SolvitM

Malwarebytes won't install

19 posts in this topic

Hi Guys,

Hope you all had a great Xmas and New Year! Great product!!

First post but have used malwarebytes before.

I have a friends PC that has Spyware Guard 2008 and have attempted to install Malwarebytes but it hangs on the final finishing install. It still appears in the startup group but will not run. The PC also will not boot into safe mode. PC is running XP SP3.

Look forward to hearing from you.

Cheers

Share this post


Link to post
Share on other sites

Download and run a scan with HijackThis, then post the log in a reply.

Share this post


Link to post
Share on other sites

Hello and Welcome to Malwarebytes.org

Please read and follow the instructions provided here: Pre- HJT Post Instructions

When ready please post your logs here: Malware Removal - HijackThis Logs

Someone will be happy to assist you further with cleaning your system.

During this scan and cleanup process you should not install any other software unless requested to do so.

Share this post


Link to post
Share on other sites

I have just recently run across this malware. It apparently now has some sort of process killer and is disabling several network services at boot up. You can get around the services being disabled by booting into safe mode with networking, however, the process killer is still live and will kill any attempt to install any software, and also will close your web browser whenever you attempt to navigate from the page it opens to. Attaching any kind of external drive while the malware is live will infect the external device. I found this by trying to copy the mbam setup file from a usb key. The key was never accessible on the system, but the system accessed it long enough to infect it. I ended up slaving the drive to copy the mbam setup file to the drive, but then was unable to install even in safe mode. This malware is getting particularly nasty. Is there any type of tool malwarebytes has to offer that can be run from a bootable usb device or a bootable CD? :excl:

Share this post


Link to post
Share on other sites
I have just recently run across this malware. It apparently now has some sort of process killer and is disabling several network services at boot up. You can get around the services being disabled by booting into safe mode with networking, however, the process killer is still live and will kill any attempt to install any software, and also will close your web browser whenever you attempt to navigate from the page it opens to. Attaching any kind of external drive while the malware is live will infect the external device. I found this by trying to copy the mbam setup file from a usb key. The key was never accessible on the system, but the system accessed it long enough to infect it. I ended up slaving the drive to copy the mbam setup file to the drive, but then was unable to install even in safe mode. This malware is getting particularly nasty. Is there any type of tool malwarebytes has to offer that can be run from a bootable usb device or a bootable CD? :excl:

Speaking from my experience, it is blocking the installer and the installed program based on the name of the executable. Simply rename the installer and exectuable and it should run fine. You will also have issues getting it to update until you've cleaned it up a bit. I usually just copy and paste the executable within the same folder which results in "Copy of [mbam.exe/mbam-setup.exe]" which then runs fine. It does the same thing to several other software packages, such as Spybot S&D and AVG Antivirus (sometimes; haven't had a problem with Avira though). I have also seen it block Taskmgr and Regedit in a similar fashion, and the same work around bypasses it.

Ba'alzemon

d#%n typos!

Share this post


Link to post
Share on other sites

The issue is that there are more than one pieces of Malware out there that are frequently updated as well that try to prevent all types of tools from removing it. There is no one single answer/fix for every computer and each requires review to determine how best to clean it.

Share this post


Link to post
Share on other sites
Speaking from my experience, it is blocking the installer and the installed program based on the name of the executable. Simply rename the installer and exectuable and it should run fine. You will also have issues getting it to update until you've cleaned it up a bit. I usually just copy and paste the executable within the same folder which results in "Copy of [mbam.exe/mbam-setup.exe]" which then runs fine. It does the same thing to several other software packages, such as Spybot S&D and AVG Antivirus (sometimes; haven't had a problem with Avira though). I have also seen it block Taskmgr and Regedit in a similar fashion, and the same work around bypasses it.

Ba'alzemon

d#%n typos!

Thanks for the info, I will give that a try next time I run into a computer infected with it.

Share this post


Link to post
Share on other sites

Hi Guys,

Thanks for all the replies.

Since I couldn't get anything to install I have taken out the HDD and slaved it to a system with Malwarebytes installed and am at the moment running. As Malwarebytes finds things Kaspersky also finds the items and deletes.

I will let you know the final outcome.

Cheers

Share this post


Link to post
Share on other sites
Since I couldn't get anything to install I have taken out the HDD and slaved it to a system with Malwarebytes installed and am at the moment running. As Malwarebytes finds things Kaspersky also finds the items and deletes.

Please note that you should run a quick scan with MBAM on the infected system once you get done with the scan of the drive. MBAM is more effective when it's scanning the malware while it's running, which is why they try to keep you from running our software.

Share this post


Link to post
Share on other sites

Please post all LOGS in the HJT forum, not here, and don't attach them unless requested just COPY/PASTE them. Thanks.

Share this post


Link to post
Share on other sites

Hello All,

Unable to install MWB, HJT, etc.

I have had this problem on 2 computers now. The one program that worked for me both times is DrWeb CureIt. Search for it and there are several web sites that host the download.

Also was able to install HJT after the scan and reboot.

There was only one file it found and deleted,

[scan path] c:\windows\system32\fcdecacbaaacfcccade.dll

c:\windows\system32\fcdecacbaaacfcccade.dll probably infected with DLOADER.Trojan

And deleted on reboot

c:\windows\system32\fcdecacbaaacfcccade.dll - incurable - will be deleted after restart

Then was able to install MWB and anything else!

Hope this was usefull!

