19 replies to this topic

[kanga85]

Malwarebytes refuses to run. I get an error message 'Run-time error '339'. Component 'vbalsgrid6.ocx' or one of its dependencies not correctly registered . A file is missing or invalid.'

This is an older computer, WinXP SP3. The computer appears to be running well, everything else runs except Malwarebytes.

1. I uninstalled Norton Antivirus, which I have been unhappy with since Norton ceased support of my version in May 2010.

2. Installed, updated, and ran Avira Antivir Personal. Log file (AVSCAN-20100608-183853-762B238C.TXT) attached.

3. Malwarebytes still would not run - same error message.

4. Downloaded and ran defrogger. Appeared to run alright, but I did NOT get a message asking to reboot. Rebooted anyway. Defrogger logfile (defogger_disable.txt) attached.

5. Ran DDS.scr. Log files (DDS.txt and Attach.txt) now attached.

6. Downloaded and ran GMER Rootkit Scanner. Log file (Ark.txt) attached. While this rootkit scanner was running, Avira spontaneously announced that it had found a virus and it started running a scan. I 'removed' this virus. Log file (AVSCAN-20100609-000904-F887325F.TXT) attached.

7. Malwarebytes still didn't run, with the same error message as above . I uninstalled Malwarebytes, ran MBam-Clear, rebooted, reinstalled mbam-setup-1.46.exe. Still wouldn't run,with identical error message.

Thanks for any help. The problem has me baffled.

Attached Files

•  AVSCAN_20100608_183853_762B238C.TXT   22.04K   32 downloads
•  AVSCAN_20100609_000904_F887325F.TXT   20.15K   20 downloads
•  defogger_disable.txt   470bytes   39 downloads
•  DDS.txt   16.67K   13 downloads
•  Attach.txt   17.4K   16 downloads
•  ark.txt   11.58K   36 downloads

[Maniac]

Hello kanga85! Welcome to MalwareBytes' Anti-Malware Forums!

My name is Borislav and I will be glad to help you solve your problems with malware. Before we begin, please note the following:

• The process of cleaning your system may take some time, so please be patient.
  
• Follow my instructions step by step if there is a problem somewhere, stop and tell me I then I'll tell you what to do.
  
• Stay with the topic until I tell you that your system is clean. Missing symptoms does not mean that everything is okay.
  
• Instructions that I give are for your system only!
  
• If you don't know or can't understand something please ask.
  
• Do not install or uninstall any software or hardware, while work on.
  
• Keep me informed of any changes.

Step 1

Please, uninstall the following applications:

• Adobe Reader 8.2.2
  
• LiveReg (Symantec Corporation)
  
• LiveUpdate 1.80 (Symantec Corporation)

You can read, how to this here:

• Windows XP
  
• Windows Vista
  
• Windows 7

Step 2

Please go into the Control Panel, Add/Remove and for now remove ALL versions of JAVA

Then run this tool to help cleanup any left over Java
Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system.
Please download JavaRa and unzip it to your desktop.
***Please close any instances of Internet Explorer (or other web browser) before continuing!***

• Double-click on JavaRa.exe to start the program.
  
• From the drop-down menu, choose English and click on Select.
  
• JavaRa will open; click on Remove Older Versions to remove the older versions of Java installed on your computer.
  
• Click Yes when prompted. When JavaRa is done, a notice will appear that a logfile has been produced. Click OK.
  
• A logfile will pop up. Please save it to a convenient location and post it back when you reply
  
  Then look for the following Java folders and if found delete them.
  C:\Program Files\Java
  C:\Program Files\Common Files\Java
  C:\Windows\Sun
  C:\Documents and Settings\All Users\Application Data\Java
  C:\Documents and Settings\All Users\Application Data\Sun\Java
  C:\Documents and Settings\username\Application Data\Java
  C:\Documents and Settings\username\Application Data\Sun\Java

Step 3

Please download and install Microsoft Visual Basic 6.0 Common Controls:
http://www.microsoft.com/downloads/details...;displaylang=en


Step 4

• Launch Malwarebytes' Anti-Malware
  
• Go to "Update" tab and select "Check for Updates". If an update is found, it will download and install the latest version.
  
• Go to "Scanner" tab and select "Perform Quick Scan", then click Scan.
  
• The scan may take some time to finish,so please be patient.
  
• When the scan is complete, click OK, then Show Results to view the results.
  
• Make sure that everything is checked, and click Remove Selected.
  
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  
• Copy&Paste the entire report in your next reply.

