Jump to content


Photo

Malwarebytes won't install


  • Please log in to reply
18 replies to this topic

#1 SolvitM

SolvitM

    New Member

  • Members
  • Pip
  • 3 posts

Posted 04 January 2009 - 08:20 PM

Hi Guys,

Hope you all had a great Xmas and New Year! Great product!!

First post but have used malwarebytes before.

I have a friends PC that has Spyware Guard 2008 and have attempted to install Malwarebytes but it hangs on the final finishing install. It still appears in the startup group but will not run. The PC also will not boot into safe mode. PC is running XP SP3.

Look forward to hearing from you.

Cheers

#2 GT500

GT500

    Mostly Cantankerous

  • Trusted Advisors
  • PipPipPipPipPipPip
  • 6,251 posts
  • Gender:Male
  • Location:Fortville, IN

Posted 05 January 2009 - 01:41 PM

Download and run a scan with HijackThis, then post the log in a reply.

For we wrestle not against flesh and blood, but against principalities, against powers, and against the worldly governors, the princes of the darkness of this world...


#3 AdvancedSetup

AdvancedSetup

    Staff

  • Root Admin
  • PipPipPipPipPipPip
  • 41,383 posts
  • Gender:Male
  • Location:US

Posted 05 January 2009 - 04:20 PM

Hello and Welcome to Malwarebytes.org

Please read and follow the instructions provided here: Pre- HJT Post Instructions
When ready please post your logs here: Malware Removal - HijackThis Logs

Someone will be happy to assist you further with cleaning your system.

During this scan and cleanup process you should not install any other software unless requested to do so.

#4 OSOK

OSOK

    New Member

  • Members
  • Pip
  • 3 posts
  • Gender:Male
  • Location:Fresno, CA

Posted 06 January 2009 - 10:25 AM

I have just recently run across this malware. It apparently now has some sort of process killer and is disabling several network services at boot up. You can get around the services being disabled by booting into safe mode with networking, however, the process killer is still live and will kill any attempt to install any software, and also will close your web browser whenever you attempt to navigate from the page it opens to. Attaching any kind of external drive while the malware is live will infect the external device. I found this by trying to copy the mbam setup file from a usb key. The key was never accessible on the system, but the system accessed it long enough to infect it. I ended up slaving the drive to copy the mbam setup file to the drive, but then was unable to install even in safe mode. This malware is getting particularly nasty. Is there any type of tool malwarebytes has to offer that can be run from a bootable usb device or a bootable CD? :excl:

#5 Ba'alzemon

Ba'alzemon

    New Member

  • Members
  • Pip
  • 1 posts

Posted 06 January 2009 - 12:05 PM

I have just recently run across this malware. It apparently now has some sort of process killer and is disabling several network services at boot up. You can get around the services being disabled by booting into safe mode with networking, however, the process killer is still live and will kill any attempt to install any software, and also will close your web browser whenever you attempt to navigate from the page it opens to. Attaching any kind of external drive while the malware is live will infect the external device. I found this by trying to copy the mbam setup file from a usb key. The key was never accessible on the system, but the system accessed it long enough to infect it. I ended up slaving the drive to copy the mbam setup file to the drive, but then was unable to install even in safe mode. This malware is getting particularly nasty. Is there any type of tool malwarebytes has to offer that can be run from a bootable usb device or a bootable CD? :excl:

Speaking from my experience, it is blocking the installer and the installed program based on the name of the executable. Simply rename the installer and exectuable and it should run fine. You will also have issues getting it to update until you've cleaned it up a bit. I usually just copy and paste the executable within the same folder which results in "Copy of [mbam.exe/mbam-setup.exe]" which then runs fine. It does the same thing to several other software packages, such as Spybot S&D and AVG Antivirus (sometimes; haven't had a problem with Avira though). I have also seen it block Taskmgr and Regedit in a similar fashion, and the same work around bypasses it.

Ba'alzemon
d#%n typos!

#6 AdvancedSetup

AdvancedSetup

    Staff

  • Root Admin
  • PipPipPipPipPipPip
  • 41,383 posts
  • Gender:Male
  • Location:US

Posted 06 January 2009 - 05:22 PM

The issue is that there are more than one pieces of Malware out there that are frequently updated as well that try to prevent all types of tools from removing it. There is no one single answer/fix for every computer and each requires review to determine how best to clean it.

