6 replies to this topic

[Speedbird]

A friend has a browser hijack which is stopping him from connecting to the malwarebytes site to get the updated definitions. I downloaded them to a memory stick and installed them onto his machine but now MWB says the file is not compatible with his version of MWB. His is the same as mine so i think the hijacker is causing this.
Any ideas how to install new up to date defs so he can scan his own machine?
Thank you

[AdvancedSetup]

That actually sounds like he has a cracked version of MBAM.

Have them remove their current version and then you download a NEW copy of MBAM from here along with the new stand alone definitions from here: http://www.gt500.org...es/database.jsp

Burn to CD and have him use that and let us know.

You can also burn this to CD and try it.
It will create a random name and shortcut for MBAM to attempt to bypass some Malware that might be stopping MBAM. randmbam.exe

[Speedbird]

Cracked version? what does that mean? it was installed and operational for a couple of weeks but was never updated. This is why i think it is a case of the definitions being out of date. As it stands he cannot access MWB site so that is why i tried the "load to a usb stick" routine. It was after installing them that the message was displayed about the files being 'wrong"for the application. When installing from the USB key, everything went as i would have expected without issue, it was only when opening the desktop icon that it went Pete Tong again.
Any more ideas please?
Mike

[AdvancedSetup]

It means that MBAM was not obtained from an Official link. That is why the file format does not match.

Please uninstall the current version of MBAM and then run this.

[indent]Please visit this webpage for instructions for downloading ComboFix to your DESKTOP : how-to-use-combofix
Please ensure you read this guide carefully and install the Recovery Console first.
NOTE!!: You must save and run ComboFix.exe on your DESKTOP and not from any other folder.
Also, DO NOT click the mouse or launch any other applications while this is running or it may stall the program

Additional links to download the tool:
ComboFix.exe
ComboFix.exe
ComboFix.exe


Note: The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

Once installed, you should see a blue screen prompt that says:

The Recovery Console was successfully installed.

Please continue as follows:

• Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  
• Click Yes to allow ComboFix to continue scanning for malware.
  
• When the tool is finished, it will produce a report for you.
  
• Please post the C:\ComboFix.txt along with a new HijackThis log so we may continue cleaning the system.

[/indent]

[Speedbird]

OK thanks i will give it all a try and feedback when it is done.

[GrumpyTrucker]

Mods please don't delete - also involved in trying to fix the same friend's PC

AdvancedSetup:

Before Christmas I took in the is very PC and it was riddled with malware. AV2009, Browser 'helpers', toolbars. You name it, it had it. I cleaned it up (MBAM did a perfect job)and ran it for 2 weeks permanently on and connected to the internet. It was checked for holes in the firewall and scanned by 2 different AV programs (installed seperately). It went back running like new. Within a month or two we're back to square one again. Truthfully there are people who should not have PCs and the bloke who owns this PC is one of them. But what can you do? 2 kids who won't let him near his PC and they install anything and everything going. There were 4 IE toolbars on it last time I took it in!

Malwarebytes was originally downloaded from this very site, and I set Windows Scheduler up to open a notepad document every 2 days to remind the owner to update it and run it. Full instructions were included. As far as we can tell, he ran it but never updated it. Now it won't run at all. It's been uninstalled and a new copy downloaded from here (to the best of my knowledge anyway, Speedbird can confirm) along with the latest definitions. It's not (or shouldn't be) a cracked copy of MBAM, but the one from this very site. He uses it himself and used it on a friend of his Father-in-Law's PC a week or two back so he'll have downloaded from the right source.

I'll look at doing the ComboFix & HijackThis ASAP, but since he isn't capable of doing it himself this might be a long drawn out process unless Speedbird or I can get round there and either borrow his PC again, or spend an hour or two beating him around the head with it.

Will try and post back with a HijackThis as soon as time allows.

[AdvancedSetup]

No problem. If I really felt it was stolen or cracked I would have closed the post. What he described is only an indicator of a cracked version but there are other possible causes so I left the post open and will assist you in cleaning it.