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.


In your next reply, please include these log(s) in this sequence:

• JavaRa log
  
• MalwareBytes' Anti-Malware log
  
• a new fresh DDS log only

[kanga85]

Thanks Borislav.

I uninstall the applications:
1. Adobe Reader 8.2.2
2. LiveReg (Symantec Corporation)
3. LiveUpdate 1.80 (Symantec Corporation)
To do these last two I also had to uninstall Norton System Works 2003.

I removed ALL versions of JAVA and then ran JavaRa. The log file (JavaRa.txt) is attached.

I then removed all instances of Java or Sun\Java in:
C:\Program Files\Java
C:\Program Files\Common Files\Java
C:\Windows\Sun
C:\Documents and Settings\All Users\Application Data\Java
C:\Documents and Settings\All Users\Application Data\Sun\Java
C:\Documents and Settings\username\Application Data\Java
C:\Documents and Settings\username\Application Data\Sun\Java
We have four usernames, and Sun\Java was removed from them all.

I then installed successfully the Microsoft Visual Basic 6.0 Common Controls.

I then launch Malwarebytes' Anti-Malware. It refused to run and I got the error message as before:
'Run-time error '339'. Component 'vbalsgrid6.ocx' or one of its dependencies not correctly registered . A file is missing or invalid.'

I therefore have no Mbam file to attach as I cannot open Mbam to click onto the log tab.

I then ran DDS.scr. A log file (DDS2.txt is attached).

Thanks very much for your help.

Attached Files

•  DDS2.txt   14.17K   15 downloads
•  JavaRa.txt   484bytes   26 downloads

[Maniac]

**Note: If you need more detailed information, please visit the web page of ComboFix in BleepingComputer. **

Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

Stay with me until given the 'all clear' even if symptoms diminish. Lack of symptoms does not always mean the job is complete.

Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by me or another helper.

Please download ComboFix from
Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved and renamed following this process directly to your desktop**

• If you are using Firefox, make sure that your download settings are as follows:
  
  • Open Tools -> Options -> Main tab
    
  • Set to Always ask me where to Save the files.
• During the download, rename Combofix to Combo-Fix as follows:
  
  
  
  
  
  
  
• It is important you rename Combofix during the download, but not after.
  
• Please do not rename Combofix to other names, but only to the one indicated.
  
• Close any open browsers.
  
• Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  

  -----------------------------------------------------------

  
  
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause unpredictable results.
    
  • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    

    -----------------------------------------------------------

  • Close any open browsers.
    
  • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    
  • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    
  • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

  -----------------------------------------------------------

  
  
• Double click on combo-Fix.exe & follow the prompts.
  
• When finished, it will produce a report for you.
  
• Please post the C:\Combo-Fix.txt for further review.

**Note: Do not mouseclick combo-fix's window while it's running. That may cause it to stall**

[kanga85]

Thanks,

I followed all instructions, downloaded and ran Combofix (Combo-fix). It required to go online to download some Microsoft Recovery program during its run.
Log file (Combo-fix.txt) now attached.

I have not attempted to run Malwarebytes; await further instructions.

Attached Files

•  Combo_fix.txt   17.42K   21 downloads

[Maniac]

Please follow the instructions issue #15 :
http://forums.malwarebytes.org/index.php?s...ost&p=49525

[kanga85]

I followed these instructions #15.

Mbamfix.bat gave three messages:
1. DLLRegisterServer in C:\ProgramFiles\Malwarebytes'Anti-Malware\mbamext.dll succeeded
2. ditto \ssubtmr6.dll failed. Return Code was:0x80004005.
3. ditto \vbalsgrid6.ocx failed. Return Code was 0x80004005.

I then Ran Microsoft Visual Basic Common Controls which reported that it installed correctly.

Malwarebytes refused to run, giving the same error message as before:
'Run-time error '339'. Component 'vbalsgrid6.ocx' or one of its dependencies not correctly registered . A file is missing or invalid.'

I then uninstalled Malwarebytes, ran Mbam-Clean, rebooted, and tried to install Mbam-setup-1.46.exe.
I now get the same error message (Run-time error '339'), but during installation, with an invitation to tell Microsoft about it.
Malwarebytes then refuses to run, with the same error message.

Reading the set of instructions you mentioned in your last post (http://forums.malwar...s...ost&p=49525), I see no mention at all of Error 339. This seems odd, because surely others have had a similar problem?

Thank you for your continuing help.

[Maniac]

Uninstall it in Normal mode and then in Safe Mode download a new fresh copy, install it and try again.

