Jump to content


Photo

***False positive Trojan.Downloader.ED***


  • This topic is locked This topic is locked
361 replies to this topic

#41 kapcreations

kapcreations

    New Member

  • Members
  • Pip
  • 15 posts

Posted 15 April 2013 - 09:23 PM

It restores all files except for anything in the winsxs folder. Those files cannot be re-copied back in.

#42 KSD68

KSD68

    New Member

  • Members
  • Pip
  • 3 posts

Posted 15 April 2013 - 09:28 PM

Well that was a PITA to manually check 66. Feel bad for those who have more. Seems Windows Restore pulled MBAMS fat outta the fire. They were all there so I deleted the quarantine.

#43 John L. Galt

John L. Galt

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 1,543 posts
  • Gender:Male
  • Location:3rd Rock
  • Interests:Annoyances, especially M$ related.

Posted 15 April 2013 - 09:29 PM

How many files are not being restored? Most of those should be x64 related files, and it might be easier to figure out what they are and run the appropriate installer....

FCE92D3055DAE81D194C9CD863349227.png

375727.png

Interested in alternatives to Micro$oft? Visit our Alternative OS Forum. Also, check out our exclusive interviews (FREE membership required!!!)

 

GrabIt βeta Tester 


#44 jrhawk9

jrhawk9

    New Member

  • Members
  • Pip
  • 12 posts

Posted 15 April 2013 - 09:52 PM

[quote name='kapcreations' timestamp='1366079014' post='669573']
It restores all files except for anything in the winsxs folder. Those files cannot be re-copied back in.
[/quote]

this is the folder in which I need them copied back in for my Win8 install.........lovely.

#45 John L. Galt

John L. Galt

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 1,543 posts
  • Gender:Male
  • Location:3rd Rock
  • Interests:Annoyances, especially M$ related.

Posted 15 April 2013 - 09:58 PM

Actually, IIRC, I think a lot of those files in that folder are actually hardlinks / symlinks to other existing locations.

kap, or jr - can either of you post the complete path for one of those files so I can verify it on my system?

FCE92D3055DAE81D194C9CD863349227.png

375727.png

Interested in alternatives to Micro$oft? Visit our Alternative OS Forum. Also, check out our exclusive interviews (FREE membership required!!!)

 

GrabIt βeta Tester 


#46 asianman6924

asianman6924

    New Member

  • Unused Accounts
  • Pip
  • 2 posts

Posted 15 April 2013 - 10:41 PM

Cannot fix my laptop for some reason. Will not boot into safe mode with networking, and I get an error message saying that something is wrong with cryptul.dll. Please help

#47 kapcreations

kapcreations

    New Member

  • Members
  • Pip
  • 15 posts

Posted 15 April 2013 - 10:48 PM

There is a way to restore the files in WinSXS folders that are not automatically restoring. Support is working on an update to the Fix tool.

#48 John L. Galt

John L. Galt

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 1,543 posts
  • Gender:Male
  • Location:3rd Rock
  • Interests:Annoyances, especially M$ related.

Posted 15 April 2013 - 10:51 PM

Good deal.

FCE92D3055DAE81D194C9CD863349227.png

375727.png

Interested in alternatives to Micro$oft? Visit our Alternative OS Forum. Also, check out our exclusive interviews (FREE membership required!!!)

 

GrabIt βeta Tester 


#49 John A

John A

    True Member

  • Honorary Members
  • PipPipPipPip
  • 253 posts
  • Location:NSW Australia

Posted 15 April 2013 - 10:53 PM

Well I got hit and my win7 desktop is hosed. I could not start Malwarebytes UI from the tray so I restarted the system. System Restore fixed some things. But after that Windows Update failed, SFC failed, system was pathetically slow. So I am in the process of restoring my system from a disk image. Very bad indeed!
Desktop - Intel Core 2 x CPU, 6600 2x2.4GHz, 3GB Ram, Windows 7x32, IE11, Firefox, Microsoft Security Essentials, MalwareBytes Pro, Windows 7 Native Firewall, hardware firewall.
Netbook: Old Acer Netbook, 1Gb, Windows XP/UBUNTU dual boot, Malwarebytes free, Microsoft Security Essentials, Windows XP native firewall

Netbook: Acer 2Gb, Windows 7 x 32, Microsoft Security Essentials, MalwareBytes Pro, Windows 7 Native Firewall.
Notebook: Acer, 4Gb, Windows 8.1 x 64, Windows Defender, MalwareBytes Pro, Windows 8 Native Firewall, hardware firewall

#50 kapcreations

kapcreations

    New Member

  • Members
  • Pip
  • 15 posts

Posted 15 April 2013 - 11:16 PM

We have tested the revised tool which handled WinSXS restores. We would like the log file to confirm success/failure of restoration of files.

#51 MikeRepairsComputers

MikeRepairsComputers

    Regular Member

  • Members
  • PipPip
  • 54 posts
  • Gender:Male
  • Location:Long Beach, WA

Posted 15 April 2013 - 11:33 PM

Where is the revised tool which handles WinSXS restores?

