9 replies to this topic

[thesamim]

Downloaded MBAM today.

Installed on a vista (known clean) machine, tested everything well.

Installed on an XP (known infected) machine. Not so well.

Installation and update went fine. Can navigate the UI and change settings.

On starting a scan, timer ticks up Object Count does not go up. After about ~ 15 seconds MBAM just disappears. On trying to restart from the Start menu (or desktop icon) I get "windows cannot access the specified device, path, or file. You may not have the appropriate permissions to access the item." If I try to run from command line, all I get is "access denied"

I am logged as the administrator for this machine.

I have AVG anti-virus, have added the MBAM path to the exclusion list.

Things I have tried to date:
1. Quickscan first: Fail, can't restart, re-install
2. Full scan fist: Fail, can't restart, re-install
3. Repeat above without database update first after install: Fail, can't restart, re-install
4. Repeat above from command line:Fail, can't restart, re-install
5. All of the above in safe mode: Fail

I'm probably not the fist to run into this, but searches on the forum did not turn up anything useful.

XP is on SP3 and up to date.
AVG is probably not a factor, since the behaviour is the same in safe mode, but is up to date.

Help!!!!?

[AdvancedSetup]

Please review the FAQ for a possible solution.

[thesamim]

AdvancedSetup, on Aug 8 2009, 02:09 AM, said:

Please review the FAQ for a possible solution.

I have AVG, so McAfee and TrendMicro FAQs irrelevant.

Have added the install directory to AVG exclusions.

Tried the rename trick: FAIL

RootRepeal: Will not start on that machine. Manually scanned for the identified [prefix]*.sys files, found none. Waiting to hear from rootRepeal about suggestions.

New finding: firefox gets killed on start up as well even in safe mode. interestingly IE8 - no addons starts fine.

Tried to restore to a restore point from before issues: no jou.

Further suggestions?

[TeMerc]

You need to post a HijackThis log into the Malware Removal - HijackThis Logs forum

Scan and Log Procedures

• Please download this program Trend Micro HijackThis to your desktop.
  
• Double-click on it to run and install it.
  
• Then launch the program and click on Do a system scan and save a logfile. This log file will open in Notepad.
  
• Please start a Newtopic here and post the most recent Malwarebytes' Anti-Malware log file and HijackThis log file using Copy/Paste.
  
• The Malwarebytes' Anti-Malware log file is located in the Logs tab of the program.

Someone will analyze the logs and give you further instructions.
Prompt responses to instructions and performing the required fixes as soon as possible is always best.
During this scan and cleanup process you should not install any other software unless requested to do so.

NOTE: Please DO NOT post back to your post within the first 48 hours. Replying to your own posts changes the post count and will often cause helpers to think that you're already being helped and thus they won't open and look at your post. If no one has replied within 48 hours then please go ahead and either reply to your post or send a private message to a Moderator and let them know that you're still needing assistance.

As soon as someone is available they will assist you.

[thesamim]

TeMerc, on Aug 8 2009, 01:47 PM, said:

You need to post a HijackThis log [...]

HiJackthis also gets killed immediately on scan start.
Tried renaming HiJackThis. no joy.

I realize I am well beyond this being a malware bytes issue. so i greatly appreciate further help.

[AdvancedSetup]

Hello thesamim,

The issue is that we don't work on logs or support like that here in the General forum. Just open a NEW post in the HJT forum and let them know that none of the scanners seem to run and as soon as they're available they will assist you. Current wait times appear to be about 3 to 5 days though as there are just too many people seeking assistance.

[thesamim]

AdvancedSetup, on Aug 8 2009, 03:22 PM, said:

Hello thesamim,

The issue is that we don't work on logs or support like that here in the General forum. Just open a NEW post in the HJT forum and let them know that none of the scanners seem to run and as soon as they're available they will assist you. Current wait times appear to be about 3 to 5 days though as there are just too many people seeking assistance.

Will do.

Thanks for your time Ron and Tom.

[thesamim]

thesamim, on Aug 8 2009, 03:24 PM, said:

Will do.

Thanks for your time Ron and Tom.

Right, this is taking on epic proportions. Posting this here in case anyone else has seen the like. Will keep updating the blog until it's resolved in case that helps anyone with the same problem.

sami_mikhail.posterous.com/virusmalwarespyware-from-hades-anyone-know-wh

Edited by AdvancedSetup, 10 August 2009 - 06:25 AM.
removed hyperlink

[thesamim]

Update posted at sami_mikhail.posterous.com/

usual http prefix in front of that. apparently links not ok in posts (sorry about that). I'm not going to post every update from now on, those interested can follow in the blog. those not interested can ignore. i don't want to clutter up this thread with useless information.

[DaChew]

Del