Jump to content


Photo
- - - - -

Getting Malwarebytes "needs to close error" with v1.70.0.1100 in Windows XP


  • This topic is locked This topic is locked
32 replies to this topic

#21 sgbrown68

sgbrown68

    New Member

  • Members
  • Pip
  • 25 posts

Posted 17 January 2013 - 11:31 AM

Farbar Service Scanner Version: 16-01-2013
Ran by Steve (administrator) on 17-01-2013 at 11:30:18
Running from "C:\Documents and Settings\Steve\My Documents\Downloads"
Microsoft Windows XP Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Attempt to access Google IP returned error. Google IP is offline
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll
[2008-06-03 09:01] - [2008-06-03 09:01] - 0126976 ____A (Microsoft Corporation) C51DE19619D50CBD03708647ACA10E70

C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys
[2008-07-28 06:53] - [2008-07-28 06:53] - 0361600 ____A (Microsoft Corporation) 367DE8E5F638C091F49273144274F629

C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll
[2008-04-28 09:07] - [2008-04-28 09:07] - 0330752 ____A (Microsoft Corporation) 4F10A2FA76B5BD54CD68AFA94E8ADB39

C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll
[2012-03-09 08:10] - [2009-08-06 18:23] - 0022744 ____A (Microsoft Corporation) 02E4055488047729B333F99D93877038

C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll
[2008-07-07 15:23] - [2008-07-07 15:23] - 0253952 ____A (Microsoft Corporation) F17F6226BDC0CD5F0BEF0DAF84D29BEC

C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll
[2009-02-09 05:56] - [2009-02-09 05:56] - 0401408 ____A (Microsoft Corporation) 9222562D44021B988B9F9F62207FB6F2

C:\WINDOWS\system32\services.exe
[2009-12-23 10:05] - [2009-12-23 10:05] - 0110592 ____A (Microsoft Corporation) C519E15665CD89A91AD383FCE3CB556A


Extra List:
=======
Gpc(6) IPSec(4) NetBT(5) PSched(7) Tcpip(3)
0x0700000004000000010000000200000003000000050000000600000007000000
IpSec Tag value is correct.

**** End of log ****

#22 sgbrown68

sgbrown68

    New Member

  • Members
  • Pip
  • 25 posts

Posted 17 January 2013 - 11:40 AM

fyi, the sfc.exe resulted in my having to update windows (several updates, actually). once that was done, i rebooted and ran the fss, posted above, then i ran a quick scan on mwarebytes and it completed successfully. i'll now reboot again and see if it will complete another one successfully.

#23 sgbrown68

sgbrown68

    New Member

  • Members
  • Pip
  • 25 posts

Posted 17 January 2013 - 11:51 AM

well, good news, i was able to run another quick scan successfully after reboot. perhaps the problem was the windows just needed to be updated, but we'll see what happens going forward. at any rate, i'd be grateful for any feedback you may have and i'll run a few more scans periodically throughout the day -- i usually do at least one full mwarebytes scan per day. i'll let you know if i run into any further irregularities. i deeply appreciate all of your assistance in this matter.

best, s

#24 Maniac

Maniac

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 21,405 posts
  • Gender:Male
  • Location:Bulgaria, EU

Posted 17 January 2013 - 06:07 PM

Please scan your system with this tool:

Download AVPTool from Here to your desktop

Run the programme you have just downloaded to your desktop (it will be randomly named)

Click the cog in the upper right
Posted Image

Select down to and including your main drive, once done select the Automatic scan tab and press Start Scan
Posted Image

Allow AVP to delete all infections found
Once it has finished select report tab (last tab)
Select Detected threads report from the left and press Save button
Save it to your desktop and post it in your next reply.
My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here paypal.gif

