Jump to content


Photo

Malwarebytes will not install (fix)


  • Please log in to reply
No replies to this topic

#1 bobbybea

bobbybea

    New Member

  • Members
  • Pip
  • 1 posts

Posted 18 February 2009 - 12:38 PM

The topic of Malawarebytes not able to install has caught my attention.

I receive many infected machines and found that lately, however, these infections are acutely challenging. For instance, the notion that Malwarebytes can fall victim to the ultimate no-installation detailed in this report was too tantalizing to resist. I solved it in this fashion.

Okay, since I write reports, mine, this posting will take that shape just in the case someone wishes to further this investigation.

When I write of Avira, I write of this exact product:
http://www.free-av.c...cue_system.html

Get started by the disabling of the following:
1. Error reporting services,
2. Automatic Updates, and
3. The Event Log; and,
4. Dump the idiotic restore function.
5. Lastly, remove the Remote Assistance as it tries to start later on when we gain territory on the intrusion (in most cases). We are ready to begin.

Use another machine and download two important and indispensable tools noted by our functional and noteworthy administrators in this forum and one that I add that enables you to remove bogus registry entries using the Expert Zone of RegVac. Thus, download gmer, RegVac, and Avira Anti-virus.

1. Burn Avira as noted in many areas of this forum onto a CD and run it on the next boot, but only after you create a new user named something as cleaver as that of “2BDeleted”. Do not log into that user just yet, as it will come in handy soon enough.

2. In other words, Avira scans the new user before you may log into it. The idea here it some of you probably tried many tools to kill the intrusion. The new user is based on whatever Windows functions are transferred over to a newly created user without the added so-named tools (in most cases).

3. To further that notion that Avira (Linux-based) scans on boot, log into the infected user (not the new user) once finished, and run Windows + R, MSConfig and disable everything but Microsoft. Thus, hide Microsoft in the services and disable all. Further, disable all startup items. Do not use safe mode as you need some crucial services to operate.

4. Log into the new user recently created above and install RegVac. Run it in expert zone and notice the bogus entries that appear in the application area for you to “remove all”. Obviously, removing everything may bring some unexpected results—look deep into that list prior to blindly pushing the trigger. Restart as needed.

5. Rename your downloaded gmer to 123.exe and install it, run it, and kill the rootkit that is plaguing the system.

6. Restart the computer and log into that cleverly named new user once more and install Malewarebytes as it will now allow you to install it. Run it. You are done. Noting that the infected user was not used.

To summarize:

We create a new user and treat it. We create new installations of known intrusion fighting tools by renaming them first. And, we clean the registry using the sensitive Expert Zone of RegVac that allows us to trace bogus entries. We then fight the rootkit intrusion and end up liberating our system to allow for the installation of Mbytes.

Condition Note: if for some reason something hangs on install, seek which service is trying to start and disable it taking note in the process manager the tmp file and following its traces. Continue to clean the new user on restart with RegVac as you enable all MSConfig previously disabled start up and services.

Trust Noted: I trust that all anti-virus, registry-blocking applications have been removed prior to this operation. Further, I took it a step further and deleted the Windows/SoftwareDistribution/DataStore once the Update Service was disabled and formatted the idiot split drives that are locate the restore files (if needed). Once all the services are returned to normal, a new update scan can be expected to take place. You are now ready to log back into your infected user for whatever surprises awaits you. Running Mbytes on each user additional times will bring more issues to the surface I am sure.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users