[kanga85]

Malwarebytes uninstalled in normal mode, and reinstalled (new program) in safe mode.

Malwarebytes installed with no error messages, but an attempt to run it provided the same error message (twice) ('Run-time error '339'. Component 'vbalsgrid6.ocx' or one of its dependencies not correctly registered . A file is missing or invalid.'), with two opportunities to tell Microsoft about the problem.

Thank you.

[Maniac]

Please download and run this program: Dial-a-fix

[kanga85]

Dial-a fix downloaded and run. Gave a number of error messages which I presume are include in the attached file (Dial-a-fix.txt).
Thanks once again. After watching Australia get thrashed in football World Cup by Germany, I wonder if I should change my alias and disguise my nationality?

Attached Files

•  Dial_a.fix.txt   16.14K   24 downloads

[Maniac]

Follow these instructions:
http://www.bleepingcomputer.com/forums/ind...st&p=231230

Let me know how are things.

Quote

After watching Australia get thrashed in football World Cup by Germany, I wonder if I should change my alias and disguise my nationality?

Where?

[kanga85]

I have run SFC.Exe.

It asked for my Windows CD so presumably copied a file or two. Ran completely through with no exit message.

Rebooted and reinstalled malwarebytes, installation was trouble free, but as soon as I tried to run it I got the same error message (twice):'Run-time error '339'. Component 'vbalsgrid6.ocx' or one of its dependencies not correctly registered . A file is missing or invalid.'

Thanks for your continuing support and help. We must be getting closer(?)

I live in Australia, so all World Cup Football games are played in the small hours of the morning local time. But I am a Rugby Union man, have none of the tribal allegiances of football, so will not waste my time and sleep watching any more games.

[Maniac]

Yes, we're getting closer.

Please download and install this one:
http://www.microsoft.com/downloads/details...;displaylang=en

Try again with MBAM.

[kanga85]

VB6.0-KB290887-X86.exe downloaded and run.

This program asked me where I wanted to put the files. I put them in C:\Windows\system32, but am unsure as to whether this is the right place.

Malwarebytes was then reinstalled with no errors, but as soon as I tried to run it I again got two examples of the same error message: 'Run-time error '339'. Component 'vbalsgrid6.ocx' or one of its dependencies not correctly registered . A file is missing or invalid.'

The computer appears to be running all other programs fine, with Malwarebytes the only offender. I would give up on Malwarebytes (except it seems to be a useful program) if it wasn't for the fact:
1. I am now interested in where this problem lies.
2. Is there really an underlying problem with the computer which should be sorted out?

[Maniac]

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2

• Double-click SystemLook.exe to run it.
  
• Copy the content of the following codebox into the main textfield:
  

  :filefind
  *crtdll.dll*

  
  
  
• Click the Look button to start the scan.
  
• When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

Note: The log can also be found on your Desktop entitled SystemLook.txt

[kanga85]

Systemlook.exe downloaded and run with text as requested.
Log (systemlook.txt) attached.

I made a mistake in a previous post. I thought the visual basic file VB6.0-KB290887-X86.exe would automatically run when clicked and was surprised when it asked me where to put the files. I now find that it was actually a zipped file and that I needed to extract vbrun60sp6.exe and run that. I have done this, and it automatically put files into c:\windows\system32 (I think; Too fast to read!)
I then reinstalled and tried to run Malwarebytes, but with the same error message as described previously.

Thank you.

Attached Files

•  SystemLook.txt   970bytes   24 downloads

[Maniac]

Please download the following program to your desktop. Close all other open applications and then run the program.
It will restore file permissions to the system and automatically restart the computer when done.
restoredefaultperms.exe

Then if the computer does not reboot go ahead and restart the computer. Then run the following, make sure you disable your Anti-Virus first.

Windows XP:

• Click on Start and select Control Panel
  
• Open Add/Remove Programs
  
• Uninstall Malwarebytes' Anti-Malware
  
• Restart your computer very important
  
• Download and run mbam-clean.exe from here
  
• It will ask to restart your computer, please allow it to do so very important
  
• After the computer restarts, temporarily disable your Anti-Virus and install the latest version of Malwarebytes' Anti-Malware from here
  
  • Note: You will need to reactivate the program using the license you were sent via email if using the Pro version
    
  • Launch the program and set the Protection and Registration. Then go to the UPDATE tab if not done during installation and check for updates.
    Restart the computer again and verify that MBAM is in the task tray if using the Pro version. Now setup any file exclusions as may be required in your Anti-Virus/Internet-Security/Firewall applications and restart your Anti-Virus/Internet-Security applications. You may use the guides posted in the FAQ's here or post to ask and we'll explain how to do it.

