Jump to content

Update v2014.07.26.09 Entire System32 Quarantined?


Recommended Posts

  • Staff

If anyone is currently running a scan STOP the scan immediately.

 

Do not allow anything to be quarantined or removed.

 

Update the database and then run another scan.

Link to post
Share on other sites

  • Replies 78
  • Created
  • Last Reply

Top Posters In This Topic

Top Posters In This Topic

Posted Images

my system's completely messed up now...unable to run any system exe. my anti-malware wont open, cmd does not open, any thing i try to open i get "file system error (-1073741515), unable to boot into safe mode or even from installation disc or usb. please help lol...seems like my whole winsystem has been quarantined and im not even able to restore anything since i cant even get into Malwarebyes Anti-Malware...

Link to post
Share on other sites

If anyone is currently running a scan STOP the scan immediately.

 

Do not allow anyting to be quarantined or removed.

 

Update the database and then run another scan.

 

Still detecting files as Trojan.FakeMS.ED

 

 

Malwarebytes Anti-Malware

www.malwarebytes.org
 
Scan Date: 27-7-2014
Scan Time: 3:09:32
Logfile: dump.txt
Administrator: Yes
 
Version: 2.00.2.1012
Malware Database: v2014.07.27.01
Rootkit Database: v2014.07.17.01
License: Premium
Malware Protection: Disabled
Malicious Website Protection: Enabled
Self-protection: Disabled
 
