when doing basic malware removal; malwarebytes doesn't run

Discussion in 'Malware Help (A Specialist Will Reply)' started by judoka, Jul 8, 2009.

  1. judoka

    judoka Private E-2

    when I do basic malware removal malwarebytes prpgram doesn't run after it has been downloaded. What can I do? I'm trying to remove malware in my computer so I can download McAfee, because right now it doesn't allow me to download the files from my internet proveder, when I choose typical download it just stops; however it lets me download spybot and malwarebytes but these programs do not run. Can you plz help? Also when i try to install CAanti-virus plus and anti-spyware my computer restarts :(
     
    Last edited: Jul 8, 2009
    judoka, Jul 8, 2009
    #1
  2. judoka

    judoka Private E-2

    when doing malware removal malware bytes and combofix do not run after installation

    I followed your basic malware removal guide to remove malware but malwarebytes and combotools didn't work. I included the log files as attachments. This virus blocks me from installing anti-virus software from my internet provider, and resets the computer when I try to install it from a CD. I hope you can help and really appreciate you taking the time to help me. :major
     

    Attached Files:

    judoka, Jul 9, 2009
    #2
  3. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Welcome to Major Geeks!


    Please double-click the RootRepeal.exe previously downloaded.
    • Select File then Scan
    • On the Select Drives form select drive C by "ticking" the box for drive C and click OK
    • When the scan is complete - highlight each of the following file(s) (one at a time if more then one is listed) by left clicking it. Then use right mouse click and select the Wipe File option only for each file.
      • C:\WINDOWS\SYSTEM32\MSIVXcount
      • C:\WINDOWS\SYSTEM32\MSIVXtmdrrprumehewbmqbwesiofimamtkslt.dll
      • C:\WINDOWS\SYSTEM32\MSIVXfqlrlxifklqlwnoxwayhdjnstsyvxmgh.dll
      • C:\WINDOWS\SYSTEM32\DRIVERS\MSIVXbqqoqbpfqrsthxvrblxwpuwcijcriwxo.sys
    • After Wiping all files, immediately reboot your pc!
    Run C:\MGtools\analyse.exe by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator). This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

    O2 - BHO: (no name) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - (no file)
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [dxgquyce] C:\WINDOWS\system32\mrujyhej.exe
    O4 - HKUS\S-1-5-21-117609710-764733703-1343024091-1003\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User '?')
    O4 - HKUS\S-1-5-21-117609710-764733703-1343024091-1003\..\Run: [dxgquyce] C:\WINDOWS\system32\mrujyhej.exe (User '?')
    O8 - Extra context menu item: &Search - ?p=ZKxdm021YYUS
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.112.74,85.255.112.102
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.112.74,85.255.112.102

    After clicking Fix, exit HJT.

    Now run this Disable/Remove Windows Messenger to remove Windows Messenger. Do not confuse Windows Messenger with MSN Messenger because they are not the same. Windows Messenger is a frequent cause of popups.

    Now download The Avenger by Swandog46, and save it to your Desktop.
    • Extract avenger.exe from the Zip file and save it to your desktop
    • Run avenger.exe by double-clicking on it.
    • Do not change any check box options!!
    • Copy everything in the Quote box below, and paste it into the Input script here: part of the window:
    • Now click the Execute button.
    • Click Yes to the prompt to confirm you want to execute.
    • Click Yes to the Reboot now? question that will appear when Avenger finishes running.
    • Your PC should reboot, if not, reboot it yourself.
    • A log file from Avenger will be produced at C:\avenger.txt and it will popup for you to view when you login after reboot.

    After reboot look for all of the above files we had Avenger attempt to delete. If you still see them, delete them yourself.

    Also delete all files in the below folders except ones from the current date (Windows will not let you delete the files from the current day).
    C:\WINDOWS\TEMP
    C:\Documents and Settings\Alex\Local Settings\Temp\

    Now see if you can run Malwarebytes and ComboFix.


    Now run Ccleaner. Only use the Run Cleaner button. Do not run anything else on any other forms.

    Now run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator).

    Then attach the below logs:
    • C:\avenger.txt
    • the Malwarebytes and ComboFix logs if they ran.
    • C:\MGlogs.zip
    Make sure you tell me how things are working now!
     
    chaslang, Jul 11, 2009
    #3
  4. judoka

    judoka Private E-2

    thanks for taking the time to help me out; however the problem with my computer didn't go away yet. I double clicked the RootRepeal.exe and ran the scan on drive C. I erased the first four files that you instructed and immediately rebooted the computer. After the windows logo it said checking file system on C:, file system is FAT32, and then " one of the disks needs to be checked for consistency. You may cancel the ckeck." The first time I let it run and it got stuck after about 75% of the check has been completed. The last statement on the screen was:"Documents and settings\Alex\LocalSettings\TempIntFiles\Content.IE5\K1MRWTIL\CAANoJ9Q.ad is cross-linked or allocation unit 100750." Then the computer just freezes and I can't get the windows to open. I tried to cancel the check but I can't find a way to do it. I then rebooted in the safe mode and was able to get in the windows that way, but there is no way I can get to the regular windows now. What should I do to fix this problem. Thanks.
     
    judoka, Jul 11, 2009
    #4
  5. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Please try finishing the rest of my instructions in safe boot mode.
     
    chaslang, Jul 14, 2009
    #5

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds