EddieP

MBAM will not run

28 posts in this topic

HELP! I wasn't sure which forum to pick for this, but I got the "antivirus 2009" bug on my PC and nothing, I mean nothing has been able to get rid of it, INCLUDING Malwarebytes! I downloaded it from a "clean" PC on a flash disk, installed it to the infected PC and it will not run, won't start up/open. The "bug" will not allow me to use any software I've tried nor will it allow me access to any website which might have an online scanner.

I'm ready to wipe out Windows and start fresh; please help!

EddieP

Share this post


Link to post
Share on other sites

Hello Eddie and Welcome to Malwarebytes

Please try the following routine to see if you can get Malwarebytes to run.

  • Click on
    Start
    , click
    Run
    , and then type
    devmgmt.msc
    and click OK
  • On the
    View
    menu click on
    Show hidden devices

  • Browse to
    Non-Plug and Play Drivers
    and you should see something like
    TDSSserv.sys

  • Highlight that driver and right click on it and select
    DISABLE

  • Now
    RESTART
    your computer.

  • Download a copy of
    Malwarebytes
    but
    DO NOT
    run it yet.

  • Rename the downloaded installer file to any generic name such as your own name but keep the
    .EXE
    extension on the file and run it.

  • Once the program is installed go to the
    UPDATE
    tab and try to update the program if you can.

  • Then go to the
    SCANNER
    tab and run a
    Quick Scan
    and allow MBAM to fix anything found.

If that does work then please follow the routine below and post a new topic in the listed forum with the requested information.

Please read and follow the instructions provided here: Pre- HJT Post Instructions

When ready please post your logs here: Malware Removal - HijackThis Logs

Someone will be happy to assist you further with cleaning your system.

During this scan and cleanup process you should not install any other software unless requested to do so.

Share this post


Link to post
Share on other sites

Advanced Seup, you are a saviour!

I followed your directions and I was able to run ALL scans and it appears I have gotten rid of "antivirus 2009" Thank you so much. I was minutes away from doing a complete re-install of Windows until I checked the forum and found your reply. I am working on posting the logs from the scans as the links states.

Thanks so much,

Eddie P

Share this post


Link to post
Share on other sites

Absolutely BRILLIANT!! I spent hours today pulling my hair out trying to figure out why my wife's machine (our only PC) would not update her anti-virus, nor even browse to their sites - while the Macs could (on the same network).

I finally ran across a review of Malware Bytes and could not get it to run. AdvancedSetup's directions worked PERFECTLY and her machine is working again! THANKS! :D

Share this post


Link to post
Share on other sites

That's good news that you got it working. Just a note though that many times an infected system is not 100% cleaned by a single run of any tool. It would be a good idea to run the following routine to ensure your system is clean.

Please read and follow the instructions provided here: Pre- HJT Post Instructions

When ready please post your logs here: Malware Removal - HijackThis Logs

Someone will be happy to assist you further with cleaning your system.

During this scan and cleanup process you should not install any other software unless requested to do so.

Share this post


Link to post
Share on other sites
That's good news that you got it working. Just a note though that many times an infected system is not 100% cleaned by a single run of any tool. It would be a good idea to run the following routine to ensure your system is clean.

Please read and follow the instructions provided here: Pre- HJT Post Instructions

When ready please post your logs here: Malware Removal - HijackThis Logs

Someone will be happy to assist you further with cleaning your system.

During this scan and cleanup process you should not install any other software unless requested to do so.

yea thanks AdvancedSetup I had the same problem, i couldn't update any of my anti virus, after i disable the TSS i was able to..and installed free version of malwarebytes. Thanks very much...

Share this post


Link to post
Share on other sites
Hello Eddie and Welcome to Malwarebytes

Please try the following routine to see if you can get Malwarebytes to run.

  • Click on
    Start
    , click
    Run
    , and then type
    devmgmt.msc
    and click OK

  • On the
    View
    menu click on
    Show hidden devices

  • Browse to
    Non-Plug and Play Drivers
    and you should see something like
    TDSSserv.sys

  • Highlight that driver and right click on it and select
    DISABLE

  • Now
    RESTART
    your computer.

  • Download a copy of
    but
    DO NOT
    run it yet.

  • Rename the downloaded installer file to any generic name such as your own name but keep the
    .EXE
    extension on the file and run it.

  • Once the program is installed go to the
    UPDATE
    tab and try to update the program if you can.

  • Then go to the
    SCANNER
    tab and run a
    Quick Scan
    and allow MBAM to fix anything found.

