36 replies to this topic

[Quinny]

I can see why the DrWeb complete scan took over 6 hrs to complete is because there must be aprox 10gb of cd's he's backed up in his music folder,Here's a small section of logfile at the end.
Scan statistics
-----------------------------------------------------------------------------
Scanned: 431599
Infected: 1
Modifications: 0
Suspicious: 2
Adware: 14
Dialers: 0
Jokes: 0
Riskware: 0
Hacktools: 2
Cured: 0
Deleted: 0
Renamed: 0
Moved: 2
Ignored: 0
Scan speed: 154 Kb/s
Scan time: 4:42:29
-----------------------------------------------------------------------------
C:\Documents and Settings\Wools\Downloads\BflixInstaller.exe - incurable - moved
=============================================================================
Total session statistics
=============================================================================
Scanned: 478462
Infected: 1
Modifications: 0
Suspicious: 2
Adware: 14
Dialers: 0
Jokes: 0
Riskware: 0
Hacktools: 2
Cured: 0
Deleted: 0
Renamed: 0
Moved: 3
Ignored: 0
Scan speed: 118 Kb/s

[Maurice Naggar]

Save and close any work documents, close any apps that you started.
Start your MBAM MalwareBytes' Anti-Malware.
Click the Settings Tab and then the General Settings sub-tab. Make sure all option lines have a checkmark.
Then click the Scanner settings sub-tab in second row of tabs. Make sure all option lines have a checkmark.

Next, Click the Update tab. Press the "Check for Updates" button.

If prompted for a Restart, do that.

When done, click the Scanner tab.
Do a Quick Scan.

When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy and paste the new MBAM scan log into a reply.

NEXT:
Download, & save & then run the MS Safety scanner
http://www.microsoft...us/default.aspx
Let me know the result.

[Quinny]

Sorry Maurice,i've been away from the laptop for a couple of hrs (dinner at my sisters).I just followed you latest instructions.
When updating MBAM it sticks on "connecting to server" for aprox 5mins and then takes about another 5mins on downloading.
Acting like i've got really slow broadband but i have'nt (22 mpbs DL).
MBAM quick scan detected no malware.
You never mentioned wether to run a quick or full scan with MS safety scanner so i ran a quick scan which detected no malware.
Malwarebytes Anti-Malware (PRO) 1.61.0.1400
www.malwarebytes.org
Database version: v2012.07.01.08
Windows Vista Service Pack 2 x64 NTFS
Internet Explorer 9.0.8112.16421
Wools :: WOOLS-PC [administrator]
Protection: Enabled
01/07/2012 20:37:24
mbam-log-2012-07-01 (20-37-24).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 215194
Time elapsed: 3 minute(s), 44 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)

[Maurice Naggar]

The MBAM scan is very good result. Go ahead & get & run the MS Safety scanner, as I outlined before.

[Quinny]

Hi Maurice,I have already run a quick scan with the MS Safety scanner as instructed by you,
and the results were clean.
Do you want me to run it again?

[Maurice Naggar]

Hello Quinny,

No need to re-run the MS Safety scanner.
We can wrap this up now. I see that you are clear of your original issues.
If you have a problem with these steps, or something does not quite work here, do let me know.
Advise me when you have completed the following cleanups.

The following few steps will remove tools we used.
We have to remove Combofix and all its associated folders. By whichever name you named it, ( you had named it ComboFix ),
put that name in the RUN box stated just below.
The "/uninstall" in the Run line below is to start Combofix for it's cleanup & removal function.
Note the space before the slash mark.
The utility must be removed to prevent any un-intentional or accidental usage, PLUS, to free up much space on your hard disk.

• Highlight the line in this CODEBOX.
  Select & Copy the entire line within this codebox (so that it is in Windows clipboard memory)
  

  c:\users\Wools\Desktop\ComboFix /uninstall

  
  
  
• Start >> type in cmd >> press the Ctrl+Shift+Enter keyboard combination and cmd.exe will be launched as if you selected Run as Administrator. You will then see a User Account Control prompt asking if you would like to allow the Command Prompt to be able to make changes on your computer. Click on the Yes button and you will now be at the Elevated Command Prompt.
  
  Do a Right click within the command prompt window and select Paste. This must show the line from Codebox above.
  Then tap Enter

IF in the case Combofix un-install has an issue, skip that step.

NEXT

• Download OTC to your desktop and run it
  
• Click Yes to beginning the Cleanup process and remove these components, including this application.
  
• You will be asked to reboot the machine to finish the Cleanup process. Choose Yes.

ERUNT you should keep and use on a periodic basis to backup Windows registry.

Delete the following if still present:
DrWeb Cure-it
TDSSKILLER.exe
SecurityCheck.exe
MS Safety scanner

You may go to Control Panel's Programs and Features >> locate ESET Online scan & IF found.... select it, and right-click to uninstall (remove).
Close the applet when done. This will free up the space used by the scan utility.

Safer practices

• Have a hardware router between the incoming internet-modem and your computer.
  
  
• Configure your Antivirus software to check for updates daily, at a time in which you are sure the computer will be on.
  
  
• Check in at Windows Update and install any Critical or Important Updates offered.
  
