I've used mbam a ton in the past, and it's always been really helpful(thank you creators ) but I recently got the Antivirus system pro malware, and whenever I try to open mbam, I get the little timer next to my cursor for a few seconds, then nothing happens. I've tried redownloading it and looking up ways to get around it, but have been unsuccessful.

Although the bigger problem now is, I restarted my computer and the only thing that came up when i logged on, was my desktop wallpaper. No icons, taskbar, or start menu. I only got on here because i typed firefox.exe into "new task" on task manager. So I probably need to get that sorted out before I start actually deleting the malware.

Any help is greatly appreciated.

Hi Armanno Welcome to the forum, I have a question for you, look at this thread & post back and tell me if this is the AV program you downloaded? http://www.malwarebytes.org/forums/index.php?showtopic=16522
EDIT: If your AV program is made by Lavasoft then well go to the next step

Yeah, that's the version of mbam i downloaded, but it still won't run, it will only install, and I don't have the "Advanced Virus Remover" though.

So you do have 1.38 of MBAM correct? What AV software are you running and/or Firewall? please

Hi Armano,

The reason why this is occuring is the rogue is blacklisting all exe's except crucial system operations and your browser(s) which is so folks can go on line and purchase the fraudulent rogue.

Try renaming MBAM.exe to firefox.exe and see if it launch's first.

Ah just read your first post and realise you probaly will not be able to access the mbam file inorder to rename it.

Have you tried booting into safe mode and running MBAM from there ?

http://www.bleepingcomputer.com/tutorials/tutorial61.html

Yeah, I have that version of MBAM and I have mcaffee that came with my computer, but the only thing it's done is have the firewall ask me if I want to let certain programs access the internet, but I always block their access.


Yeah I tried launching it in safe mode with networking, but it did the same thing.

Ok best bet now is to take this from General forum and start a fresh topic in the HijackThis help forum.

From there we can see if we can address the problem with use of some more heavy weight tools.
http://www.malwarebytes.org/forums/index.php?showforum=7

I'm surprised it is letting you have Task manager available(usually this is one of the first things to get locked out.)

I take it there is no suspicious exe's running (sysguard.exe)?

Let the Firewall & AV accept all of MBAM files. PLease look over this thread http://www.malwarebytes.org/forums/index.php?showtopic=17695 go right down and read post #7 As the mod. posted, we also have to put our mabm files in the Trust area ot he AV & Firewall. We have gotton lots of good results. Please post back with your results. We would like to know. If you have anyquestions about accepting the files in the Trust area. Please post them..

Ok, I'll post a new thread there, but first I'll try to run mbam in safe mode again just to be sure. And, I'm not really sure how to identify what exe's are suspicious, lol.


I mean, the only time I was blocking access was when I first got the virus, and had a bunch of odd exes trying to get internet access. When I first installed mbam I let it access the internet to update, and I've used it numerous times before this. My firewall/AV can't even run right now, so i don't think that's causing it.

ok well AntiVirus System Pro is usually an executable called sysguard.exe located in the windows folder.

Usually MBAM unloads this process everytime so i'm thinking there might be more to the obvious infection that is visible so if safe mode does not work then definetly we will have too investigate further

I feel the same pain. Free version of malware has always come thru for me but this time was too much.My desktop has been ravaged my Antispyware Virus Pro. Cant open IE-hijacks and wont let me open malware bytes. Didnt delete but tried to download or open from portable drive. so now trying to run is a
safe mode to get to malwarebytes. Here is my issue- (byw on laptop problem is with desktop) i have a choice of: safemode, safe mode with networking, or safe mode with command promt. Please dont laugh I dont know which one to select.I have win xp with free avg. Could someone hep me asap? There isnt a timer or countdown on that screen so I am assuming ok until hear from someone. Thanks

Safe mode should be fine if you're just running the program, but if you have to download it again, use safe mode with networking (allows you to use your internet browser to access the internet).

@ Victimized Armanno is down in the HiJackLog forum. Just an FYI. Unless he is done, and is back here? let me know?
EDIT: yes he's still down there....

@ victimized

I might be mistaken, but, I think that site itself is bad? I thought I read that on here somewhere, but I could be mistaken.

I hovered over your link to see what it was, but I did not click.

@ victimized

was the site or info for Armanno? he went down to the Hijack forum with a mod "Fatdcuk" in the early morning.

@ victimized

an hour ago he was here: http://www.malwarebytes.org/forums/index.php?showtopic=17888

By the instructions of a mod. and he should get fixed up down there. Like I said it was an FYI.

@ victimized

so he's all fixed up? If so come & help me with another user with startups over & over y/n?

Victimized, thanks for posting the link, but I saw that site earlier, I downloaded the program they had posted up(spyware doctor), but would only scan and required that i pay and register to delete the files, so I didn't.

And because the virus is blocking me from using the desktop, start menu, or any folders/files it doesn't allow, I can't manually search for those files to remove them. I'm basically limited to only task manager and firefox.

Armanno! Last time I saw you , you went to the Hijack forum. pc all fixed up now?

Not quite, this virus is being very tricky lol.

@ victimized.

I understand that you were posting that link and trying to help, but in case you didn't realize it, he is (or was if already fixed up) getting help from professionals who are very able to help him . You are on the MBAM website - don't be posting links to other help sites that aren't even guaranteed to fix him up. Its great that you were able to help your cousin, but you shouldn't be posting that on here.

It's just the help I post when no cure can be found.

Ok folks just a note to say that usually MBAM will remove this rogue without any difficulties.

The trouble here is that the persons computer has a secondary infection that is blocking MBAM from running and making use of other *fix* tools not so streight forward.

Manual removal is not an option whilst certain functions are locked out and using main stream fix tools looks like they are being hampered too.

Anyway i love a challenge and hopefully will get this sorted for the OP shortly