Cannot open or reinstall malwarebytes, superantispyware, and computer behaving odd

Re: Cannot open or reinstall malwarebytes, superantispyware, and computer behaving od

Welcome to Major Geeks!

Let's see if we can get some info so that we can determine which system file has been corrupted. That way we can try to replace it. Please work thru all steps below and report back later. DO NOT stop if any particular step does not work.

Download and save the below to your PC (save it anywhere you can find it. The Desktop is fine). Then double click on it to run it.

AVPFind.bat

It should take a couple minutes to run. You will see a black command prompt window while it is running and it should close when it is finished. Once it finishes, attach the avplog.txt file that is will hopefully be created on your Desktop as long as the malware does not block the batch file from running. (See: HOW TO: Attach Items To Your Post)

Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

There are 4 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click and choose Run as Administrator



You only need to get one of them to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

1. Rkill.exe
2. Rkill.com
3. Rkill.scr
4. Rkill.pif

Once you've gotten one of them to run then try to immediately run the following.



Now download and Run exeHelper from Raktor

• Please download exeHelper to your desktop.
• Double-click on exeHelper.com to run the fix.
• A black window should pop up, press any key to close once the fix is completed.
• A log file named log.txt will be created in the directory where you ran exeHelper.com
• Attach the log.txt file to your next message.

Note: If the window shows a message that says "Error deleting file", please re-run the program before posting a log - and post the two logs together (they will both be in the one file).

Now run this: Using Malwarebytes Anti-Malware

Now run this: Using MGtools



Now you need to attach (See: HOW TO: Attach Items To Your Post ) the below logs created while running the above scans

• the avplog.txt log on your Desktop
• exeHelper log
• Malwarebytes Anti-Malware log
• MGlogs.zip - normally it is C:\MGlogs.zip - only attach this log from MGtools.exe DO NOT attach any logs seen in the MGtools folder.

NOTE:

1. If you have problems downloading on the problem PC, download the tools and the manual updates for Malwarebytes onto another PC and then burn to a CD. Then copy them to the problem PC. Yes you could use a flash drive too but flash drives are writeable and infections can spread to them.

 

Re: Cannot open or reinstall malwarebytes, superantispyware, and computer behaving od

Did you purchase SpyHunter? We don't recommend using this at all.

Run this Disable/Remove Windows Messenger to remove Windows Messenger. Do not confuse Windows Messenger with MSN Messenger because they are not the same. Windows Messenger is a frequent cause of popups.

Uninstall the below old versions of software:
Java(TM) 6 Update 6
Java(TM) 6 Update 7

Run C:\MGtools\analyse.exe by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator). This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [fekoyitim] Rundll32.exe "c:\windows\system32\konazuki.dll",a
O4 - HKCU\..\Run: [esentsttools] rundll32.exe "C:\Documents and Settings\Ethan04\Local Settings\Application Data\esentsttools\esentsttools.dll", DllInit
O20 - AppInit_DLLs: c:\windows\system32\konazuki.dll,nilujete.dll
O20 - Winlogon Notify: efcARjHX - efcARjHX.dll (file missing)
O21 - SSODL: pifinonar - {4c8db482-6816-48a7-8109-cb82bcd36f51} - c:\windows\system32\konazuki.dll
O22 - SharedTaskScheduler: gahurihor - {4c8db482-6816-48a7-8109-cb82bcd36f51} - c:\windows\system32\konazuki.dll
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

NOTE: HJT may popup an error about the AppInit_DLLs line. Ignore it and click OK to continue.
After clicking Fix, exit HJT.


Now download The Avenger by Swandog46, and save it to your Desktop.

• Extract avenger.exe from the Zip file and save it to your desktop
• Run avenger.exe by double-clicking on it.
• Do not change any check box options!!
• Copy everything in the Quote box below, and paste it into the Input script here: part of the window:

• Now click the Execute button.
• Click Yes to the prompt to confirm you want to execute.
• Click Yes to the Reboot now? question that will appear when Avenger finishes running.
• Your PC should reboot, if not, reboot it yourself.
• A log file from Avenger will be produced at C:\avenger.txt and it will popup for you to view when you login after reboot.