Ron Lewis
Forum Community Manager

staff.png

Follow us: Twitter, Become a fan: Facebook


#7 OSOK

OSOK

    New Member

  • Members
  • Pip
  • 3 posts
  • Gender:Male
  • Location:Fresno, CA

Posted 06 January 2009 - 07:05 PM

Speaking from my experience, it is blocking the installer and the installed program based on the name of the executable. Simply rename the installer and exectuable and it should run fine. You will also have issues getting it to update until you've cleaned it up a bit. I usually just copy and paste the executable within the same folder which results in "Copy of [mbam.exe/mbam-setup.exe]" which then runs fine. It does the same thing to several other software packages, such as Spybot S&D and AVG Antivirus (sometimes; haven't had a problem with Avira though). I have also seen it block Taskmgr and Regedit in a similar fashion, and the same work around bypasses it.

Ba'alzemon
d#%n typos!


Thanks for the info, I will give that a try next time I run into a computer infected with it.

#8 SolvitM

SolvitM

    New Member

  • Members
  • Pip
  • 3 posts

Posted 06 January 2009 - 07:48 PM

Hi Guys,

Thanks for all the replies.

Since I couldn't get anything to install I have taken out the HDD and slaved it to a system with Malwarebytes installed and am at the moment running. As Malwarebytes finds things Kaspersky also finds the items and deletes.

I will let you know the final outcome.

Cheers

#9 GT500

GT500

    Mostly Cantankerous

  • Trusted Advisors
  • PipPipPipPipPipPip
  • 6,251 posts
  • Gender:Male
  • Location:Fortville, IN

Posted 06 January 2009 - 07:53 PM

Since I couldn't get anything to install I have taken out the HDD and slaved it to a system with Malwarebytes installed and am at the moment running. As Malwarebytes finds things Kaspersky also finds the items and deletes.


Please note that you should run a quick scan with MBAM on the infected system once you get done with the scan of the drive. MBAM is more effective when it's scanning the malware while it's running, which is why they try to keep you from running our software.

For we wrestle not against flesh and blood, but against principalities, against powers, and against the worldly governors, the princes of the darkness of this world...


#10 SolvitM

SolvitM

    New Member

  • Members
  • Pip
  • 3 posts

Posted 06 January 2009 - 08:49 PM

Log file from removal attached.

I will now put the HDD back in the PC and see if I can install Malwarebytes.

Many thanks

Attached Files



#11 AdvancedSetup

AdvancedSetup

    Staff

  • Root Admin
  • PipPipPipPipPipPip
  • 41,383 posts
  • Gender:Male
  • Location:US

Posted 07 January 2009 - 12:54 AM

Please post all LOGS in the HJT forum, not here, and don't attach them unless requested just COPY/PASTE them. Thanks.

#12 elliotmd

elliotmd

    New Member

  • Members
  • Pip
  • 1 posts

Posted 07 January 2009 - 08:45 PM

Hello All,

Unable to install MWB, HJT, etc.
I have had this problem on 2 computers now. The one program that worked for me both times is DrWeb CureIt. Search for it and there are several web sites that host the download.
Also was able to install HJT after the scan and reboot.

There was only one file it found and deleted,
[Scan path] c:\windows\system32\fcdecacbaaacfcccade.dll
c:\windows\system32\fcdecacbaaacfcccade.dll probably infected with DLOADER.Trojan

And deleted on reboot

c:\windows\system32\fcdecacbaaacfcccade.dll - incurable - will be deleted after restart

Then was able to install MWB and anything else!

Hope this was usefull!

Mark

#13 billyd

billyd

    New Member

  • Members
  • Pip
  • 1 posts

Posted 08 January 2009 - 04:45 AM

Speaking from my experience, it is blocking the installer and the installed program based on the name of the executable. Simply rename the installer and exectuable and it should run fine. You will also have issues getting it to update until you've cleaned it up a bit. I usually just copy and paste the executable within the same folder which results in "Copy of [mbam.exe/mbam-setup.exe]" which then runs fine. It does the same thing to several other software packages, such as Spybot S&D and AVG Antivirus (sometimes; haven't had a problem with Avira though). I have also seen it block Taskmgr and Regedit in a similar fashion, and the same work around bypasses it.

Ba'alzemon
d#%n typos!


Ba'alzemon: is an absolute, unmitigated, certifiable YEENYUS! :D I spent about 12 hours trying to fight demons on a Windows XP Sp3 laptop and I was unable to get Malwarebytes to install. I knew it was being blocked, but I tried EVERYTHING except renaming the [darned] executables. Once I used Ba'alzemon's technique Malwarebytes loaded without issue and I was able to find (and vanquish) multiple trojans and spywareguard2008 (among other things). Malwarebytes has saved the day on numerous occasions in my professional and personal lives and the hardest part of my marathon exorcism today was that I couldn't get Malwarebytes to load--I knew if I could get it in the door my old friend would come through.

Thank you Malwarebytes and thank you Ba'alzemon!

Ciao,
BillyD

#14 koke

koke

    New Member

  • Members
  • Pip
  • 2 posts

Posted 08 January 2009 - 10:42 AM

Please post all LOGS in the HJT forum, not here, and don't attach them unless requested just COPY/PASTE them. Thanks.


