4 replies to this topic

[Stormbringer829]

I have tried both MalwareBytes and HiJackThis, they install and launch OK but when run scan they both closes immediatley then I get a windows (Windows cannot access specified device, you may not have permissions to access them) error if I try to launch again. I have tried to run them from a CD and I get a runtime error with MalwareBytes and HiJackThis scans quickly then closes. I am going to try running ComboFix next and see if I can at least find out what this is. Any help or suggestions would be greatly appreciated.

[tjg81296]

I have a similar issue. The user went to a random site and ended up with "Advanced Virus Remover" Pretty impressive looking.

I have tried the following with no avail:

Disabled all startup and services.

Reboot to safe mode.

Took ownership of directory thinking permissions were changed.

Reinstall Mbam in safe mode and then start scan, gets through 1 file and poof gone! permissions error returns "Windows cannot access specified device, path, or file. You may not have the appropriate permissions to access the item." when starting mbam.exe.

When not in safe mode cannot run regedit, task manager.

Current running processes in safe mode (show process from all users):
taskmgr.exe
explorer.exe
svchost.exe
svchost.exe
svchost.exe
lsass.exe
services.exe
winlogon.exe
csrss.exe
smss.exe
System
System Idle Process - User Name - System

Regedit does run in safe mode.

Current entries in HKLM\Software\Microsoft\Windows\CurrentVersion\Run:
C:\Windows\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto - This should just be to bring up the Config utility on startup.


Any thoughts?

TIA,
Tom

[Maniac]

Greetings.

To get you fixed up please follow the instructions here:
I'm infected - What do I do now?

And post your logs in a new topic here:
Malware Removal - HijackThis Logs

Please be sure not to install any software or use any removal or scanning tools exept those that you are
instructed to by the expert who will be assisting you as doing so can make their job much more difficult.

note: if for some reason you are unable to run some or any of the tools in the first link, then skip that step and move on to the next one.
If you can't even run HijackThis, then just post here: Malware Removal - HijackThis Logs describing your issues and an expert will reply with further instructions.

I hope I was helpful. Good luck and safe surfing.

[tjg81296]

Maniac,

Thanks for the info. I probably should start another thread for the issue I have but as mentioned Mbam and HJT doesn't run so we can't post a log file from it.

I have removed the drive and put in another workstation and I am scanning it there. I will post the results.

Thanks,
Tom

Maniac, on Jul 29 2009, 04:54 PM, said:

Greetings.

To get you fixed up please follow the instructions here:
I'm infected - What do I do now?

And post your logs in a new topic here:
Malware Removal - HijackThis Logs

Please be sure not to install any software or use any removal or scanning tools exept those that you are
instructed to by the expert who will be assisting you as doing so can make their job much more difficult.

note: if for some reason you are unable to run some or any of the tools in the first link, then skip that step and move on to the next one.
If you can't even run HijackThis, then just post here: Malware Removal - HijackThis Logs describing your issues and an expert will reply with further instructions.

I hope I was helpful. Good luck and safe surfing.

[Maniac]

tjg81296, that's right! Write up information about your problem to help the experts understand what the problem so that a faster and easier to help you. Post all information in your next thread.

You're welcome!