  
• Make certain that Automatic Updates is enabled.
  How to configure and use Automatic Updates in Windows
  http://support.microsoft.com/kb/306525
  
  
  
• Check on other update issues as well, visit Secunia Online Software Inspector (OSI)
  See How to detect vulnerable and out-dated programs using Secunia Personal Software Inspector
  
  
  
• Download, install, and keep updated Spyware Blaster (free): http://www.javacools...areblaster.html (all Protections should be enabled at all times)
  
  
• I'd recommend that you get and use MVP Mike Burgess' custom hosts file http://mvps.org/winhelp2002/hosts.htm
  See the FAQ page http://mvps.org/winh...02/hostsfaq.htm
  That would help to keep your browser away from known spyware/malware sites.
  
  
  
• Make regular backups of your system to removable media: DVD, USB external hard drive, etc.
  Having a total image backup of your system stored on DVD/CD is highly important.
  Get and make use of imaging-backup utilities and save them to offline media. That way you have something to fall back to if another disaster hits.
  Examples of image backup software: Acronis True Image, or the free (for personal use) Macrium Reflect http://www.macrium.com/reflectfree.asp
  or Paragon Backup & Recovery http://www.paragon-s...e/download.html
  
  
• Consider using Web of Trust WOT add-on for your browser(s)
  http://www.mywot.com/en/download
  http://www.mywot.com/en/faq/add-on
  
  
  
  On some regular schedule, it is a good idea to do an online scan for viruses and malware. Here is a very short list of sites where this may be done:
  
  ESET Online Scanner
  
  Panda ActiveScan
  
  Trend Micro Housecall
  
  F-Secure Online Scanner
  
  
  
  
• See Six tips to help you stay safer online
  
  
• Never, ever download free games, free tools, videos, mutli-media files or anything free unless you can be absolutely sure the source is safe !

We are finished here. Best regards.

[Quinny]

Hi Maurice,thanks for all your help.I have one query after i ran DrWeb it quarantined four files and put them
in a folder,what shall i do with these files which are:
bflixinstaller.exe
descript.ion
gygan.exe
javascriptinsert.js
Also what if after i uninstall all the tools i've run there's no change and MBAM still crashes when running a
full scan and then crashes the laptop as per my problem in my first post.

[Maurice Naggar]

Delete the DrWeb quarantine folder.

As to MBAM, look in the general MBAM F.A.Q. to set "trust" exclusions in both MBAM and your antivirus.
http://forums.malwar...showtopic=10138

Also, fyi, with some stubborn antivirus apps, you may need to first turn it off, before starting MBAM scan.

[Quinny]

Thanks Maurice.After i ran the otl cleaner i was prompted to restart and when it restarted i was faced with a black screen
and an alert saying this version of Windows is not genuine.
Then the desktop appeared with "this version of windows is not genuine" in the bottom right hand corner of the task bar.
I then rebooted again and it started normally without the alert.

[Quinny]

Just tried the acid test and run a MBAM full scan i had also set exclusions and it crashed after 11secs,and then
crashed the laptop.So i shutdown via power button and tried again but this time i disable Avast and it crashes after 24secs.
So the problem still persists as of my first post and no closer to fixing it.Any ideas what can be causing this?
As you know it has no problem running a quick scan.

[Maurice Naggar]

The term "crashes" is so un-specific. Do you get a STOP exception? (aka BSOD). if so, what is the exception code and the corresponding description?
or is it some "exception" message from MBAM? if so, what is it? and can you take a screen snapshot and post here?
barring a BSOD, you can use ALT-print-screen to capture the screen message, then go to Paint, and paste, and save the image, and then post that.

If not BSOD, are you seeing a "freeze"?

answer these questions, please. and then re-run a fresh DDS, and copy and paste the DDS.txt log

If I cannot figure out the issue, I will refer you to either customer support if you have an MBAM license; otherwise, I will ask you to post a fresh post into the General MalwareBytes forum.

[Quinny]

Hi Maurice,When i say crashes i mean MBAM says not responding then the laptop freezes.
I am unable to take a screen shot with alt+printscreen and also unable to use snipping tool.
The only thing i can do when this happens is shut it down with the power button.
Also there is no BSOD.I Do notice the cpu fan is blowing a lot and the hard drive light seems to be
flickering most of the time.Unable to do scan with eset online scanner and Avast free full scan aswell.

[Maurice Naggar]

Did you wait at least 15 minutes before calling it a freeze?

Is your MBAM a PRO (licensed)? if so, I need to hand you over to customer support.

[Quinny]

Yeah i've waited as long as 30mins.Using MBAM free.

[Maurice Naggar]

Prepare a new run of DDS and save the logs. Make a new topic in General MBAM-forum http://forums.malwar...hp?showforum=41
Use the term "freeze" instead of crash, give a summary of the current situation. Mention Maurice sent you there. Include the link to this topic here.
and in your new MBAM topic, paste the new DDS.txt log. Then wait for a staff member of MalwareBytes to respond.

Best to you.

[Quinny]

Ok will do.Thanks for all your help through this ordeal.

[Maurice Naggar]

You're welcome. Stick with your new thread in MBAM general http://forums.malwar...howtopic=111928
Good wishes to you. I am closing this topic.