Jump to content


Photo
* * * * * 1 votes

MB won't run(Fix)


  • Please log in to reply
No replies to this topic

#1 Fatdcuk

Fatdcuk

    Malware BBQ'er

  • Moderators
  • PipPipPipPipPipPip
  • 20,543 posts
  • Gender:Male
  • Location:127.0.0.1

Posted 19 March 2009 - 08:17 PM

Hi all,

Symptoms are very obvious. Fake alert screens,fake security software activity and browser Hijacking.

Posted Image

Recent variants of Total Security have been blocking MBAM from running and subsequently preventing the software from detecting and removing it B)

It dose this by terminating the process(mbam.exe) when it is loaded into memory inorder to run.

Inorder to get MBAM to run we will need to turn the tables on Total Security and kill's its active process first!

This can be done very easily by the following walkthrough :)

Download ProcessExplorer and install.Please use only as directed*
http://technet.micro...s/bb896653.aspx

We need to identify which is the Total Security entry....very easy at the moment as it is tsc.exe and the little shield icon is a give away should they change the name of the .exe file.

Next up goto the entry tsc.exe in Process Explorer main window by hovering your mouse pointer over it.
When there use right click on your mouse to select it next choose kill process and then confirm(yes).

Posted Image


Finally update and run quickscan with MBAM and Total Security will be no more :)

We hope our application has helped you eradicate this malicious Malware.
If your current anti-virus solution let this infection through please consider purchasing the PRO version of Malwarebytes' Anti-Malware for additional protection against these types of malware.


Disclaimer to the more learned readers-

Taskmanager can also be used to terminate tsc.exe but in some of the installs of this rogue then TM has been disabled by the infection.Hence why the use of imported Process Explorer :(
Ade Gill
Research Engineer

Posted Image

Follow us: Twitter, Become a fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users