Mark

Share this post


Link to post
Share on other sites
Speaking from my experience, it is blocking the installer and the installed program based on the name of the executable. Simply rename the installer and exectuable and it should run fine. You will also have issues getting it to update until you've cleaned it up a bit. I usually just copy and paste the executable within the same folder which results in "Copy of [mbam.exe/mbam-setup.exe]" which then runs fine. It does the same thing to several other software packages, such as Spybot S&D and AVG Antivirus (sometimes; haven't had a problem with Avira though). I have also seen it block Taskmgr and Regedit in a similar fashion, and the same work around bypasses it.

Ba'alzemon

d#%n typos!

Ba'alzemon: is an absolute, unmitigated, certifiable YEENYUS! :D I spent about 12 hours trying to fight demons on a Windows XP Sp3 laptop and I was unable to get Malwarebytes to install. I knew it was being blocked, but I tried EVERYTHING except renaming the [darned] executables. Once I used Ba'alzemon's technique Malwarebytes loaded without issue and I was able to find (and vanquish) multiple trojans and spywareguard2008 (among other things). Malwarebytes has saved the day on numerous occasions in my professional and personal lives and the hardest part of my marathon exorcism today was that I couldn't get Malwarebytes to load--I knew if I could get it in the door my old friend would come through.

Thank you Malwarebytes and thank you Ba'alzemon!

Ciao,

BillyD

Share this post


Link to post
Share on other sites
Please post all LOGS in the HJT forum, not here, and don't attach them unless requested just COPY/PASTE them. Thanks.

This method, using Dr. Web Cureit also worked form me when I could not install HijackThis or MBAM. The file it found on the system I am working on was named differently than the previous poster, so obviously the attacking program names the file with random letters on each system.

After spending way too much time on this, MBAM is now finding other infections.

Thanks!

Koke

Share this post


Link to post
Share on other sites
This method, using Dr. Web Cureit also worked form me when I could not install HijackThis or MBAM. The file it found on the system I am working on was named differently than the previous poster, so obviously the attacking program names the file with random letters on each system.

After spending way too much time on this, MBAM is now finding other infections.

Thanks!

Koke

By the way, renaming the installer for MBam did not work in this instance. I had also closely followed all the various instructions in posts above this, and the Dr. Web CureIt finally got me to where I could complete the earlier HiJackThis and Mbam instructions.

This problem originated with the Spyware Guard 2008 infection.

Koke

Share this post


Link to post
Share on other sites

Can someone "dumb it down" for me on renaming executables? I can NOT download Malwarebytes on my infected omputer.......PLEASE HELP! I get a error 404 when trying to download. Any help would be much appreciated!

Thanks!

Marcus

Share this post


Link to post
Share on other sites

Hello Marcus and Welcome to Malwarebytes.org

Please read and follow the instructions provided here: Pre- HJT Post Instructions

When ready please post your logs here: Malware Removal - HijackThis Logs

Someone will be happy to assist you further with cleaning your system.

During this scan and cleanup process you should not install any other software unless requested to do so.

Share this post


Link to post
Share on other sites
Can someone "dumb it down" for me on renaming executables? I can NOT download Malwarebytes on my infected omputer.......PLEASE HELP! I get a error 404 when trying to download. Any help would be much appreciated!

Thanks!

Marcus

Hey Marcus, sounds like you have the variant similar to the one I saw the other day. Depending upon which variant, you may or may not be able to use a usb drive on the computer. If you can (and be careful because it may infect the drive), then download the malwarebyes install file on another computer and then right-click on it and choose rename. Type in mbytes in place of mbam-setup. Once that is done, you can copy it to a usb drive, and then copy it from there to the infected computer. You will now be able to install malwarebytes, but it most likely will not run after it is installed. If this is the case, you will have to browse the c: drive and go to Program Files, and then MalwareByte's Anti-Malware. Open that folder and you will see a file named mbam that has a red square icon with a white letter "M". Right-click on that file and choose rename. Type in mbytes in place of mbam and click OK. Now double-click the mbytes file and the application will start. It is not actually necessary to use mbytes for the name of the files, you can type anything you want, as long as it isn't the name of a file that this particular variant of the malware is blocking. I hope this helps.

Share this post


Link to post
Share on other sites

Hey everyone, I have recently come accross this problem with malwarebytes. Where it either freezes during the install or will not update. Well I figured a great way to get it to install. First check to see if it installed itsel by going to controll panel and choosing add remove programs. Or look for it in your start programs menu. If in the start, programs menu just put the cursor on it and see if there is an uninstall icon there. if so uninstall it. If not in the start, programs menu check the add remove programs list. If you see it there uninstall it.

Now start the PC in Safe mode, this can be done a few ways. One way I won't tell you ablut because you could damage your machine and I don't want ya pissed at me. A second way is hit f8 when you first start the PC. Just keep hitting the f8 key when you reboot and a screen will appear with safe mode on the top of the list. a third way is to click start, then run, on vista the bottom search bar is run just type in msconfig and hit enter or ok. A box will appear, click on the boot.ini tab, then check the circle that says /safeboot and hit apply and ok. your computer will now automatically start in safe mode. You need to do nothing to change this back, it will do it all on it's own. when you are done in sfe mode just restart and it will start in normal mode all by it self.

Now install malwarebytes in safe mode and run it, it will remove a lot without the updates which the other products can't do. When you are done just restart the PC and get your updates and run it again. This should help most of your problems with the malwarebytes freezing during install. Good Luck and Hope this helps.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.