Jump to content

MBAM Scan disinfection crippling computer


Recommended Posts

I downloaded Malwarebytes yesterday, ran a scan and selected the remove selected items option for all the identified infected objects. When my computer restarted, I found that all the shortcuts in my toolbar and start menu are gone. The 'All Programs' list in the start menu has gone. I have tried to open the 'Help and Support' window in the start menu to restore my computer to a point before the scan but when I select the H&S icon, a window appears saying 'Windows cannot create a shortcut here. Do you want the shortcut placed on the desktop instead?'. The consequent shortcut doesn't work. Many other things have been changed.

The only way I can find to access the internet is to select the Support option in my Kaspersky Security Centre which, incidentally, MBAM had switched off.

I kept a copy of the log from the scan which I have attached to this message.

Please Help me to get my computer back to it's former state.

mbam_log_2010_03_07__09_45_51_.txt

Link to post
Share on other sites

Hi storks -

Actually you were lucky to have Malwarebytes installed - I am not qualified as an expert yet, so I will not comment too much -

Also a 4 hour scan is a very long one - You also need to try a Quick Scan to ensure all items were fully removed on reboot -

I do not think MBAM had switched off the Kaspersky Support , as Kaspersky should have identified some of these problems -

Thank You - :P

Link to post
Share on other sites

Hi Noknojon

Thanks for your response. I have tried everything you suggested and performed a quick scan. I was never sent a license, as I only downloaded the free version, so can't set Protection or Register. Nothing has changed and my computer is still in the messed up state to which it was rendered after performing the first disinfection process with MBAM.

The fact is, I still have a big problem which only appeared after downloading MBAM.

The only shortcuts in the start menu that still work are My Pictures, My Music, My Computer although this has lost its name and is just called folder, Control Panel and Connect To. I can't access Set Program Access and Defaults, Help and Support, Search or Run utilities on the right-hand side of the Start menu and there is just a black area on the left-hand side where there were a number of shortcuts previously. Can you suggest any way that I can restore my computer to its former state.

I am beginning to suspect that MBAM has created this situation in order to get me to buy the Full Version. I so hope this isn't true.

I REALLY NEED SOME HELP HERE!

Link to post
Share on other sites

Thats OK storks -

I mentioned in the last posting that you looked very infected still and that was why I said to install a clean fresh copy of the program -

The free version contains all the same definitions as the paid verson so you do have a full copy there - It is that your scan was done with a version about 100 updates behind - It is now over version 3830 so you were well behind -

Yours was Version 3740 at the time you scanned so it must have been there for a month or so - Unless this is Kasperskys version ???-

Link to post
Share on other sites

Hi storks,

Apologies for any undue alarm but we are not a sham outfit.

Please goto MBAM quarantine and select restore all and then reboot the computer.

I am suspecting that MBAM has F/p'ed on a file but because of how we hotlink other associated files/folders/reg keys that this has then caused a cascade of F/p's to follow :P

Please if possible can you generate a developers scan report(details are as follows) and then we can troubleshoot what might have gone wrong.

http://forums.malwarebytes.org/index.php?showtopic=3228

Link to post
Share on other sites

Hi fatdcuk,

Thanks for response.

When I go to Quarantine, there is nothing to restore and, therefore, no Restore All option open. I guess this is because I took the remove infected objects option after the original scan. I can't generate a developers report because the Run facility in the start menu has been disabled along with most of the others. :P

HELP!!!

Link to post
Share on other sites

Hi storks,

Have just realized you have run MBAM clean-up.exe which will have deleted our quarantine so please disreguard last advisal.

Next step is to use System Restore to rollback to restore point prior to the removal run(Time and date is at the top of your MBAM log)

Use System Restore

1.Click Start, point to All Programs, point to Accessories, point to System Tools, and then click System Restore.

2.On the Welcome screen, click Restore my computer to an earlier time, and then click Next.

3.On the Select a Restore Point page, select the date from the calendar that shows the point you'd like to restore(one prior to MBAM scan) to then click Next.

4.On the Confirm Restore Point Selection page, verify that the correct restore point is chosen, and then close any open programs.

5.Click Next if you are ready to proceed or click Back to change the restore point.

6.The computer will shut down automatically and reboot. On reboot, you'll see the Restoration Complete page, and then click OK

Next please update MBAM to its current database,the one you have posted a log for shows that is over 100 updates ago.

Then if you are willing please run a developers scan as directed in my previous post so we can troubleshoot what went wrong for you.

Thanks for any help you can render on this :P

Link to post
Share on other sites

Hi fatdcuk,

It ain't getting any better.The All Programs field is also disabled so won't open the window. I usually initiate a System Restore via the Help and Support icon in the Start menu but this doesn't work either. I don't know how else I can navigate to it. I have tried everything I can find in Control Panel and in Program Files. :P

Thanks for your continuing, hopefully, support.