If that does work then please follow the routine below and post a new topic in the listed forum with the requested information.

Please read and follow the instructions provided here: Pre- HJT Post Instructions

When ready please post your logs here: Malware Removal - HijackThis Logs

Someone will be happy to assist you further with cleaning your system.

During this scan and cleanup process you should not install any other software unless requested to do so.

I've been running myself insane for the past three hours. Every helpful website I attempted to go to could not be found. I was able to download your software from download.com but it would not execute. Finally I decided to disconnect from the net *just until I knew what it was* and run a virus scan. I also came to this website on my treo 800 and found your fix. IT WORKS!!!!!!!!!!!!!!!! Thanks so much!!! :huh: I'm a happy camper now :-)

Share this post


Link to post
Share on other sites

Hello Queen Kiesha and welcome to the forum. I'm glad the fix worked for you, but I would highly recommend following the remainder of AdvancedSetup's instructions to make sure you are clean. Basically it consists of doing some scans and posting some logs so one of the experts here can review them to make sure there are no other infections or issues that might have been missed, and if there are, then they will instruct you step by step on what to do to clean it up. Just remember, if you do decide to do the scans, don't install or run any other tools/fixes/scanners etc except those that the expert that works with you instructs you to. Good luck and safe surfing.

Share this post


Link to post
Share on other sites
Hello Eddie and Welcome to Malwarebytes

Please try the following routine to see if you can get Malwarebytes to run.

  • Click on
    Start
    , click
    Run
    , and then type
    devmgmt.msc
    and click OK

  • On the
    View
    menu click on
    Show hidden devices

  • Browse to
    Non-Plug and Play Drivers
    and you should see something like
    TDSSserv.sys

  • Highlight that driver and right click on it and select
    DISABLE

  • Now
    RESTART
    your computer.

  • Download a copy of
    but
    DO NOT
    run it yet.

  • Rename the downloaded installer file to any generic name such as your own name but keep the
    .EXE
    extension on the file and run it.

  • Once the program is installed go to the
    UPDATE
    tab and try to update the program if you can.

  • Then go to the
    SCANNER
    tab and run a
    Quick Scan
    and allow MBAM to fix anything found.

If that does work then please follow the routine below and post a new topic in the listed forum with the requested information.

Please read and follow the instructions provided here: Pre- HJT Post Instructions

When ready please post your logs here: Malware Removal - HijackThis Logs

Someone will be happy to assist you further with cleaning your system.

During this scan and cleanup process you should not install any other software unless requested to do so.

OK I am convinced I need to have all my clients purchase the full version, you guys rock.

After spending so much time trying to install and fix, you folks do this in minutes.

Thanks,

Scott

Share this post


Link to post
Share on other sites
OK I am convinced I need to have all my clients purchase the full version, you guys rock.

After spending so much time trying to install and fix, you folks do this in minutes.

Thanks,

Scott

**EDITED**

I just purchased this and think it is one of the best on the market to date.....

Share this post


Link to post
Share on other sites
Hello Eddie and Welcome to Malwarebytes

Please try the following routine to see if you can get Malwarebytes to run.

  • Click on
    Start
    , click
    Run
    , and then type
    devmgmt.msc
    and click OK

  • On the
    View
    menu click on
    Show hidden devices

  • Browse to
    Non-Plug and Play Drivers
    and you should see something like
    TDSSserv.sys

  • Highlight that driver and right click on it and select
    DISABLE

  • Now
    RESTART
    your computer.

  • Download a copy of
    but
    DO NOT
    run it yet.

  • Rename the downloaded installer file to any generic name such as your own name but keep the
    .EXE
    extension on the file and run it.

  • Once the program is installed go to the
    UPDATE
    tab and try to update the program if you can.

  • Then go to the
    SCANNER
    tab and run a
    Quick Scan
    and allow MBAM to fix anything found.

If that does work then please follow the routine below and post a new topic in the listed forum with the requested information.

Please read and follow the instructions provided here: Pre- HJT Post Instructions

When ready please post your logs here: Malware Removal - HijackThis Logs

Someone will be happy to assist you further with cleaning your system.

During this scan and cleanup process you should not install any other software unless requested to do so.

Hi ! Thanks for the help...My problem started with not being able to defragment my computer, then finding out that i have a trojan Fakealert that keeps coming back even after using my spyware security, and when i restart the computer trojan is back again....to not being able to install ur anti-malware ( finally found out that everytime i download the program it would be a ewf file instead of exe) thats why it wont install....but finally, i got to install the program and ran it and found 20 items infected! i deleted them and now my defragmenter is running !!!!!