[kanga85]

Eureka!

Ran restoredefaultperms.exe. Seemed to run through three times, left no log file that I can find, but from the screen seemed to find three faults. Too fast to read, but the second was in:
HKey_Local_Machine\Security\Policy\Secrets\SAI: 2 The system cannot ...
The third was in HKey_Local_Machine\Software\Microsoft\Windows NT\Permissions.....

Rebooted, uninstalled Malwarebytes, rebooted, ran mbam-clean, rebooted, reinstalled Malwarebytes.
Malwarebytes ran perfectly. Undated and ran a quick scan which found one problem. Log (mbam-log-2010-06-20 (11-12-39).txt) attached.

Thanks for your help which is greatly appreciated. I presume I can now reload Java and Adobe? And live normally!

I have a number of other questions.

1. How did this problem arise, and how do I avoid it in future?

2. The registry setting HKey_Local_Machine\Security\ has many keys listed under it, while my wife's computer, slightly newer but running much the same software, has but a single key under HKey_Local_Machine\Security with the setting 'value not set'. Do I need these extra keys? The key HKey_Local_Machine\Security\Policy\Secrets\SAI, when I try to open it, gives the message 'Cannot open SAI: Error while opening key'. The key immediately above it; HKey_Local_Machine\Security\Policy\Secrets\SAC, gives a similar error message. This presumably means they cannot be removed?

3. The registry now has no key HKey_Local_Machine\Software\Microsoft\Windows NT\Permissions, and nor does my wife's computer. Was this key removed by restoredefaltperms.exe?

Thank you.

Attached Files

•  mbam_log_2010_06_20__11_12_39_.txt   976bytes   23 downloads

[Maniac]

Quote

Thanks for your help which is greatly appreciated. I presume I can now reload Java and Adobe?

Will be done!

Quote

How did this problem arise, and how do I avoid it in future?

Due to malware. It appears that the malware is changed registry values in resulting MBAM stops working. In the last step you'll see.

Quote

The registry setting HKey_Local_Machine\Security\ has many keys listed under it, while my wife's computer, slightly newer but running much the same software, has but a single key under HKey_Local_Machine\Security with the setting 'value not set'. Do I need these extra keys? The key HKey_Local_Machine\Security\Policy\Secrets\SAI, when I try to open it, gives the message 'Cannot open SAI: Error while opening key'. The key immediately above it; HKey_Local_Machine\Security\Policy\Secrets\SAC, gives a similar error message. This presumably means they cannot be removed?

Nothing to worry! Note that the registry is an individual, which means depending on installed software and change settings of OS, the values in it are changing and the situation is not the same everywhere. My advice to you as a beginner not delve there without any basic knowledge of there because this could seriously damage the OS. If there is interference of malware out there, MBAM will care. Malware can't be saved.

Quote

The registry now has no key HKey_Local_Machine\Software\Microsoft\Windows NT\Permissions, and nor does my wife's computer. Was this key removed by restoredefaltperms.exe?

restoredefaltperms.exe simply returns the values that are default.


Step 1

* Go to start > run and copy and paste next command in the field:

ComboFix /uninstall

Make sure there's a space between Combofix and /
Then hit enter.

This will uninstall Combofix, delete its related folders and files, reset your clock settings, hide file extensions, hide the system/hidden files and resets System Restore again.


Step 2

To enable CD Emulation programs using DeFogger please perform these steps:

• Please download DeFogger to your desktop.
  
• Once downloaded, double-click on the DeFogger icon to start the tool.
  
• The application window will now appear. You should now click on the Enable button to enable your CD Emulation drivers
  
• When it prompts you whether or not you want to continue, please click on the Yes button to continue
  
• When the program has completed you will see a Finished! message. Click on the OK button to exit the program.
  
• If CD Emulation programs are present and have been enabled, DeFogger will now ask you to reboot the machine. Please allow it to do so by clicking on the OK button.

Step 3

Please manually delete DDS, GMER, JavaRa, Dial-a-fix, SystemLook, mbam-clean and mbam-setup.


Step 4

Please download the latest version of Adobe Reader from:
www.adobe.com

About Java:
www.java.com/en


Step 5

Some malware preventions:
http://miekiemoes.blogspot.com/2008/02/how...nt-malware.html


Safe surfing!