Link to post
Share on other sites

Hi storks,

Ok next angle of attack being to manually run System Restore by its loading executable file.

C:\WINDOWS\system32\Restore\rstrui.exe

This file will be hidden by default OS settings so you will have to unhide protected system files and hidden files inorder to make it visible by manually navigating to its folder and then running/clicking on the excutable file to run from there.

http://www.microsoft.com/windowsxp/using/h...iddenfiles.mspx

You will need to uncheck *hide hidden files* and also *protected system files* and then apply inorder to then use Explorer to navigate to the folder and run the executable file listed above.

Link to post
Share on other sites

Hi fatdcuk,

I ran a System Restore which I accessed via the Windows key + r and typing the code into the Run window, as advised in the Kaspersky forum, from where I was first advised to use your product. My system is back to its old self minus the threats MBAM identified of course.

I am willing to provide a report from a developers scan, but when I enter the code, a window appears saying Windows cannot find mbam.exe. I have updated to the latest version of MBAM. So what now?

Thanks for your help so far and I fully accept that you are not a sham setup and apologies for my earlier, albeit only slight, suspicion. :P

Link to post
Share on other sites

Hi storks,

Im glad the damage has been undone and can fully understand and apologise for the anxiety caused.

Maybe before Ndev scan is just to run a standard current quick scan and post back the results(This time do not ask MBAM to remove the detected items at the end of the scan).

Thanks in advance :P

Link to post
Share on other sites

Hi fatdcuk,

I have attached a copy of the logfile which I saved from the scan but this is no different from the logfile I posted in my first post except it contains 2 fewer objects, presumably because it was a quick scan. I don't see how this will provide any further useful information than you have already but here it is anyway.

Thanks for your support.

mbam_log_2010_03_08__00_32_56_.txt

Link to post
Share on other sites

Thanks storks -

The developers can now fully diagnose the fresh report and will soon reply back with their opinions - It is better as it is the latest updates -

Please remember to check for updates on any Anti-virus or Anti-malware program prior to running it -

Thank You - :P

Link to post
Share on other sites

Hi storks,

Derfinetly going to need a developers scan report as update to current database has not unclouded things.

I will be PM'ing you a file shortly to force MBAM into developer mode.

I just need to make sure MBAM is installed into its default folder and not in a custom folder

Default install folder>>

C:\Program Files\Malwarebytes' Anti-Malware

Thanks in advance again and your patience :P

Link to post
Share on other sites

Hi storks,

We have identified the GUID value causing the cascade of detections of your computer.

As of database update 3837 we will remove the signature for it.

Please when this update is installed rerun developers quick scan to confirm that we no longer detecting the Hijacks.

On a sidenote looking at the GUID value that has caused the cascade problem when googled can only be found in association with malware.

So we are not convinced that GUID signature is a true false postive(and would advise taking further steps to confirm that your PC is not infected or at least you do not have a patched system file onboard).

The subsequent linked detections however as a result of that one signature has forced MBAM to attack legitimate items(which are confirmed F/p detections).

Thanks again for your assistance on this :P

Link to post
Share on other sites

Hi fatdcuk,

I performed a dqs with updated MBAM and the number of detections is drastically reduced. I've attached the logfile.

If you consider that my computer could still be infected, can you advise me as to the action I can take to verify one way or the other.

Incidentally, the reason I first got involved here was because I was using the Kaspersky forum to try to get rid of a suspected dialer, which has been sitting in "My Computer" for several years. It is called "Connessione Predefinita" and seems to to be very difficult to be rid of, having googled it. I understand that it does not pose a threat as long as I am using an ADSL Router to connect to the internet, but I would like to remove it from my computer. Any ideas?

Thanks again for your continuing attention and work to and on my case.

Link to post
Share on other sites

Hi storks,

Great have now stopped targeting the legitimate entries and still hitting the malware GUID.

First off can you allow MBAM to remove what it finds,reboot and then recheck that nothing has broken as before.

Once we done that we can then take use a few more tools to see if if any undetected malware is on the computer :P

Link to post
Share on other sites

Hi storks,

Im gonna move this topic in the HJT/malware removal forum to continue this session :)

  • Download DDS and save it to your desktop from
here or here or here
Disable any script blocker, and then double click dds.scr to run the tool.

  • When done, DDS will open two (2) logs
    • DDS.txt

    • Attach.txt

    [*]
    Save both reports to your desktop.

Please copy and paste both logs generated into a reply :)

Link to post
Share on other sites

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.