My question is tho......i followed ur instructions and disabled TDSSserv.sys in my device manager before i installed anti-malware....now that its working, should i enable it again? or just leave it disbaled? I notice that theres a yellow exclamation point beside it and it says something not installed or its not working properly....is that normal? or should i do something else? thanks!

Share this post


Link to post
Share on other sites

You should actually uninstall/delete it as it's only a piece of malware and has no legitimate use and should not be on your system.

Share this post


Link to post
Share on other sites

ok same basic problem except, I had to rename the file in ordewr to install and now it crashes when I try to start it.

windows detsild when i try to start up MBAM

Problem signature:

Problem Event Name: APPCRASH

Application Name: mbam.exe

Application Version: 1.30.0.0

Application Timestamp: 48ff95f7

Fault Module Name: mbam.exe

Fault Module Version: 1.30.0.0

Fault Module Timestamp: 48ff95f7

Exception Code: 80000003

Exception Offset: 00002e04

OS Version: 6.0.6001.2.1.0.768.3

Locale ID: 4105

Additional Information 1: 9642

Additional Information 2: ae4d667f021e2f38615b5829d1b89b9c

Additional Information 3: 3a6f

Additional Information 4: 17dd2b4527b7da8865701b6c324ab79e

whats wrong

Share this post


Link to post
Share on other sites
ok same basic problem except, I had to rename the file in ordewr to install and now it crashes when I try to start it.

windows detsild when i try to start up MBAM

Problem signature:

Problem Event Name: APPCRASH

Application Name: mbam.exe

Application Version: 1.30.0.0

Application Timestamp: 48ff95f7

Fault Module Name: mbam.exe

Fault Module Version: 1.30.0.0

Fault Module Timestamp: 48ff95f7

Exception Code: 80000003

Exception Offset: 00002e04

OS Version: 6.0.6001.2.1.0.768.3

Locale ID: 4105

Additional Information 1: 9642

Additional Information 2: ae4d667f021e2f38615b5829d1b89b9c

Additional Information 3: 3a6f

Additional Information 4: 17dd2b4527b7da8865701b6c324ab79e

whats wrong

Share this post


Link to post
Share on other sites
Hello Eddie and Welcome to Malwarebytes

Please try the following routine to see if you can get Malwarebytes to run.

  • Click on
    Start
    , click
    Run
    , and then type
    devmgmt.msc
    and click OK

  • On the
    View
    menu click on
    Show hidden devices

  • Browse to
    Non-Plug and Play Drivers
    and you should see something like
    TDSSserv.sys

  • Highlight that driver and right click on it and select
    DISABLE

  • Now
    RESTART
    your computer.

  • Download a copy of
    but
    DO NOT
    run it yet.

  • Rename the downloaded installer file to any generic name such as your own name but keep the
    .EXE
    extension on the file and run it.

  • Once the program is installed go to the
    UPDATE
    tab and try to update the program if you can.

  • Then go to the
    SCANNER
    tab and run a
    Quick Scan
    and allow MBAM to fix anything found.

If that does work then please follow the routine below and post a new topic in the listed forum with the requested information.

Please read and follow the instructions provided here: Pre- HJT Post Instructions

When ready please post your logs here: Malware Removal - HijackThis Logs

Someone will be happy to assist you further with cleaning your system.

During this scan and cleanup process you should not install any other software unless requested to do so.

Ok, here's something new for you, guys...

I'm repairing a laptop for this one guy.

He had antivirus2009 and tdss on it.

When I go to Device Manager and set Show Hidden devices I can see TDSSServ in there, BUT... when I right click, it does NOT have the "Disable" option. It is a Windows Vista 32 OS.

Another thing is that no spyware removal tool can be ran on this pc EVEN in SAFE mode. I've tried Spybot, HijackThis, and Malwarebytes. Malwarebytes won't even start installing (I DID rename it to some weird name before starting).

Same thing with HijackThis - will not install no matter what

Spybot will install, but can't start even in safe mode.

How do you like this situation? Any suggestions or ideas? I'm about ready to give up...:-(((

This might be a new version of TDSS or something.

Share this post


Link to post
Share on other sites

Could be, or it could be related to the fact that it's on Vista. You can try running an offline scan with Avira's bootable rescue disc referred to in this post by AdvancedSetup: http://www.malwarebytes.org/forums/index.p...ost&p=36254 See if it won't remove the driver for you, if not then you can use bart's or something similar, basically anything that can be used to delete a file from the drive with Windows offline, even slaving the drive to another pc, then delete TSSServ.sys from the System32\Drivers folder because that driver is what's preventing tools from loading.