#25 sgbrown68

sgbrown68

    New Member

  • Members
  • Pip
  • 25 posts

Posted 17 January 2013 - 10:11 PM

Status: Disinfected (events: 6)
1/17/2013 8:49:10 PM Disinfected Trojan program HEUR:Exploit.Java.CVE-2012-1723.gen C:\Documents and Settings\Steve\Application Data\Sun\Java\Deployment\cache\6.0\35\7f9ae8a3-2b63f6d3 High
1/17/2013 8:49:10 PM Disinfected Trojan program Exploit.Java.CVE-2012-1723.cv C:\Documents and Settings\Steve\Application Data\Sun\Java\Deployment\cache\6.0\35\7f9ae8a3-2b63f6d3/KheVa/KheVc.class High
1/17/2013 8:49:10 PM Disinfected Trojan program Exploit.Java.CVE-2012-1723.cv C:\Documents and Settings\Steve\Application Data\Sun\Java\Deployment\cache\6.0\35\7f9ae8a3-2b63f6d3/KheVa/KheVe.class High
1/17/2013 8:49:10 PM Disinfected Trojan program Exploit.Java.CVE-2012-1723.cv C:\Documents and Settings\Steve\Application Data\Sun\Java\Deployment\cache\6.0\35\7f9ae8a3-2b63f6d3/KheVa/KheVd.class High
1/17/2013 8:49:10 PM Disinfected Trojan program Exploit.Java.CVE-2012-1723.cv C:\Documents and Settings\Steve\Application Data\Sun\Java\Deployment\cache\6.0\35\7f9ae8a3-2b63f6d3/KheVa/KheVa.class High
1/17/2013 8:49:10 PM Disinfected Trojan program Exploit.Java.CVE-2012-1723.cv C:\Documents and Settings\Steve\Application Data\Sun\Java\Deployment\cache\6.0\35\7f9ae8a3-2b63f6d3/KheVa/KheVb.class High
Status: Deleted (events: 2)
1/17/2013 8:50:08 PM Deleted Trojan program HEUR:Exploit.Java.CVE-2012-0507.gen C:\Documents and Settings\Steve\Application Data\Sun\Java\Deployment\cache\6.0\52\61d70074-68001ee9 High
1/17/2013 8:50:14 PM Deleted Trojan program HEUR:Exploit.Java.CVE-2012-4681.gen C:\Documents and Settings\Steve\Application Data\Sun\Java\Deployment\cache\6.0\28\3682889c-79afcfb3 High

#26 Maniac

Maniac

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 21,405 posts
  • Gender:Male
  • Location:Bulgaria, EU

Posted 18 January 2013 - 05:41 AM

Posted Image Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older versions of Java components and upgrade the application.

Upgrading Java :
Please download JavaRa to your desktop and unzip it to its own folder
  • Run JavaRa.exe, then click Remove JRE.
  • Run the built-in uninstallers for all copies of java listed
  • Click the Next button
  • Click the Next button again
  • Click the Java Manual Download link
  • A browser window will open with the Java download page
  • Click the Windows Offline (32-bit) or Windows Offline (64-bit) link to download Java (based on your browser type)
  • Run the installer
  • Close JavaRa

My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here paypal.gif

#27 sgbrown68

sgbrown68

    New Member

  • Members
  • Pip
  • 25 posts

Posted 18 January 2013 - 06:50 AM

ok, java has been updated. anything else?

#28 Maniac

Maniac

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 21,405 posts
  • Gender:Male
  • Location:Bulgaria, EU

Posted 18 January 2013 - 11:27 AM

How are things now?
My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here paypal.gif

#29 sgbrown68

sgbrown68

    New Member

  • Members
  • Pip
  • 25 posts

Posted 18 January 2013 - 11:44 AM

everything's working very well. ran several mwarbytes scans and no more problems. am setting up a paypal account to leave you a tip. many thanks for all of your assistance!

#30 Maniac

Maniac

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 21,405 posts
  • Gender:Male
  • Location:Bulgaria, EU

Posted 18 January 2013 - 05:26 PM

Glad I could help! :)

  • Download OTC to your desktop and run it
  • Click Yes to beginning the Cleanup process and remove these components, including this application.
  • You will be asked to reboot the machine to finish the Cleanup process. Choose Yes.

Please uninstall ESET Online Scanner and manually delete mbam-clean and Kaspersky AVP.

Some malware prevention tips:
users.telenet.be/bluepatchy/miekiemoes/prevention.html


Safe surfing! :)
My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here paypal.gif

#31 sgbrown68

sgbrown68

    New Member

  • Members
  • Pip
  • 25 posts

Posted 19 January 2013 - 10:53 AM

thanks again, cheers

#32 Maniac

Maniac

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 21,405 posts
  • Gender:Male
  • Location:Bulgaria, EU

Posted 19 January 2013 - 12:28 PM

You're welcome! :)
My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here paypal.gif

#33 Maurice Naggar

Maurice Naggar

    Staff

  • Moderators
  • PipPipPipPipPipPip
  • 14,550 posts
  • Gender:Male
  • Location:USA
  • Interests:Security, Windows, Windows Update, malware prevention

Posted 20 January 2013 - 02:30 PM

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!
Maurice Naggar
Product Support

staff.png

Follow us: Twitter, Become a fan: Facebook

I close my threads if there is 5 days without a response.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users