze up. One new difference this morning though is that a new window is popping open from some application called, "Registry Mechanic" telling me that "it has detected changes to the registry".

    I'm going to leave the machine in safemode for now, and leave it running, and await further instructions. :banghead
     
  6. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Did you get it installed? Or is the installation program that will not run? Have you renamed the file? Have you looked for TDSSserv.sys?

    But Malwarebytes is installed? It just will not run? Did you rename the executable in the installation folder?


    What executables are on the Desktop? The installation programs? Which ones? If it is asking for the CD then you probably put shortcuts to the CD on you Desktop and not the programs.

    I don't recommend using Registry Mechanic especially if your PC is infected. Did you purchase this? If not, definitely uninstall it now. If you did purchase it, I still recommend uninstalling at least for now.

    The instructions said do not stop!
    What about ComboFix?
    What about MGtools?
     
  7. Odeho19

    Odeho19 Private E-2

    I have no idea what to do anymore. I have started, and restarted this other machine I'll bet at least 40 times now. It will not start correctly every time no matter what I do. It will freeze up as soon as the "ctrl,alt,del" request comes up. And I have discovered the only way to get it out of that is to restart it to safe mode, then back to normal, then back to safe mode where it will actually start, THEN it will restart back to normal mode, and allow me to get to the desktop.

    I started following the instruction in the Read and Run Me. Got down to Unistalling malware, and got hung up on one called Wild Tangent Web Driver. Finally got it to remove. And now after desktop loads, and a few of the usual virus pop-ups appear, the desktop goes blank, and that's all I'm left with. Just a blank desktop, and a mouse icon.

    One of the pop-ups that didn't seem related to A360 was a little window that came up with the title of VShield Manger. It says that "virus date files are missing. Unable to scan downloaded file". (?) Maybe it's related, I don't know.

    I uninstalled all of the older versions of Java that I found:
    1)J2SE Runtime Environment 5.0 update 11
    2) " " " " " 6
    3) " " " " " 9
    4)Java (TM) 6 Update 11
    5) " " " " 3
    6) " " " " 5
    7) " " " " 7

    Then tried to install the latest version of Java, and it is hanging up on the "Extracting Installer" screen. Left it sit there "extracting" for a little more than an hour, then closed it up, and moved on.

    Installed Ccleaner, and ran it. (There is only one account on this machine). Ran very quick and smooth, with no hang ups.

    While attempting to install SUPERAntispyware (I renamed it SAS.exe), on the Updating System window another window opened stating that "Error 1500, Another installatioin is in progress. You must complete that installation before continuing this one. Then SAS will not install.

    Moved on to Spybot. This installed with no hang ups or glitches. Loaded it to the desktop, and attempted to run it from there. Nothing happens other than the mouse icon has the hour glass next to it for several seconds, and the Spybot icon turns blue. Then the hour glass goes away, and the icon stays blue until the mouse is clicked on the desktop.

    Malwarebytes has the exact same reaction as Spybot did.

    ComboFix would not load at all. Whether I tried to double click on the icon, or right click, and choose either open or run as, did not matter.

    Using MGtools was no better than ComboFix. The only difference here was that A360 detected a virus attack, and asked if I wanted to stop it. I checked the "no" box. Then a few seconds later I got a BSOD stating that Spyware.Monster.Fx_Wild_0x00000000 was attacking my machine and had to close down computer. The computer did acted like it was doing a "restart" without actually going to black. The desktop went blank, then everything on it slowly started to come back to the way it was before the A360 warning message appeared.

    The virus pop-ups are happening with more frequency now. They used to happen only once in a while. Now they appear to happen at almost every instance of a click on ANY icon, or box no related to the virus.

    As can be clearly seen by my writings here, I have no logs to post. NOTHING on this other machine worked. Just to see if anything actually loaded, I looked in the Add/Remove Programs list. Ccleaner is there, along with Java, Malwarebytes' Anti-Malware, and Spybot - Search & Destroy.