Share this post


Link to post
Share on other sites

same same

vista home premium

antiviruspro2009 rouge from computer on same network

nothing works right

also I deleted TSS

installed MBAM except when the install was about to finish I get

Aplication Crash

Problem signature:

Problem Event Name: APPCRASH

Application Name: mbam.exe

Application Version: 1.31.0.0

Application Timestamp: 49373593

Fault Module Name: mbam.exe

Fault Module Version: 1.31.0.0

Fault Module Timestamp: 49373593

Exception Code: 80000003

Exception Offset: 00002e2c

OS Version: 6.0.6001.2.1.0.768.3

Locale ID: 4105

Additional Information 1: 9642

Additional Information 2: ae4d667f021e2f38615b5829d1b89b9c

Additional Information 3: abc7

Additional Information 4: 7511e66c981afa5e7cfb3dab899d9233

I have been infected since 11-18-08

Share this post


Link to post
Share on other sites
same same

vista home premium

antiviruspro2009 rouge from computer on same network

nothing works right

also I deleted TSS

installed MBAM except when the install was about to finish I get

Aplication Crash

Problem signature:

Problem Event Name: APPCRASH

Application Name: mbam.exe

Application Version: 1.31.0.0

Application Timestamp: 49373593

Fault Module Name: mbam.exe

Fault Module Version: 1.31.0.0

Fault Module Timestamp: 49373593

Exception Code: 80000003

Exception Offset: 00002e2c

OS Version: 6.0.6001.2.1.0.768.3

Locale ID: 4105

Additional Information 1: 9642

Additional Information 2: ae4d667f021e2f38615b5829d1b89b9c

Additional Information 3: abc7

Additional Information 4: 7511e66c981afa5e7cfb3dab899d9233

I have been infected since 11-18-08

Please read the instructions here: http://www.malwarebytes.org/forums/index.php?showtopic=2936 and post your logs in a new topic here: http://www.malwarebytes.org/forums/index.php?showforum=7 Just do as much of the scans as you can, and if you can't get any of them to work, I would still post in there describing your issues and errors and one of the experts should be able to help you out.

Please be sure not to install any software or use any removal/scanning tools exept those that you are instructed to by the expert who will be assisting you as doing so can make their job much more difficult. I hope I was helpful. Good luck and safe surfing.

Share this post


Link to post
Share on other sites

I posted and still no answers

I am the only person in the world who owns vista home premium

MBAM DES NOT FINISH THE INSTALL.........................................................................

.................

Share this post


Link to post
Share on other sites

with or without this tdss thing running i cannot install MBAM or spybot

MBAM INSTALL DIALOGUE

Problem signature:

Problem Event Name: APPCRASH

Application Name: mbam.exe

Application Version: 1.31.0.0

Application Timestamp: 49373593

Fault Module Name: mbam.exe

Fault Module Version: 1.31.0.0

Fault Module Timestamp: 49373593

Exception Code: 80000003

Exception Offset: 00002e2c

OS Version: 6.0.6001.2.1.0.768.3

Locale ID: 4105

Additional Information 1: 9642

Additional Information 2: ae4d667f021e2f38615b5829d1b89b9c

Additional Information 3: abc7

Additional Information 4: 7511e66c981afa5e7cfb3dab899d9233

spybot install dialogue

Problem signature:

Problem Event Name: APPCRASH

Application Name: SpybotSD.exe

Application Version: 1.6.0.30

Application Timestamp: 2a425e19

Fault Module Name: SpybotSD.exe

Fault Module Version: 1.6.0.30

Fault Module Timestamp: 2a425e19

Exception Code: 80000003

Exception Offset: 002af3b8

OS Version: 6.0.6001.2.1.0.768.3

Locale ID: 4105

Additional Information 1: d18c

Additional Information 2: d916fd58afed57c995b7d8ef5bc81b76

Additional Information 3: 018f

Additional Information 4: 877640db870c07d9fed893daa8a58350

setup dialogue window

unable to execute file:

c:\program files\spybot-search and destroy\sdwinsec.exe

create process failed; code 740.

the requested opreration requires elevation ,----- what is eleivation?

when i closed this a dos window zipped by

Share this post


Link to post
Share on other sites

Requireing elevation means the process needs to be run as an administrator because by default all users (including administrators) on Vista run processes without administrative privelages. If you right click on the installer for Spybot and click Run as administrator, that will fix the issue with sdwinsec.exe (which is the service that notifies Windows Security Center that Spybot is installed).

