Jump to content


Photo

IP protection failed


  • This topic is locked This topic is locked
15 replies to this topic

#1 DaRajunCajun

DaRajunCajun

    New Member

  • Members
  • Pip
  • 16 posts
  • Gender:Male

Posted 11 June 2013 - 03:22 PM

Hi. I just installed MBAM 1.75.1300 (latest 7 greatest) on my Dell Precision T3500 workstation. The computer was infected by viruses and I think I got most of them. I wanted to use MalwareBytes to scan for a prevent future infections. I installed the trial version of the pro. When I look at the icon in the system tray it is grayed out. When I open the program and go to protection (to schedule scans & updates) it shows partial protection enabled. Enable Malicious Website Blocking is not enabled and cannot be enabled. I uninstalled it using add remove programs, rebooted ran MBAM Clean utility, rebooted and reinstalled the program a few times and still cannot enable website blocking. I stopped and restarted the MBAM service and still not able to enable all protection. The computer is running Windows 7 Pro 64b Service Pack 1, 12GB of RAM.

#2 AdvancedSetup

AdvancedSetup

    Staff

  • Root Admin
  • PipPipPipPipPipPip
  • 41,245 posts
  • Gender:Male
  • Location:US

Posted 11 June 2013 - 03:28 PM

Are you sure you're logged in with an Admin account and not a limited user account?

Ron Lewis
Forum Community Manager

staff.png

Follow us: Twitter, Become a fan: Facebook


#3 AdvancedSetup

AdvancedSetup

    Staff

  • Root Admin
  • PipPipPipPipPipPip
  • 41,245 posts
  • Gender:Male
  • Location:US

Posted 11 June 2013 - 03:29 PM

Probably also best to get some logs to see what else might be going on.


Please create an mbam-check log:

  • Download mbam-check.exe from here and save it to your desktop
  • Double-click on mbam-check.exe to run it, it should then open a log file
  • Please do not copy and paste the entire contents of the log into your next post, instead please attach the log CheckResults.txt file which should now be located on your desktop to your next post


Next, Please run the following scanner and send back the logs.

Download DDS from one of the locations below and save to your Desktop
dds.scr
dds.com


Temporarily disable any script blocker if your Anti-Virus/Anti-Malware has it.
How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Once downloaded you can disconnect from the Internet and disable your Ant-Virus temporarily if needed.
Then double click dds.scr or dds.com to run the tool.
Click the Run button if prompted with an Open File - Security Warning dialog box.
A black DOS console should open and run for a moment.
  • When done, DDS will open two (2) logs:
  • DDS.txt
  • Attach.txt
  • Save both reports to your desktop
  • Please include the following logs in your next reply: DDS.txt and Attach.txt
    You can ignore the note about zipping the Attach.txt file in most cases.


Thanks

Ron Lewis
Forum Community Manager

staff.png

Follow us: Twitter, Become a fan: Facebook


#4 Firefox

Firefox

    Forum Deity

  • Trusted Advisors
  • PipPipPipPipPipPip
  • 10,041 posts
  • Gender:Male
  • Location:USA

Posted 11 June 2013 - 03:31 PM

EDIT:

Sorry Ron beat me to it.....

post-2065-0-92797800-1392234217.jpg


Dell Precision T7500, Win7 Ultimate 64bit fully updated, McAfee Corp Edition v8.8,
Watchguard Firewall, Intel Xeon E5606CPU, Dual Quad Core Processors, 16GB Ram,
E5606 @ 2.13GHz, Nvidia Quadro NVS420, Raid-1 Dual 1TB Sata 10000 rpm Hard Drives
Dual DVD Burners, IE10, Opera, MBAM, MBSB, MBAE


#5 DaRajunCajun

DaRajunCajun

    New Member

  • Members
  • Pip
  • 16 posts
  • Gender:Male

Posted 12 June 2013 - 08:20 AM

Thanks. I will try those suggestions as soon as I get done scannig this beast for viruses.

#6 Firefox

Firefox

    Forum Deity

  • Trusted Advisors
  • PipPipPipPipPipPip
  • 10,041 posts
  • Gender:Male
  • Location:USA

Posted 12 June 2013 - 08:57 AM

Great, we will wait on the logs so we can see what's going on..

post-2065-0-92797800-1392234217.jpg


Dell Precision T7500, Win7 Ultimate 64bit fully updated, McAfee Corp Edition v8.8,
Watchguard Firewall, Intel Xeon E5606CPU, Dual Quad Core Processors, 16GB Ram,
E5606 @ 2.13GHz, Nvidia Quadro NVS420, Raid-1 Dual 1TB Sata 10000 rpm Hard Drives
Dual DVD Burners, IE10, Opera, MBAM, MBSB, MBAE


#7 DaRajunCajun

DaRajunCajun

    New Member

  • Members
  • Pip
  • 16 posts
  • Gender:Male

Posted 13 June 2013 - 09:36 AM

So I uninstalled Malware Bytes with Revo unistaller, reboot, run the mbamclean tool, reboot, reinstall and still IP protection fails. I have installed this on another machine and it had no problems.. It's got me scratching my head for sure. I hope we can fix this quickly. I am attaching all the logs to this post.