    The entire time I was running these last 6 tests, the Java icon in the system tray was still there. The only way to close it out is by running the Task Manager, and forcing it to quit. Also running in the task manager, but there is no open window for it is something called RD Platinum v5.0, and WinFax MOD - Generic mo... I closed everything, and shut the machine down. Or should I say, I attempted to shut it down. The first attempt via Task Manager, was unsuccessful. It was in the middle of again going through it's BSOD sequence when I tried to shut it down. It immediately stopped that from happening, and went back to a normal desktop, with the Java Setup button still in the system tray. Tried shutting down the computer again with Task Manager, and it WILL NOT SHUT OFF.

    I did remove Registry Mechanic as advised. I have been at it with this machine since 4:00 a.m. It is now 4:30 p.m. with no progress that I can see. There are 3 icons on that were on the desktop before I shut it down. They were from Ccleaner, Malwarebytes, and Spybot.

    I'm done.:confused:confused
     
  8. Odeho19

    Odeho19 Private E-2

    When I said "I'm done" in my last post, I only meant for it to mean, for the night; not for good. I still would like some help with this issue.
     
  9. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    You must have more problems than AntiVirus360 because it has not been known to cause all the problems you are having. In fact MBAM frequently has fixed most of it. ..... Unless there is a new form around!

    If you bring up Task Manager, do you see a process named av360.exe running?


    Did the C:\MGtools folder get created from running MGtools.exe?

    If you see the C:\MGtools folder, I want you to look in this folder for a file named analyse.exe which is HijackThis and has been renamed. Double click on the analyse.exe program to run it. Accept the TrendMicro license agreement by clicking on the Accept button twice (yes twice). Then select do a system scan and save a logfile. If this runs, a notepad window will open up with for hijackthis.log. Just copy and paste this log into your next message and I will attach it later.


    Did you attempt to run Malwarebytes, Spybot and ComboFix in safe boot mode? If not, try each of them now in safe boot mode.
     
    Last edited: Feb 27, 2009
  10. Odeho19

    Odeho19 Private E-2

    I think she has more than one problem also. But getting answers about what she did to it to try to resolve this on her own are not forthcoming.

    I looked for av360.exe in the processes of the task manager. It is there, with 5,688K of memory usage. I didn't count all of the processes being used at that moment, but their easily appeared to be dozens of them. I can count them, or list them for you if you'd like.

    The C:\MGtools, file never got created. I wasn't able to get that tool installed into any folder or drive.

    I spent an hour trying to get the computer to boot into Safe Mode. When I finally got to it, Malwarebytes and Spybot both had icons on the desktop, but neither would launch from there. Combofix, as previously noted, would not load, so it was no surprise to me, to not see it there.

    I looked through all of her installed programs, and noticed one very curious item to me. There is a printer that is there, however it has a red circle, with line through it, over its icon. I bring this up because whenever I need to run the task manager, a printer/fax machine is always showing as "running", even though there isn't one hooked up to this machine. Also, always showing as running is a program called, RD Platinum v5.0. (?) I have no idea what this is either. I bring this up mainly because when I finally got into safe mode, and first attempted to run Malwarebytes, an error box came up stating "A device attached to the system is not functioning". Just thought you should know this.

    If you'd like, I could list all of the Installed programs listed under Add/Remove programs for you, so you can see if there is anything you'd like me to do to them. I do have Revo Uninstaller loaded onto this machine.

    I'll wait for your further instructions, Thank you for your help!
     
  11. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Can you right click on it and kill it? Does it restart? If you can kill it, immediately try running Malwarebytes and then MGtools.exe.

    Probably Registry Defender. Uninstall this. Also look for AntiVirus 360 or similar and try uninstalling it.

    Sounds more like a hardware issue.

    Yes this may be helpful. If MGtools would run, it would give us all this info.
     
  12. Odeho19

    Odeho19 Private E-2

    This is the SECOND TIME I will have written this out to this post this morning. The first time, I spent more than an hour accumulating all of the information, and determining how I was going to be able to include the Add/Remove file. Got it all typed out, hit your Post Quick Reply button, and ALL my work got erased. Not fun....