Were you able to run the scan with the Avira CD?

Share this post


Link to post
Share on other sites
Could be, or it could be related to the fact that it's on Vista. You can try running an offline scan with Avira's bootable rescue disc referred to in this post by AdvancedSetup: http://www.malwarebytes.org/forums/index.p...ost&p=36254 See if it won't remove the driver for you, if not then you can use bart's or something similar, basically anything that can be used to delete a file from the drive with Windows offline, even slaving the drive to another pc, then delete TSSServ.sys from the System32\Drivers folder because that driver is what's preventing tools from loading.

Thanks a lot, I was looking through System32, but never actually thought of checking the System32/Drivers. There it was, but names were different. I deleted the following items:

TDSSnbcb.sys

and

tssecsrv.sys

Only then I was able to start running the anti-malware software in safe mode. I'll scan with MBAM, Spybot, and Avira before I will boot it into a normal mode. Scan is running as I type this post.

Thanks again!

P.S.: Man, they come up with new and more advanced viruses every day. This one was sooo frustrating because it was blocking any anti-malware soft even in safe mode and denied access to registry entries through regedit.

Share this post


Link to post
Share on other sites
Thanks a lot, I was looking through System32, but never actually thought of checking the System32/Drivers. There it was, but names were different. I deleted the following items:

TDSSnbcb.sys

and

tssecsrv.sys

Only then I was able to start running the anti-malware software in safe mode. I'll scan with MBAM, Spybot, and Avira before I will boot it into a normal mode. Scan is running as I type this post.

Thanks again!

P.S.: Man, they come up with new and more advanced viruses every day. This one was sooo frustrating because it was blocking any anti-malware soft even in safe mode and denied access to registry entries through regedit.

Unfortunately, you can expect more of the same in the future, these infections are ever increasing in complexity and are targeting the tools to remove them. I would recommend since you got rid of the driver for the rootkit that you read the instructions here: http://www.malwarebytes.org/forums/index.php?showtopic=2936 and post your logs in a new topic here: http://www.malwarebytes.org/forums/index.php?showforum=7

Please be sure not to install any software or use any removal/scanning tools exept those that you are instructed to by the expert who will be assisting you as doing so can make their job much more difficult. I hope I was helpful. Good luck and safe surfing.

Share this post


Link to post
Share on other sites
Unfortunately, you can expect more of the same in the future, these infections are ever increasing in complexity and are targeting the tools to remove them. I would recommend since you got rid of the driver for the rootkit that you read the instructions here: http://www.malwarebytes.org/forums/index.php?showtopic=2936 and post your logs in a new topic here: http://www.malwarebytes.org/forums/index.php?showforum=7

Please be sure not to install any software or use any removal/scanning tools exept those that you are instructed to by the expert who will be assisting you as doing so can make their job much more difficult. I hope I was helpful. Good luck and safe surfing.

Well, I'm a computer tech myself, it just was the first time that I've seen this specific nasty virus on customer's PC. I usually install Comodo Firewall, Spybot, and AntiVir antivirus for them and configure it. I also install Mozilla Firefox with the following plugins: Ad-Block Plus, Ad-block Plus Element Hiding Helper, Adblock G.Filter Updater, FlashBlock, and NoScript. Plus I always tell them not to click on some rogue software links and that they don't need to install any other antiviruses etc., no matter how good the advertisement might look.

This is my first time using Malwarebytes. Usually I used HijackThis and was always able to get rid of stuff. Then scans by Spybot, Ad-aware(which became bad now), and Avira would finish things. I've also used RootKit Revealer and then removed registry entries manually. It always worked, but not this time. As I told, it wouldn't let HijackThis start.

It's just interesting that this particular customer had all the above mentioned software installed and yet he somehow got infected with this virus. I also found that his firewall was uninstalled when I first looked at his PC. I wonder if he uninstalled the firewall himself or if it's the work of this virus.

He must of clicked on some Antivirus2009 advertisement link because I don't see how else he could get infected.

Anyway, I'm pretty sure this PC is clean now. I've looked through logs - all is good.

Thanks a lot, again!

Share this post


Link to post
Share on other sites

Oh, here's one last information: that customer called me and told how it all happened. Firewall showed popup that antivirus2009 was trying to access the internet. He thought it was an update for Avira. LOL! He let it through and it all rolled down the hill.

Good thing though is that maybe now he learned a good lesson (as well as I learned about TDSS).

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.