Jump to content

Memory could not be read


hkw

Recommended Posts

  • Replies 93
  • Created
  • Last Reply

Top Posters In This Topic

elise025: Under the Safe Mode, I click on Quarantine Topic of Malwarebytes screen, error message also appears with remarks of 'please inform this error code to our support group:

MBAM-ERROR-ADD_TO_RESULTS(0,6)

After I click confirmed button, MBAM quarantine page appears.

I then repeat the whole process and the result is still the same.

Link to post
Share on other sites

This error means that something could not be added to the results. It doesn't mean there is malware, Since the scan runs fine otherwise, I wouldn't worry about it too much. It sometimes happens.

Do you have any problems left? Lets do also a last scan to check for leftovers.

ESET ONLINE SCANNER

----------------------------

I'd like us to scan your machine with ESET OnlineScan

  1. Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  2. Click the esetOnline.png button.
  3. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

    1. Click on esetSmartInstall.png to download the ESET Smart Installer. Save it to your desktop.
    2. Double click on the esetSmartInstallDesktopIcon.png icon on your desktop.

    3. Check esetAcceptTerms.png
    4. Click the esetStart.png button.
    5. Accept any security warnings from your browser.
    6. Check esetScanArchives.png
    7. Push the Start button.
    8. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    9. When the scan completes, push esetListThreats.png
    10. Push esetExport.png, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
      Note - when ESET doesn't find any threats, no report will be created.
    11. Push the esetBack.png button.
    12. Push esetFinish.png

Link to post
Share on other sites

elise025: ESET Online scanning is very slow and I'm afraid you have to wait 1-2days more for the result come out. At present it takes 15 hours to scan only 16% of the system. I just let you know first and sorry to keep you waiting for so long.

Link to post
Share on other sites

elise025: Following is the threat repost at the moment I quit ESETScan:

C:\System Volume Information\_restore{7AB7F0FD-EA11-498F-B6F7-5AB95BAF1E4F}\RP214\A0153686.exe probably a variant of Win32/Genetik trojan

C:\System Volume Information\_restore{7AB7F0FD-EA11-498F-B6F7-5AB95BAF1E4F}\RP216\A0153814.exe Win32/Packed.Autoit.E.Gen application

C:\System Volume Information\_restore{7AB7F0FD-EA11-498F-B6F7-5AB95BAF1E4F}\RP220\A0154795.exe a variant of Win32/Keygen.AK application

C:\System Volume Information\_restore{7AB7F0FD-EA11-498F-B6F7-5AB95BAF1E4F}\RP225\A0159701.exe a variant of Win32/Keygen.AF application

C:\System Volume Information\_restore{7AB7F0FD-EA11-498F-B6F7-5AB95BAF1E4F}\RP239\A0166221.exe multiple threats

C:\System Volume Information\_restore{7AB7F0FD-EA11-498F-B6F7-5AB95BAF1E4F}\RP239\A0166224.exe probably a variant of Win32/Genetik trojan

D:\F-SecureInternetSecurity2011_v10.50.197+patch+keygen\keygen\Keygen.exe a variant of Win32/Keygen.AF application

Link to post
Share on other sites

Hi, those are nothing serious, mostly in System Restore. I recommend to remove the F-Secure keygen. This type of files is not only illegal, but also a sure way to get your computer infected. Cracks, keygens and the like are used to distribute all latest malware.

ALL CLEAN

--------------

Your machine appears to be clean, please take the time to read below on how to secure the machine and take the necessary steps to keep it clean :D

Please do the following to remove the remaining programs from your PC:

  • Delete the tools used during the disinfection:
    • Click start > run and type combofix /uninstall, press enter. This will remove Combofix from your computer.
    • Delete DDS, GMER (this is a random named file) and OTL.

Please read these advices, in order to prevent reinfecting your PC:

  1. Install and update the following programs regularly:
    • an outbound firewall. If you are connected to the internet through a router, you are already behind a hardware firewall and as such you do not need an extra software firewall.
      A comprehensive tutorial and a list of possible firewalls can be found here.
    • an AntiVirus Software
      It is imperative that you update your AntiVirus Software on regular basis.If you do not update your AntiVirus Software then it will not be able to catch the latest threats.
    • an Anti-Spyware program
      Malware Byte's Anti Malware is an excellent Anti-Spyware scanner. It's scan times are usually under ten minutes, and has excellent detection and removal rates.
      SUPERAntiSpyware is another good scanner with high detection and removal rates.
      Both programs are free for non commercial home use but provide a resident and do not nag if you purchase the paid versions.
    • Spyware Blaster
      A tutorial for Spywareblaster can be found here. If you wish, the commercial version provides automatic updating.
    • MVPs hosts file
      A tutorial for MVPs hosts file can be found here. If you would like automatic updates you might want to take a look at HostMan host file manager. For more information on thehosts file, and what it can do for you,please consult the Tutorial on the Hosts file

[*]Keep Windows (and your other Microsoft software) up to date!

I cannot stress how important this is enough. Often holes are found in Internet Explorer or Windows itself that require patching. Sometimes these holes will allow an attacker unrestricted access to your computer.

Therefore, please, visit the Microsoft Update Website and follow the on screen instructions to setup Microsoft Update. Also follow the instructions to update your system. Please REBOOT and repeat this process until there are no more updates to install!!

[*]Keep your other software up to date as well

Software does not need to be made by Microsoft to be insecure. You can use the Secunia Online Software occasionally to help you check for out of date software on yourmachine.

[*]Stay up to date!