Attach.txt, dds.txt and CheckResults.txt are attached.

Attached Files



#8 Firefox

Firefox

    Forum Deity

  • Trusted Advisors
  • PipPipPipPipPipPip
  • 10,041 posts
  • Gender:Male
  • Location:USA

Posted 13 June 2013 - 09:49 AM

Thanks for posting those logs so we could take a look at them. I have reviewed your logs, and there is quite a bit of issues going on with this computer. It could be that its due to an infection, previous infections, or some hardware/software conflicts. Its going to require some work that we can not do in this section of the forum, please see below for instructions on how to get this all fixed up.

Being that you are probably infected, feel free to follow the instructions below to receive free, one-on-one expert assistance in checking your system and clearing out any infections and correcting any damage done by the malware.

Please see the following pinned topic which has information on how to get help with this: Available Assistance for Possibly Infected Computers

Thank you

post-2065-0-92797800-1392234217.jpg


Dell Precision T7500, Win7 Ultimate 64bit fully updated, McAfee Corp Edition v8.8,
Watchguard Firewall, Intel Xeon E5606CPU, Dual Quad Core Processors, 16GB Ram,
E5606 @ 2.13GHz, Nvidia Quadro NVS420, Raid-1 Dual 1TB Sata 10000 rpm Hard Drives
Dual DVD Burners, IE10, Opera, MBAM, MBSB, MBAE


#9 AdvancedSetup

AdvancedSetup

    Staff

  • Root Admin
  • PipPipPipPipPipPip
  • 41,245 posts
  • Gender:Male
  • Location:US

Posted 13 June 2013 - 10:29 AM

Just a note that the logs show signs of possibly being infected with the ZeroAccess rootkit. Your help will attempt to clean the computer but it is possible that they may not be able to undo all of the damage done by this infection but work with them and they'll do their best to assist you.

Ron Lewis
Forum Community Manager

staff.png

Follow us: Twitter, Become a fan: Facebook


#10 DaRajunCajun

DaRajunCajun

    New Member

  • Members
  • Pip
  • 16 posts
  • Gender:Male

Posted 13 June 2013 - 10:32 AM

Zero Access.. That makes sense because windows update isn't running. Background Intelligent Transfer Service isn't running. I've had trouble getting to some Microsoft Sites. Would you recommend MBAR? or some other rootkit remover?

#11 AdvancedSetup

AdvancedSetup

    Staff

  • Root Admin
  • PipPipPipPipPipPip
  • 41,245 posts
  • Gender:Male
  • Location:US

Posted 13 June 2013 - 10:36 AM

I would highly recommend allowing one of the trained helpers help you with this. This is an advanced rootkit that has some new vectors that if you're not careful can cause even more damage trying to remove it (some new booby traps to thwart its removal). There is no cost to have someone help you aside from the back and forth time involved but in the end if you're trying to avoid a complete rebuild of the computer it's probably the best route to take.

Ron Lewis
Forum Community Manager

staff.png

Follow us: Twitter, Become a fan: Facebook


#12 DaRajunCajun

DaRajunCajun

    New Member

  • Members
  • Pip
  • 16 posts
  • Gender:Male

Posted 13 June 2013 - 10:45 AM

I really need to get this machine cleaned so I can get back to work with it. I've got it on an isolated network and I'm using a backup computer with XP.. I went from Porche to Yugo.. LOL

#13 DaRajunCajun

DaRajunCajun

    New Member

  • Members
  • Pip
  • 16 posts
  • Gender:Male

Posted 13 June 2013 - 12:35 PM

Do I need to post in the help I'm infected forum to get help with this Zero Access Rootkit or are they working behind the scenes on a solution?

#14 AdvancedSetup

AdvancedSetup

    Staff

  • Root Admin
  • PipPipPipPipPipPip
  • 41,245 posts
  • Gender:Male
  • Location:US

Posted 13 June 2013 - 01:01 PM

Please post your logs as explained here Available Assistance for Possibly Infected Computers and post a new topic in the other listed forum and someone will assist you.

Basically post a new one here with your logs
http://www.malwareby...php?showforum=7

Thanks

Ron Lewis
Forum Community Manager

staff.png

Follow us: Twitter, Become a fan: Facebook


#15 DaRajunCajun

DaRajunCajun

    New Member

  • Members
  • Pip
  • 16 posts
  • Gender:Male

Posted 13 June 2013 - 07:40 PM

Thanks for your help. On a side note Malwarebytes is now working will full protection.. LOL I exited out the protection in the system tray then open Malwarebytes from a desktop shortcut.. Voila it decided to work.. Working on getting the viruses off the work machine on the other forum. Nice to see folks that stand behind their great product.

#16 AdvancedSetup

AdvancedSetup

    Staff

  • Root Admin
  • PipPipPipPipPipPip
  • 41,245 posts
  • Gender:Male
  • Location:US

Posted 13 June 2013 - 07:51 PM

Sounds good. Hope all goes well with the clean up.

I'll go ahead then and close your post here and they'll go ahead and take care of you.

Ron Lewis
Forum Community Manager

staff.png

Follow us: Twitter, Become a fan: Facebook





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users