Jump to content


Photo

New morphed edition of Security Tools, Mbam isnt fixing


  • This topic is locked This topic is locked
25 replies to this topic

#21 xiceeeex

xiceeeex

    New Member

  • Members
  • Pip
  • 2 posts

Posted 22 October 2009 - 02:18 AM

Does anyone know a solution for this? I got this infection and really need help. Any help or input is deeply appreciated. Thanks, links on bottom.
http://www.malwareby...showtopic=28577

Thanks again.

#22 IT Expert

IT Expert

    Advanced Member

  • Honorary Members
  • PipPipPip
  • 105 posts
  • Gender:Male
  • Location:Portland Oregon
  • Interests:Infection Detection & Removal, Developing & Programming of websites, Helping solve computer issues, American Muscle Cars, Big Block Chevys, Computer Gaming, Battlefield 2

Posted 22 October 2009 - 02:57 AM

new problem: http://www.nicklocka...mboFixVirut.bmp

No way to run combofix, and tried to rename file to.

When I try and run sfc /purgecache it seems to work, but when i try and do a sfc /scannow the window just flash real quick and goes away before I can even see the scan. I have even tried to run the commands using dialafix with the same issues.

Malwarebytes is still missing the kbnet.dll is there anything else I can do
Malwarebytes Reseller

#23 IT Expert

IT Expert

    Advanced Member

  • Honorary Members
  • PipPipPip
  • 105 posts
  • Gender:Male
  • Location:Portland Oregon
  • Interests:Infection Detection & Removal, Developing & Programming of websites, Helping solve computer issues, American Muscle Cars, Big Block Chevys, Computer Gaming, Battlefield 2

Posted 22 October 2009 - 03:51 AM

i was able to tell it to do a sfc /scanonce and on the startup its finally doing a scan, cant wait to see if that helps.

Another issues im seeing is data execution prevention error popups for i think the file is called logonui or something like that, going to have to try and shut that feature off for now i imagen
Malwarebytes Reseller

#24 Jaxryley

Jaxryley

    Forum Deity

  • Malware Hunters
  • PipPipPipPipPipPip
  • 6,718 posts
  • Gender:Male
  • Location:West Aussie
  • Interests:Gardening and computers.

Posted 22 October 2009 - 04:50 AM

Well I've run every installer for Security Tool I have and MBAM seems to start and delete this rogue no probs.

If anyone has the installer could you upload here or share site please.

Windows Police Pro seems to match more closely to what this rogue disables. :lol:

#25 IT Expert

IT Expert

    Advanced Member

  • Honorary Members
  • PipPipPip
  • 105 posts
  • Gender:Male
  • Location:Portland Oregon
  • Interests:Infection Detection & Removal, Developing & Programming of websites, Helping solve computer issues, American Muscle Cars, Big Block Chevys, Computer Gaming, Battlefield 2

Posted 22 October 2009 - 06:12 AM

I know it had both rogues, also this thing keeps dropping it, the damn this has this bot kbdnet.dll which is sticking it back on, I know security tools is still trying to stay alive because of the names of the keys in the registry, I have ran a few tools that are suppost to take down the virut worm, but no luck so far...
Malwarebytes Reseller

#26 Fatdcuk

Fatdcuk

    Malware BBQ'er

  • Moderators
  • PipPipPipPipPipPip
  • 20,543 posts
  • Gender:Male
  • Location:127.0.0.1

Posted 22 October 2009 - 07:52 AM

Ok folks let call order on this topic,

RogueNet is for uploading.sharing new undetected malware(s) for analysis and is not a removal forum persay when the fix's are failing due to malware borking the tools.

Malwarebytes is still missing the kbnet.dll is there anything else I can do


IT Expert i now have the file from your download link many thanks!

I will examine it and if signature is required i will then add in the next few hours.

Just for future reference should you continue assisting,all i would have needed to see was the bot file and any support data appertaining to that bot(e.g load entry+filepath)

The MBAM log and full HJT logs are not required for me to examine a file or write a signature for it.

Also just reminding you MBAM will not flush O20 - AppInit_DLLs: data values.

You need to confirm whether the file(s) that the data value(s) points to is infact still on the PC because it is quite possible the file (s) might have already been unloaded and just the *load* value persists.

Thanks for your understanding :lol:
Ade Gill
Research Engineer

Posted Image

Follow us: Twitter, Become a fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users