Jump to content

Malwarebytes

Error while trying to remove MBAM

Started by Firefox, Oct 14 2009 09:53 PM

2 replies to this topic

#1
Firefox
Posted 14 October 2009 - 09:53 PM

    Forum Deity

  • Trusted Advisors
  • PipPipPipPipPipPip
  • 5,589 posts
  • Gender:Male
  • Location:USA
OK so I was cleaning out my friends computer. He was infected with the Total Security crap.....

I booted to a bartpe disk and found the exe files that were running the total security app. I put those in a temp folder. Then I restart the computer and was able to run MBAM by renaming the file. It found some infections and I removed the infections.

Restarts ok, but MBAM will not load automatically. I figured it got corrupt by the Total security stuff. Anywho, I uninstalled, rebooted then tried to run the mbam-clean.exe tool. When I run that clean tool I get the following error:

Posted Image

If I try to reinstall now I get this error:

Posted Image

Any help appreciated.....

Posted Image


Dell Precision T5400, Win7 Ultimate 32bit fully updated, Symantec Endpoint Protection,
Watchguard Firewall, Intel Xeon CPU, Dual Quad Core Processors, 4GB Ram,
E5410 @ 2.33GHz, Nvidia Quadro FX570, Raid-1 Dual 500GB Sata 10000 rpm Hard Drives
Dual DVD Burners, IE9, Opera, MBAM

#2
GT500
Posted 14 October 2009 - 10:28 PM

    Mostly Cantankerous

  • Trusted Advisors
  • PipPipPipPipPipPip
  • 5,528 posts
  • Gender:Male
  • Location:Fortville, IN
Total Security has been coming with a rootkit here lately. I would believe it's the UAC rootkit. I had to delete the drivers and such manually from a BartPE disk the other day, because the laptop I was working on would just BSOD on every startup.

Here's a list of the files I removed manually, so that you know what they look like:
C:\Windows\System32\gasfkyckbejkes.dll
C:\Windows\System32\gasfkydceayoso.dat
C:\Windows\System32\gasfkymkvcdtmn.dat
C:\Windows\System32\gasfkymoeantyi.dll
C:\Windows\System32\gasfkywfornrvx.dll
C:\Windows\System32\iehelpmod.dll
C:\Windows\System32\nvModes.001
C:\Windows\System32\nvModes.dat
C:\Windows\System32\uacinit.dll
C:\Windows\System32\UACjlkibebmax.dll
C:\Windows\System32\UACrsryfjovwu.dat
C:\Windows\System32\UACrtapuimfvx.dll
C:\Windows\System32\UACtepxeolwml.dll
C:\Windows\System32\drivers\gasfkyardopxod.sys
C:\Windows\System32\drivers\UACwnthkllldv.sys


Now please note that these files will not have the same name on the computer you are working on, but they were easy to find because I sorted them by date created, and they were the newest files in their directories. I also don't know if the two nvModes files were malicious, but they didn't have version tabs, they had the same created date as the rootkit drivers, and they aren't needed by the NVIDIA display drivers so I deleted them as well.

Also note that, even after doing this, the computer will not be clean. You have a lot of work ahead of you as far as log analysis and running virus scans just to be sure. It may not even fix the issue with MBAM (at least not without a reinstall of MBAM).

Quote

For we wrestle not against flesh and blood, but against principalities, against powers, and against the worldly governors, the princes of the darkness of this world...

#3
AdvancedSetup
Posted 14 October 2009 - 10:58 PM

    Forum Deity

  • Administrators
  • PipPipPipPipPipPip
  • 22,574 posts
  • Gender:Male
  • Location:US
I'll close this topic and if you need or want further assistance with it please open a new post for it in the HJT forum.

Thank you.
Ron Lewis
Manager, Online Support

Posted Image

Follow us: Twitter, Become a fan: Facebook

If you've posted to the HJT forum and it has been over 5 days without a response please send a Private Message asking for assistance.
Back to General Malwarebytes Anti-Malware Forum · Next Unread Topic →


1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users

  1. Malwarebytes Forum
  2. Malwarebytes Anti-Malware Support
  3. General Malwarebytes Anti-Malware Forum

Products

About

Partners

Follow Us