7 replies to this topic

[boweasel]

This is a response to my original query
http://www.malwareby...showtopic=26229
To mountaintree16 who wrote:
@ boweasel

Please read and follow the instructions provided here: I'm infected - What do I do now?
Scan and Log Procedures
Please download this program Trend Micro HijackThis to your desktop.
Double-click on it to run and install it.
Then launch the program and click on Do a system scan and save a logfile. This log file will open in Notepad.
Please start a Newtopic here
Downloaded HijackThis, and it opened and I clicked on Do a system scan and save a logfile. However, after the scan was done and the logfile displayed for a split second..... it disappeared. I could find no trace of it on the PC. So I clicked on the HijachThis icon, and got the same message as before when I tried to run Malwarebytes - "Windows cannot access the specified device, path or file. You may not have the appropriate permissions....."

I dutifully deleted and reinstalled HijackThis only to have the exact same results. Obviously I cannot post a HijackThis log, and I cannot reply to your post since it is now locked.

What now?

[AdvancedSetup]

I'm sorry for the long delay but the site has been swamped with more requests for help than we can handle in a short period of time.
If you still need help please let me know, otherwise I'll go ahead and close your post as you've probably moved on by now.

[AdvancedSetup]

Okay, well since it looks like you have moved on I'll go ahead and close this post now.

Topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

The fixes and advice in this thread are for this machine only. Do not apply the instructions from this thread to your own machine. Please start a new thread describing your issue and someone will be along to assist you.

[boweasel]

AdvancedSetup, on Oct 9 2009, 06:48 PM, said:

Okay, well since it looks like you have moved on I'll go ahead and close this post now.

I guess I've sorta moved on....

What happened is that when I got no response to my post I searched around in the forum until I found someone with a similar problem. He got an answer which included a link to an apparent different download of Malwarebytes. I uninstalled my version, and downloaded that version, which I was able to successfully run without getting the 'you may not have the appropriate permissions' message.

However, I never saved the setup file for that version, and I can no longer locate it on the forum. I have a friend who is having the same permission problem as I experienced, and I am unable to help him.

Additionally my OWN version of Malwarebytes has apparently become infected. I tried to run it and I got a message that mbam.exe could not be found. I searched first the folder, and then my hard drive - but it was gone.

So I downloaded the setup and reinstalled only to get the same result - no .exe file. Then I went to Windows Explorer while the program was being installed, and I saw mbam.exe in the folder.... and then I saw it disappear. It vanished within seconds of it first appearing.

Finally, on about the 8th install, I was able to be quick enough to copy it to another folder before it got zapped. I renamed it, and moved it back to the Malwarebytes folder. I was finally then able to run it, and it found 8 viruses, which I deleted.

The PC now seems to be running just fine, but I wonder, why don't you allow the setup to install the files and let the user name the executable? After I fixed my problem, I searched and found that others had experienced the same symptom of the vanishing mbam.exe.

Since obviously you have no fix for it, why not slighty modify the install as per my suggestion?

And whatever happened to the version of Malwarbytes that seemed able to avoid the 'you may not have the appropriate permissions' message?

[AdvancedSetup]

First off there is no other version so not sure where you get/got that idea. I did make an alternate installer version of the same product a while back, but that method has been targeted by Malware for a while now as well.

The issue you have or had is current Malware that knows about our product and seeks it out on purpose to remove it. I fully understand you seeking advice elsewhere since you'd not heard back here on the board. I'm sorry but as said there are often just too many requests for help and we're not always able to get to everyone in a timely fashion.

I would suggest though that you please run the following and I'll assist you in reviewing your system to confirm if it is clean or not.


STEP 01
Update and Scan with Malwarebytes' Anti-Malware

• Start MalwareBytes AntiMalware (Vista users must Right click and choose RunAs Admin)
  
• Please DO NOT run MBAM in Safe Mode unless requested to, you MUST run it in normal Windows mode.
  
  • Update Malwarebytes' Anti-Malware
    
  • Select the Update tab
    
  • Click Update
• When the update is complete, select the Scanner tab
  
• Select Perform quick scan, then click Scan.
  
• When the scan is complete, click OK, then Show Results to view the results.
  
• Be sure that everything is checked, and click Remove Selected.
  
• When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidently close it, the log file is saved here and will be named like this:
    
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Then post back the MBAM log and a new Hijackthis log.