This method, using Dr. Web Cureit also worked form me when I could not install HijackThis or MBAM. The file it found on the system I am working on was named differently than the previous poster, so obviously the attacking program names the file with random letters on each system.

After spending way too much time on this, MBAM is now finding other infections.

Thanks!

Koke

#15 koke

koke

    New Member

  • Members
  • Pip
  • 2 posts

Posted 08 January 2009 - 10:46 AM

This method, using Dr. Web Cureit also worked form me when I could not install HijackThis or MBAM. The file it found on the system I am working on was named differently than the previous poster, so obviously the attacking program names the file with random letters on each system.

After spending way too much time on this, MBAM is now finding other infections.

Thanks!

Koke


By the way, renaming the installer for MBam did not work in this instance. I had also closely followed all the various instructions in posts above this, and the Dr. Web CureIt finally got me to where I could complete the earlier HiJackThis and Mbam instructions.

This problem originated with the Spyware Guard 2008 infection.
Koke

#16 marcuswyse

marcuswyse

    New Member

  • Members
  • Pip
  • 1 posts

Posted 08 January 2009 - 05:47 PM

Can someone "dumb it down" for me on renaming executables? I can NOT download Malwarebytes on my infected omputer.......PLEASE HELP! I get a error 404 when trying to download. Any help would be much appreciated!
Thanks!
Marcus

#17 AdvancedSetup

AdvancedSetup

    Staff

  • Root Admin
  • PipPipPipPipPipPip
  • 41,383 posts
  • Gender:Male
  • Location:US

Posted 08 January 2009 - 11:53 PM

Hello Marcus and Welcome to Malwarebytes.org

Please read and follow the instructions provided here: Pre- HJT Post Instructions
When ready please post your logs here: Malware Removal - HijackThis Logs

Someone will be happy to assist you further with cleaning your system.

During this scan and cleanup process you should not install any other software unless requested to do so.

#18 OSOK

OSOK

    New Member

  • Members
  • Pip
  • 3 posts
  • Gender:Male
  • Location:Fresno, CA

Posted 09 January 2009 - 05:37 PM

Can someone "dumb it down" for me on renaming executables? I can NOT download Malwarebytes on my infected omputer.......PLEASE HELP! I get a error 404 when trying to download. Any help would be much appreciated!
Thanks!
Marcus

Hey Marcus, sounds like you have the variant similar to the one I saw the other day. Depending upon which variant, you may or may not be able to use a usb drive on the computer. If you can (and be careful because it may infect the drive), then download the malwarebyes install file on another computer and then right-click on it and choose rename. Type in mbytes in place of mbam-setup. Once that is done, you can copy it to a usb drive, and then copy it from there to the infected computer. You will now be able to install malwarebytes, but it most likely will not run after it is installed. If this is the case, you will have to browse the c: drive and go to Program Files, and then MalwareByte's Anti-Malware. Open that folder and you will see a file named mbam that has a red square icon with a white letter "M". Right-click on that file and choose rename. Type in mbytes in place of mbam and click OK. Now double-click the mbytes file and the application will start. It is not actually necessary to use mbytes for the name of the files, you can type anything you want, as long as it isn't the name of a file that this particular variant of the malware is blocking. I hope this helps.

#19 jethro71267

jethro71267

    New Member

  • Members
  • Pip
  • 2 posts

Posted 17 February 2009 - 01:10 PM

Hey everyone, I have recently come accross this problem with malwarebytes. Where it either freezes during the install or will not update. Well I figured a great way to get it to install. First check to see if it installed itsel by going to controll panel and choosing add remove programs. Or look for it in your start programs menu. If in the start, programs menu just put the cursor on it and see if there is an uninstall icon there. if so uninstall it. If not in the start, programs menu check the add remove programs list. If you see it there uninstall it.

Now start the PC in Safe mode, this can be done a few ways. One way I won't tell you ablut because you could damage your machine and I don't want ya pissed at me. A second way is hit f8 when you first start the PC. Just keep hitting the f8 key when you reboot and a screen will appear with safe mode on the top of the list. a third way is to click start, then run, on vista the bottom search bar is run just type in msconfig and hit enter or ok. A box will appear, click on the boot.ini tab, then check the circle that says /safeboot and hit apply and ok. your computer will now automatically start in safe mode. You need to do nothing to change this back, it will do it all on it's own. when you are done in sfe mode just restart and it will start in normal mode all by it self.

Now install malwarebytes in safe mode and run it, it will remove a lot without the updates which the other products can't do. When you are done just restart the PC and get your updates and run it again. This should help most of your problems with the malwarebytes freezing during install. Good Luck and Hope this helps.




1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users