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Kinsmir
 
Scan Type: Hyper Scan
Result: Cancelled
Objects Scanned: 124
Time Elapsed: 1 min, 24 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Disabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Warn
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 41
Trojan.FakeMS.ED, C:\WINDOWS\SYSTEM32\drivers\1394bus.sys, , [64edd3f59db321947969fdf1dd747323], 
Trojan.FakeMS.ED, C:\WINDOWS\SYSTEM32\drivers\1394ohci.sys, , [a87d604aea360176311474c87a63bb88], 
Trojan.FakeMS.ED, C:\WINDOWS\SYSTEM32\drivers\acpipmi.sys, , [99f8e788246d495ce3794d7e7821d2ca], 
Trojan.FakeMS.ED, C:\WINDOWS\SYSTEM32\drivers\agilevpn.sys, , [7ecff9b22276b73f43a99a15a6094e90], 
Trojan.FakeMS.ED, C:\WINDOWS\SYSTEM32\drivers\AGP440.sys, , [608c14dba7299d8cb6ed035a68a15799], 
Trojan.FakeMS.ED, C:\WINDOWS\SYSTEM32\drivers\amdide.sys, , [1ff8b4431c353ce385c875f194924c0c], 
Trojan.FakeMS.ED, C:\WINDOWS\SYSTEM32\drivers\amdk8.sys, , [7024f087cff1833a806193ef9d22cda9], 
Trojan.FakeMS.ED, C:\WINDOWS\SYSTEM32\drivers\amdppm.sys, , [1e56388b3fe0d031c44144eb8c4d6217], 
Trojan.FakeMS.ED, C:\WINDOWS\SYSTEM32\drivers\appid.sys, , [89a69c3f2f319b43379399547526d952], 
Trojan.FakeMS.ED, C:\WINDOWS\SYSTEM32\drivers\asyncmac.sys, , [769765ce2cc62867468cea93969b2242], 
Trojan.FakeMS.ED, C:\WINDOWS\SYSTEM32\drivers\ataport.sys, , [059f00def82bf41e433b7ed465847726], 
Trojan.FakeMS.ED, C:\WINDOWS\SYSTEM32\drivers\battc.sys, , [f4de2ae7a9e1badac70bc71ea2c17612], 
Trojan.FakeMS.ED, C:\WINDOWS\SYSTEM32\drivers\beep.sys, , [16a47ce2decc9b099349a5f840654746], 
Trojan.FakeMS.ED, C:\WINDOWS\SYSTEM32\drivers\blbdrive.sys, , [61583ee3c3a17003c4acd0475646b4d3], 
Trojan.FakeMS.ED, C:\WINDOWS\SYSTEM32\drivers\bowser.sys, , [6c02a83164f5cc0a262f4199f0871cf5], 
Trojan.FakeMS.ED, C:\WINDOWS\SYSTEM32\drivers\bridge.sys, , [5c2f352a4e961d72518261257aae204b], 
Trojan.FakeMS.ED, C:\WINDOWS\SYSTEM32\drivers\bthenum.sys, , [cf98190a94f62e405c8cb255018b2315], 
Trojan.FakeMS.ED, C:\WINDOWS\SYSTEM32\drivers\bthmodem.sys, , [9da669f11d1f894ab4eb69bf546a42e8], 
Trojan.FakeMS.ED, C:\WINDOWS\SYSTEM32\drivers\Diskdump.sys, , [b3222734d80013d2c73841b0c549fa63], 
Trojan.FakeMS.ED, C:\WINDOWS\SYSTEM32\drivers\drmk.sys, , [e0d3cd5841e5c7be7b94ba946af1e498], 
Trojan.FakeMS.ED, C:\WINDOWS\SYSTEM32\drivers\drmkaud.sys, , [9b19f34400d24df84c858a421c205754], 
Trojan.FakeMS.ED, C:\WINDOWS\SYSTEM32\drivers\Dumpata.sys, , [839b5fe3d48e9f35b22c21a3d5103f6c], 
Trojan.FakeMS.ED, C:\WINDOWS\SYSTEM32\drivers\dumpfve.sys, , [814db88f2641691575a455cf25354098], 
Trojan.FakeMS.ED, C:\WINDOWS\SYSTEM32\drivers\dxapi.sys, , [bf24d6f2ed97fe830bfd52b246f98e67], 
Trojan.FakeMS.ED, C:\WINDOWS\SYSTEM32\drivers\dxg.sys, , [fede0629ecb23650d48989517d4914da], 
Trojan.FakeMS.ED, C:\WINDOWS\SYSTEM32\drivers\dxgkrnl.sys, , [88612f1ce3bf42256913bf6e61c70d52], 
Trojan.FakeMS.ED, C:\WINDOWS\SYSTEM32\drivers\dxgmms1.sys, , [1f04cfb79dd5fb7694468ce3fb3dcc31], 
Trojan.FakeMS.ED, C:\WINDOWS\SYSTEM32\drivers\errdev.sys, , [34a3c54752046e79a126e15c51db409b], 
Trojan.FakeMS.ED, C:\WINDOWS\SYSTEM32\drivers\exfat.sys, , [a510c654ec00c1e9bdd91eeb3a59823b], 
Trojan.FakeMS.ED, C:\WINDOWS\SYSTEM32\drivers\fastfat.sys, , [0adc83218b66a6db380c330836f3e36d], 
Trojan.FakeMS.ED, C:\WINDOWS\SYSTEM32\drivers\fdc.sys, , [d765d19cd8ef61f650c384f62fac00ab], 
Trojan.FakeMS.ED, C:\WINDOWS\SYSTEM32\drivers\fileinfo.sys, , [655661be46b5f5f3fd454e2c3095b930], 
Trojan.FakeMS.ED, C:\WINDOWS\SYSTEM32\drivers\filetrace.sys, , [5f671ab5bc87eea04ec38a6cd5962a47], 
Trojan.FakeMS.ED, C:\WINDOWS\SYSTEM32\drivers\flpydisk.sys, , [c172a0f53008eaeb8ea33fe10e177af5], 
Trojan.FakeMS.ED, C:\WINDOWS\SYSTEM32\drivers\http.sys, , [0ea7de1acb728dd5a369fd742d6eee28], 
Trojan.FakeMS.ED, C:\WINDOWS\SYSTEM32\drivers\hwpolicy.sys, , [a5462bd6884960c9dc85ed49d34ff392], 
Trojan.FakeMS.ED, C:\WINDOWS\SYSTEM32\drivers\i8042prt.sys, , [fa55c73d4affa7ee23ac4be53b4592d3], 
Trojan.FakeMS.ED, C:\WINDOWS\SYSTEM32\drivers\intelide.sys, , [f00f20e70c6ec3aa366910083a0518aa], 
Trojan.FakeMS.ED, C:\WINDOWS\SYSTEM32\drivers\intelppm.sys, , [ada036632c664caa754079041cf1f8c1], 
Trojan.FakeMS.ED, C:\WINDOWS\SYSTEM32\drivers\ipfltdrv.sys, , [c9f0e1bd74365a8771590e9008d22ab6], 
Trojan.FakeMS.ED, C:\WINDOWS\SYSTEM32\drivers\IPMIDrv.sys, , [0fc1aea580957aa8817b8f305d18ca3a], 
 
Physical Sectors: 0
(No malicious items detected)
 
 

(end)

Link to post
Share on other sites

I was also (by the grace of all that is merficul) able to use a restore. 

 

Don't know how relevant this is, but just to give as detailed a description as I can so that it could help anyone out there, I have a Lenovo laptop and Windows 7 Professional.  It kept trying Windows Startup Repair but wasn't making any progress (like this).  At some point, there's an option to try "advanced recovery options."  I clicked that, chose my log on name and entered my regular log on password.  It then gives you a menu of stuff.  I tried System Restore.  My latest restore point was 7/25.  I tried it and it gave me an error (I should have noted the error number but didn't).  I then went to System Image Recovery and it told me that 7/20 was my latest image point.  I was hesitant because from what I can tell, System Image Recovery wipes away your recent files as well, unlike System Restore.  After some time, I went back to System Restore to take a look and somehow, I only saw restore points before 7/25, the latest one being the 7/20 point that was the latest System Image Recovery point I mentioned.  So I tried a System Restore of the 7/20 point.  It gave me an error again, I think the same error.  Then, I was messing around with something else and wasn't really paying attention to what happened after the error on the 7/20 System Restore, but I restarted the computer.  It somehow it booted up normally and told me that the computer has been restored to 7/20.  I checked around in the comp and it looks all right. 