The MOST IMPORTANT part of any security setup is keeping the software up to date. Malware writers release new variants every single day. If your software updates don't keep up, then the malware will always be one step ahead. Not a good thing.

Some more links you might find of interest:

Please reply to this topic if you have read the above information. If your computer is working fine, this topic will be closed afterwards.

Link to post
Share on other sites

elise025: Only 1 threat(given below) was being detected by Kaspersky Internet Security 2011 after full scan and was subsequently removed as recommended.

C:\System Volume Information\_restore{7AB7F0FD-EA11-498F-B6F7-5AB95BAF1E4F}\RP239\A0166224.exe probably a variant of Win32/Genetik trojan

Do I perform the deletion of DDS,GMER & OTL the same way as Combofix?

Delete the tools used during the disinfection:

?Click start > run and type combofix /uninstall, press enter. This will remove Combofix from your computer.

?Delete DDS, GMER (this is a random named file) and OTL.

The boo boo sound still exists which is quite annoying. Is there any means to stop it?

How can I install Microsoft Windows Recovery Console again if I try to make backup for the system if after newly install?

Coud that be helpful to install Registry Repair Tool? If so, which one will you best recommed?

Any method to prevent System Volume Information Files from being infected?

Link to post
Share on other sites

elise025: sorry, the threat detected by Kaspersky Internet Security 2011 after full scan should be as follow:

C:\System Volume Information\_restore{7AB7F0FD-EA11-498F-B6F7-5AB95BAF1E4F}\RP239\A0166224.exe probably a variant of Win32/HackTool.Kiser.yy

When I carry out deletion of DDS/TOL/GMER, error message appears:

Windows cannot find any file or folder 'DDS/TOL/GMER', please check whether your input in correct and try again.

The tools I used before with ComboFix are TOL & RKUnhooker.

Link to post
Share on other sites

elise025: sorry, the threat detected by Kaspersky Internet Security 2011 after full scan should be as follow:

C:\System Volume Information\_restore{7AB7F0FD-EA11-498F-B6F7-5AB95BAF1E4F}\RP244\A0166993.exe probably a variant of Win32/HackTool.Kiser.yy

Link to post
Share on other sites

Hi, the detection by kaspersky is nothing to worry about. :welcome:

You can just delete the DDS, OTL and Rootkit Unhooker files if you still have them, if you already deleted them, you don't have to do anything. These tools do not install anything, so if you delete the file you downloaded, they are gone.

Link to post
Share on other sites

elise025:I don't have any DDS file installed.

The boo boo sound still exists which is quite annoying. Is there any means to stop it or any solution for it?

How can I install Microsoft Windows Recovery Console again if I try to make backup for the system?

Coud that be helpful to install Registry Repair Tool? Would you recommed RegCure?

Can you suggest any method to prevent System Volume Information Files from being infected?

Please give your opinion on the above!

Link to post
Share on other sites

Lets see if I can address each question in part. :welcome:

The boo boo sound still exists which is quite annoying. Is there any means to stop it or any solution for it?
If this is like a system beep (coming from your case), it is most likely a hardware issue and there is little you can do about it, apart from replacing the faulty part. I am not a hardware expert, so unfortunately I'll not be able to be of great help with this.
I don't have any DDS file installed.
In that case you don't have anything to delete. :D
How can I install Microsoft Windows Recovery Console again if I try to make backup for the system?
There is no need for it. You can always access it using your XP CD. The recovery console is only of use if you know how to use it. Its a command line environment that can help fixing certain things when your computer doesn't start up properly.
Coud that be helpful to install Registry Repair Tool? Would you recommed RegCure?
I do not recommend any registry cleaners. In best case they do not improve anything and in the worst case they can do quite some damage.
Can you suggest any method to prevent System Volume Information Files from being infected?
Simply by not infecting your computer. If you uninstalled combofix as instructed, your system restore is reset. All old restore points are gone and a new one is set.
Link to post
Share on other sites

elise025: When I click on Quarantine Topic of Malwarebytes screen, error message now appears with remarks of 'please inform this error code to our support group:

MBAM-ERROR-LOAD_QUARANTINE(0,6)

After I click confirmed button, MBAM quarantine page appears.

What does this error message mean and can it be resumed back to normal? What should I do now?

Link to post
Share on other sites

elise025: After I reinstall the system, the first page before Windosw screen indicates "Hardware monitor found an error. Enter Power setup menu for details". What does this mean? Can you help you to find out what actually is the problem and recommend any solution for it please?

I am now undergoing Kaspersky Internet Security 2011 full scan and thereafter will proceeed with MBAM installation.

Both scan results will be advisded later.

Link to post
Share on other sites

elise025: There is nothing found after complete scan by Kaspersky Internet Security.

I only perform quick scan after MBAM installation.

Qucik scan results are as follows:

01) Trojan.BHO

02) Trojan.BHO Registry Key

HKEY_CLASSES_ROOT\Interface\{a1dd29ed-2598-48e9-9793-64a9cd08ac94}

(No action taken)

03) Trojan.BHO Registry Key

HKEY_CLASSES_ROOT\Typelib\{87ca3845-37fe-414c-81cf-e08a7d0f6779}

(No action taken)

The 3 threats found are the same as the first 3 items in the recent malicious log report.

There is one querry I like to point out above 3 items have been appeared on recent malicious log report which were already quarantined and removed. If they were really removed, how can they appear here again? Will those items continue to exist in the system after removal?

Mine is a desktop without any manufacturer which is put together bit by bit.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.