I have a customer's 64 bit Vista laptop that had 2800 quarantined .dll and exe today.
I was barely able to get it working again enough to reinstall MBAM, but after "restore all" on the quarantine tab, it still has over 2400 files that still show. When I reboot, I still have many programs that say dll and exe are missing.
Computer Service Technician (Malwarebytes Reseller)

#52 Bastionpoint Technology

Bastionpoint Technology

    New Member

  • Members
  • Pip
  • 5 posts

Posted 15 April 2013 - 11:42 PM

As of midnight, the fix tool fixed a 2008 R2 Remote Desktop Server that restoring "All" from the MBAM GUI did not. The symptom was that I could not login to the server in normal mode until running the fix tool.

Thanks for addressing the problem so fast, but I'm not looking forward to tomorrow morning with the Pro version installed on 200 machines.

#53 kapcreations

kapcreations

    New Member

  • Members
  • Pip
  • 15 posts

Posted 15 April 2013 - 11:55 PM

@MikeRepairsComputers, check post #28. This is working for us, but we would like to see a revision that will write a log file stating success/failure of the release from quarantine.

#54 MikeRepairsComputers

MikeRepairsComputers

    Regular Member

  • Members
  • PipPip
  • 54 posts
  • Gender:Male
  • Location:Long Beach, WA

Posted 16 April 2013 - 12:11 AM

Thanks, I ran the file from post #28 and the number wend from 2400+ down to 1400+. Many of the remainder files are the same filepath/file duplicated 20 times or more. It would be nice to have an informative log file.
Computer Service Technician (Malwarebytes Reseller)

#55 kapcreations

kapcreations

    New Member

  • Members
  • Pip
  • 15 posts

Posted 16 April 2013 - 12:16 AM

From post 28, you can run:

fixtook /quarantine -list

copy/paste to Excel and reduce duplicates.

My company is working on a PowerShell script to identify which machines need to be hit. The script is very slow, but looks at every machine to see if there was a quarantined file today. With that list we then know which machines need to be touched, and have the tool run.

#56 jstneedanswers

jstneedanswers

    New Member

  • Members
  • Pip
  • 3 posts

Posted 16 April 2013 - 12:40 AM

ok... so I don't understand much of this... all I know is I have windows 7 professional, 64 bit and did the install of some mbam-setup-1.75.0.1300 deal... then did an unquarantine that left 1737 files in quarantine and now when I restart my computer I get a message that says qbupdate.exe-system error: the program can't start because COMCTL32.DLL is missing from your computer. Try to reinstall to fix this problem.

Everything else so far seems to be working ok, but I am sure this shouldn't continue to pop up everytime I start my computer... and I'm not sure if I should worry about the 1737 files still quarantined... I haven't opened Malware again... and not sure I want to...

Now, keep in mind, if there is a fix for this, I need slow, step by step instructions as reading all this has been like taking a foreign language class... :/

#57 exile360

exile360

    exile

  • Administrators
  • PipPipPipPipPipPip
  • 16,016 posts
  • Gender:Male

Posted 16 April 2013 - 12:49 AM

ok... so I don't understand much of this... all I know is I have windows 7 professional, 64 bit and did the install of some mbam-setup-1.75.0.1300 deal... then did an unquarantine that left 1737 files in quarantine and now when I restart my computer I get a message that says qbupdate.exe-system error: the program can't start because COMCTL32.DLL is missing from your computer. Try to reinstall to fix this problem.

Everything else so far seems to be working ok, but I am sure this shouldn't continue to pop up everytime I start my computer... and I'm not sure if I should worry about the 1737 files still quarantined... I haven't opened Malware again... and not sure I want to...

Now, keep in mind, if there is a fix for this, I need slow, step by step instructions as reading all this has been like taking a foreign language class... :/

Greetings,

I'm sorry that you've had this problem. Please do the following and it should correct any remaining issues you're having:

Use the Malwarebytes Anti-Malware False Positive Fix Tool:

  • Make certain you are logged in as an administrator
  • Download the Malwarebytes Anti-Malware FP Fix Tool from here and save it to a convenient location such as your desktop
  • Extract all of the files to a folder and run RunThis.bat NOTE: Windows Vista, Windows 7 and Windows 8 users must right-click on the file and choose Run as Administrator and click Yes or Continue to any User Account Control prompts
  • Restart your system and verify that it is now working properly

Samuel E Lindsey
Product Manager

Posted Image

Follow us: Twitter, Become a fan: Facebook

#58 jstneedanswers

jstneedanswers

    New Member

  • Members
  • Pip
  • 3 posts

Posted 16 April 2013 - 12:57 AM

Nope :/ still get the same error message after restarting... any other ideas?

#59 exile360

exile360

    exile

  • Administrators
  • PipPipPipPipPipPip
  • 16,016 posts
  • Gender:Male

Posted 16 April 2013 - 01:00 AM

Nope :/ still get the same error message after restarting... any other ideas?

I'm sorry to hear that. Please contact Support via this link and they will work with you directly on getting your system back in proper working order.

Thank you
Samuel E Lindsey
Product Manager

Posted Image

Follow us: Twitter, Become a fan: Facebook

#60 jstneedanswers

jstneedanswers

    New Member

  • Members
  • Pip
  • 3 posts

Posted 16 April 2013 - 01:06 AM

I'm sorry to hear that. Please contact Support via this link and they will work with you directly on getting your system back in proper working order.

Thank you


Thank you




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users