 

Interestingly, I can't do anything with the Malwarebytes program right now.  I can't open it (mbam.exe gives me Runtime error '383') and unins000.exe gives me "unins000.exe is missing". 

 

I'm not sure what the proper etiquette is regarding pasting logs.  I can paste it here but like tbowyer's, it's long.  Here it is on pastebin: Part 1, Part 2

Link to post
Share on other sites

Also, can all users affected please add their OS version and language as well.

 

Thanks for your cooperation, it is much appreciated

 

what about for those of us who's system has been messed up because of this?anyone wanna help me out on how to fix my issues?=] thx. 

 

currently running os win7 ultimate; Language English

Link to post
Share on other sites

Also, can all users affected please add their OS version and language as well.

 

Thanks for your cooperation, it is much appreciated

 

Latest update fixed it for me also.

 

 

Version: Windows 7 Pro (Build 7601: Service Pack 1)

Language: English (with Dutch locale)

Link to post
Share on other sites

Our research team has indicated that this should now be corrected in Malware Database: v2014.07.27.02

 

Can anyone please try to verify?

I cannot get newer signature (the update icon is dim) now but with the signature i just updated 2 hours ago i got over 10,000 threats identified. What to do?  Is it safe to reboot my PC as now I cannot start MalwareByte.....  :<

Link to post
Share on other sites

  • Staff

I cannot get newer signature (the update icon is dim) now but with the signature i just updated 2 hours ago i got over 10,000 threats identified. What to do?  Is it safe to reboot my PC as now I cannot start MalwareByte.....  :<

You're using a LUA, right-click the desktop icon, select run as admin, then try update.

Link to post
Share on other sites

Yea did what the program told me to do, then cannot boot into Windows now.  What are my options, you better release something that can restore the files from the windows recovery command prompt.  I can't do anything now and it has been a few hours.

Link to post
Share on other sites

As mentioned, I was able to do a System Restore but I can't start or uninstall my Malwarebytes anymore.  I tried installing a new version from the website but it says that uninstallation of my current version failed and asks me to manually uninstall my current version first.  I tried removing the Malwarebytes folder from my Programs folder, but I still get the same error.  When I try to install, it gives me "unins000.msg is missing.  Please correct the problem or obtain a new copy of the program." 

Link to post
Share on other sites

You're using a LUA, right-click the desktop icon, select run as admin, then try update.

It is my home PC and I am the admin.  Anyway I managed to call it up and update the signature.  Re-run scan and result shows no more Trojan.FakedMS.ED.

 

This is a terrible experience.  Hope MalwareByte do more tests in future before releasing to public.  Luckily the large number of detected items keep me from pressing quarantine.

 

Thanks Tom for you help.

Link to post
Share on other sites

  • Staff

As mentioned, I was able to do a System Restore but I can't start or uninstall my Malwarebytes anymore.  I tried installing a new version from the website but it says that uninstallation of my current version failed and asks me to manually uninstall my current version first.  I tried removing the Malwarebytes folder from my Programs folder, but I still get the same error.  When I try to install, it gives me "unins000.msg is missing.  Please correct the problem or obtain a new copy of the program." 

Hi

 

Just run our cleanout tool and reinstall:

http://downloads.malwarebytes.org/file/mbam_clean

 

http://downloads.malwarebytes.org/file/mbam

 

You may need to reactivate

Link to post
Share on other sites

At first I saw system restore point from 7/23 and 7/20 2014 and cant use any of them both failed.  Now I only see system restore point from 2013 and tried one it fails too.  

 

Booting into windows give me the BSOD with:

 

c000021a (fatal system error)

The verifcation of a knownDLL failed.  System process terminated unexpectedly .. a status of 0xc000012f (0x001da760 0x00000000).  The system has been shut down.

 

Tried a few hours with the windows recovery menu and nothing works.

Link to post
Share on other sites

Malwarebytes,

All the free users with no realtime protection are fine if they never quarantined or deleted the items.  However I am a mbam pro user that had realtime protection turned on which automatically quarantined these files.  The system is now not allowing me to restore these files.  I have also tried in safe mode.

 

This is the messages I Am getting when trying to restore either in normal mode or safe mode

 

"Unable to restore quarantined item c:\Program Files\Microsoft Office15\root\office15\msvcp100.dll : The process cannot access the file because it is being used by another process"

 

I am trying to kill services one by one to see but this just caused my PC to blue screen.  What are we suppose to do thanks to this bad mbam definition update?  What about he people who cant even start up their systems now.

 

Need answers please.

 

Running windows 8 64bit.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.