Jump to content


Photo
* * * * * 2 votes

MBAM won't run(Fix)


  • Please log in to reply
No replies to this topic

#1 Fatdcuk

Fatdcuk

    Malware BBQ'er

  • Moderators
  • PipPipPipPipPipPip
  • 20,543 posts
  • Gender:Male
  • Location:127.0.0.1

Posted 15 June 2009 - 07:35 PM

Hi all,

Newer variants of this malware have become more inventive in how they stay installed on machines by attacking all cleaning softwares/tools so they do not run.

In fact the malware only allows certain core system components to run and your browser.

Everything else is flagged by the software as infected and blocked from running.

The truth is they are not infected and the malware is in fact the software that is causing the issue's and trying to get you to buy it in order to remove the problem.

Symptoms are very obvious and if it is installed there is no escaping the raft of fake alerts generated by the software and the fact that virtually all your other software are no longer able to run.

Posted Image

The fix(s) :)

If you already have MBAM installed on your computer.
Please navigate to the MBAM folder located in the Program Files directory.

Locate MBAM.exe and rename it to winlogon.exe

Once renamed double click on the file to open MBAM and select Quick Scan

At the end of the scan allow MBAM to remove what it had found then reboot.

Goodbye SystemSecurity :)

If MBAM is not installed

Download the following file and save to your desktop.
http://live.sysinter...com/procexp.exe

Rename the file to winlogon.exe and the run it.

Posted Image

Inorder to get MBAM installed you will need to identify and terminate/kill the SystemSecurity process.
As you see from the screenshot it very easily identified by its shield icon and use of random numbers for its executable. eg 1234567.exe 638476435.exe 453732.exe and the list goes on.

Highlight the shield icon/random.exe line and rightclick and select kill process.

Posted Image

SystemSecurity will no longer be active in memory but is still installed so best let MBAM rip it good and proper :)

  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:
  • Launch Malwarebytes' Anti-Malware
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad and if required the program will ask you to reboot to remove locked files.

Reboot and byebye SystemSecurity :)

We hope our application has helped you eradicate this malicious Malware.
If your current anti-virus solution let this infection through please consider purchasing the PRO version of Malwarebytes' Anti-Malware for additional protection against these types of malware.


**Subnote**

If after removing System Security you are experiencing MBAM finding Trojan.Agent and Rootkit.Trace but it is failing to remove them then you have been infected with a blended(multiple) infection and also have the CLB WinNT/Alureon rootkit active on your computer.

Here is the canned fix/solution for removing that rootkit>>>
http://www.malwareby...showtopic=12709
Ade Gill
Research Engineer

Posted Image

Follow us: Twitter, Become a fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users