After reboot look for all of the above files we had Avenger attempt to delete. If you still see them, delete them yourself.

Also delete all files in the below folders except ones from the current date (Windows will not let you delete the files from the current day).
C:\WINDOWS\TEMP
C:\Documents and Settings\Ethan04\Local Settings\Temp

Now run Ccleaner. Only use the Run Cleaner button. Do not run anything else on any other forms.

Now run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator).



Then attach the below logs:

• C:\avenger.txt
• C:\MGlogs.zip

Make sure you tell me how things are working now!

After attaching the above logs, go back to the READ & RUN ME FIRST cleaning procedure and run it from beginning to end and attach the requested logs.

 

Re: Cannot open or reinstall malwarebytes, superantispyware, and computer behaving od

Because you did no do all of what I asked you to do in my last message. You did not run the part with C:\MGtools/analyse.exe and you did not properly allow C:\MGtools\GetLogs.bat ( at the end of the last fix ) to run thru to completion. You need to run ALL of the fix again and make sure you follow all steps properly and in the order written. Also something new showed up which I will add to the Avenger script now so be sure to recreate the Avenger fix.

DO NOT rename the MGlogs.zip file to MGlogs1.zip. If you run the fix properly, a new MGlogs.zip file will automatically be created and you should not be editing it at all.

 

Re: Cannot open or reinstall malwarebytes, superantispyware, and computer behaving od

It is more secure now than it was. We cannot say for sure whether any information was stolen. You will have to keep an eye on accounts for awhile to check on an suspicious activity to know if anyone stole passwords.

We still have some more to do! Now that the last fix was run properly, it unhid some things we could not see before.

• Run avenger.exe by double-clicking on it.
• Do not change any check box options!!
• Copy everything in the Quote box below, and paste it into the Input script here: part of the window:

• Now click the Execute button.
• Click Yes to the prompt to confirm you want to execute.
• Click Yes to the Reboot now? question that will appear when Avenger finishes running.
• Your PC should reboot, if not, reboot it yourself.
• A log file from Avenger will be produced at C:\avenger.txt and it will popup for you to view when you login after reboot.

Now run Ccleaner. Only use the Run Cleaner button. Do not run anything else on any other forms.

Now run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator).



Then attach the below logs:

• C:\avenger.txt
• C:\MGlogs.zip

Make sure you tell me how things are working now!

 

Re: Cannot open or reinstall malwarebytes, superantispyware, and computer behaving od

You're welcome. Your logs are clean.


If you are not having any other malware problems, it is time to do our final steps:

1. We recommend you keep SUPERAntiSpyware and Malwarebytes Anti-Malware for scanning/removal of malware. Unless you purchase them, they provide no protection. They do not use any significant amount of resources ( except a little disk space ) until you run a scan.
3. If we had you use ComboFix, uninstall ComboFix (This uninstall will only work as written if you installed ComboFix on your Desktop like we requested.)
   • Click START then RUN and enter the below into the run box and then click OK. Note the quotes are required
   • "%userprofile%\Desktop\combofix" /uninstall
     • Notes: The space between the combofix" and the /uninstall, it must be there.
     • This will uninstall ComboFix and also reset hidden files and folders settings back to Windows defaults.
4. Any other miscellaneous tools we may have had you install or download can be uninstalled and deleted.
5. If we had you download any registry patches like fixme.reg or fixWLK.reg (or any others), you can delete these files now.
6. If running Vista, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
7. Go to add/remove programs and uninstall HijackThis.
8. Goto the C:\MGtools folder and find the MGclean.bat file. Double click on this file to run this cleanup program that will remove files and folders related to MGtools and some other items from our cleaning procedures.
9. If you are running Vista, Windows XP or Windows ME, do the below:
   • Refer to the cleaning procedures pointed to by step 6 of the READ ME for your Window version and see the instructions to Disable System Restore which will flush your Restore Points.
   • Then reboot and Enable System Restore to create a new clean Restore Point.
10. After doing the above, you should work thru the below link:
    • How to Protect yourself from malware!