STEP 02
[indent]Download DDS and save it to your desktop
http://download.bleepingcomputer.com/sUBs/dds.scr

Disable any script blocker if your Anti-Virus/Anti-Malware has it.
Once downloaded you can disconnect from the Internet and disable your Ant-Virus temporarily if needed.
Then double click dds.scr to run the tool.
When done, the DDS.txt will open.
Click Yes at the next prompt for Optional Scan.

When done, DDS will open two (2) logs:

• DDS.txt
  
• Attach.txt

• Save both reports to your desktop
  
• Please include the following logs in your next reply: DDS.txt and Attach.txt

[/indent]


STEP 03
[indent][/indent][indent]Please temporarily disable your current Anti-Virus in order to run this Online Scanner.
Using Internet Explorer:[indent]

• Vista and Windows 7 users need to right-click on the IE icon in the Start Menu or Quick Launch Bar on the Taskbar and select "Run as Administrator" from the context menu.
  
• Click here to run the Eset Online Scanner using Internet Explorer.
  
• Click on the ESET Online Scanner button.
  
• Click on the checkbox Yes, I accpet the Terms of Use and click on the Start button.
  
• By default the ActiveX installer will be blocked by Internet Explorer. You should see a yellow banner at the top of the Window.
  
• Click the top of the Window and select "Run ActiveX Control" and then click the Run button on the next dialog box.
  
• Click the Retry button if prompted to resend the request to load and run the ActiveX control from ESET
  
• Make sure you Uncheck the Remove found threats checkbox in case we need you to submit a copy of any files found.
  
• Click on the Advanced settings selection in the middle and place a checkmark on the following items

[indent]

• Scan for potentially unwanted applications
  
• Scan for potentially unsafe applications
  
• Enable Anti-Stealth technology
  
• Under Current scan targets: click the Change... item and make sure it's set to Local drives and the Operating memory

[/indent]

• Then click on the Start button and it will start downloading signature database files to update the program
  
• Once the database files are downloaded it should automatically start scanning your system for threats.
  
• When the scanner is done please click on the List of found threats and click on Export to text file...
  
• Save the file as NOD32_SCAN.TXT to your Desktop
  
• Click the << Back button. For now do not uninstall the program or delete the quarantine files, just click the Finish button.
  
• The next screen is advertisement to purchase the product. You can just close that window for now.
  
• If we need to run the program later on it can be ran from here: C:\Program Files\ESET\ESET Online Scanner\OnlineScannerApp.exe
  
• Open the file you saved to your Desktop as NOD32_SCAN.TXT and select all and copy/paste it back on your next reply

[/indent]
Using Another Browser[indent]

• Please click here to launch the application which installs and launches ESET Online Scanner in a separate window.
  
• You will first need to save the file to your Desktop and double-click on it to run it. Vista and Windows 7 users need to right-click and choose "Run as Administrator"
  
• You will should be prompted with "Do you want to run this file?", click on the Run button.
  
• Click on the checkbox Yes, I accpet the Terms of Use and click on the Start button.
  
• The program will download further files to use with the scanner and allow you to change options.
  
• Make sure you Uncheck the Remove found threats checkbox in case we need you to submit a copy of any files found.
  
• Click on the Advanced settings selection in the middle and place a checkmark on the following items

[indent]

• Scan for potentially unwanted applications
  
• Scan for potentially unsafe applications
  
• Enable Anti-Stealth technology
  
• Under Current scan targets: click the Change... item and make sure it's set to Local drives and the Operating memory

[/indent]

• Then click on the Start button and it will start downloading signature database files to update the program
  
• Once the database files are downloaded it should automatically start scanning your system for threats.
  
• When the scanner is done please click on the List of found threats and click on Export to text file...
  
• Save the file as NOD32_SCAN.TXT to your Desktop
  
• Click the << Back button. For now do not uninstall the program or delete the quarantine files, just click the Finish button.
  
• The next screen is advertisement to purchase the product. You can just close that window for now.
  
• If we need to run the program later on it can be ran from here: C:\Program Files\ESET\ESET Online Scanner\OnlineScannerApp.exe
  
• Open the file you saved to your Desktop as NOD32_SCAN.TXT and select all and copy/paste it back on your next reply

[/indent][/indent]

[AdvancedSetup]

Please post a status update on this.

[AdvancedSetup]

I don't understand. You sent me a PM asking for me to reopen your post. I reopened it and now you don't post.

Please let me know what's going on or if you've abandoned it again I'll go ahead and close it again.

Thanks.

[AdvancedSetup]

Okay, well not sure what happened to you but since you no longer appear to be around to respond I'll go ahead and close your post again.