    I had to restart the patient machine 9 times in order to get the desktop to stay loaded, the virus to act up, and appear in the task manager, and the task manager to open up, all at the same time. Once this was accomplished, I right clicked on the av360.exe process, and chose the "end process" button. This brought the warning box, "Terminating a process can cause undesired results including loss of data and system instability. The process will not be given the chance to save its state or data before it is terminated. Are you sure you want to terminate the process?" I chose yes, and right away, all of the virus pop-ups started to occur. I closed them all out, and then the process was no longer listed in the task manager.

    Next I tried to start Malwarebytes, and it behaved the same as it had before in that it would get to the loading system files process, and then stall out.

    MGTools would not load at all, and gave me an error box that said, "Failed to ensure dir exists: \MGTools. This tool and SUPERAnti-Spyware would not load from the CD that I created and loaded into the patient machine.

    Then I typed out the Add/Remove programs list. I'll post it here, as best as I can. I read how your site would like to have these items inserted, and if this doesn't work out the way you would like, please let me know how I can do this correctly for you.[​IMG]

    The only other thing I can add here right now is that I did some digging around and in the C:\Program Files\A360, I found to files. One was av360.exe, and the other was av360.exe.temp. The 2nd one was listed as a TMPFile and was 196 KB in size. I didn't do anything to it other than look at it. I just thought you might want to know that I found them.

    I'll wait further instructions.....
     
  13. Odeho19

    Odeho19 Private E-2

    I looked at the Add/Remove file and wasn't happy with it, and didn't think you'd be able to read it, so I resized it for you. Hope this is better.[​IMG]
     
  14. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    You did not resize it, you chopped information out of it. You have multiple antivirus programs installed. You need to uninstall either McAfee or PC Tools Antivirus now and then reboot. Then you should retry running scans.

    If you still cannot run anything, you may be just better off reinstalling since you cannot really do anything we need to get more info. You cannot run scans and you cannot run any tools to remove anything thus, there is really not much left to do. You could try running some online scans like those mentioned in the below link to see if they can even be run and if they will help. Odds are against this though.

    Alternative Scans
     
  15. Odeho19

    Odeho19 Private E-2

    I uninstalled the PC Tools Antivirus, as this was the most recent application that the owners installed. After this I performed easily more than a dozen restarts to get the unit to perform "normally" with no success.:cry There are no audio beeps to signal anything anymore, and the desktop freezes shortly after it is clear of all error messages. However there are also no more av360 "false" pop-ups anymore either. So it must have progressed to a more advanced stage than it had recently been at, I guess. I'll see what the owners want to do from here, and post back with their response.

    FYI, I most certainly did resize this attachment. If you'll look in the very bottom left hand corner of both of the copies of the Add/Remove Programs that I posted here, on the 1st copy the zoom is set @ 75%. On the second copy, where the font is noticeably larger, the zoom is set @ 100%. Had I known the first one was going to post so small, I wouldn't have even done it that way. And if you need to know the websites that each of the installed applications came from, I can very easily post that side of the list for you.

    I did not attempt to run the Alternative Scans that you listed because the unit would not allow me a stable browser connection.
     
  16. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Yes but you also cut info out when you did this. Look at the numbered list of programs and you will see that many are missing from the new scan. You resize it but also cut out info.

    Sounds like your path is clear at this point and I was going to be telling you this soon anyway, you need to reinstall. There was just too much wrong. If you wish to try something, you could try using the below procedure to see if you can restore older hives of the registry which could make the PC bootable and if you go back far enough, could predate some of the malware.

    http://support.microsoft.com/default.aspx?scid=kb;en-us;307545&sd=tech
     
  17. Odeho19

    Odeho19 Private E-2

    First things first. I want to apologize. I did not notice that while attempting to enlarge the Add/Remove programs list, that Photobucket had removed fully 40% of the file. I don't understand at all why their procedure did that.

    And for the infected computer, the owners have elected to take your advice, and do a reinstall of the OS. So that is my next step. Any advice on this would be appreciated. Thank you for your time.
     
  18. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    You're welcome.

    That was a good idea at this point. ;)

    That is a topic for our Software Forum. :)
     

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds