Ad: Manage updates with the Download App
ie8 fix

Spyware, viruses, & security forum: Malwarebytes wont open

by: jaysmommy July 31, 2009 4:26 PM PDT

Like this

0 people like this thread

Staff pick

Malwarebytes wont open

by jaysmommy - 7/31/09 4:26 PM

Hi im new to the site i hope im posting this in the right place. Here's my problem I really hope that somebody can help me. I have malwarebytes installed on my pc. For some reason it won't open. I tried downloading & running it because I noticed my google searches were being redidected & I keep getting all these annoying pop-up ads. I also can't use System Restore because it doesn't go farther than selecting the restore point. After I click next nothing happens. & I keep getting this annoying yellow pop up box that says "Your browser is under the threat of infection. Windows requires your permission to install online protection tool". I took a screen shot of it so you can see what im talking about.

http://i25.tinypic.com/eryctw.jpg

Thank you so much for your time & help this is driving me crazy lol.

-Christine-

Os- Windows XP Professional Version 2002 Service Pack 3


Reply
Report offensive post
Email to friend

You could try.......

by Marianna Schmudlach - 7/31/09 6:09 PM

In Reply to: Malwarebytes wont open by jaysmommy

....going to C:\Program Files\Malwarebytes' Anti-Malware and rename the "mbam.exe" file (i.e. Your Name.exe) within the folder. Then double-click on the Your Name.exe, in order to run it.

Does that help to get MBAM running?


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

it worked!

by jaysmommy - 7/31/09 7:43 PM

In Reply to: You could try....... by Marianna Schmudlach

Thank you so much that did the trick! Im about to perform a scan now


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

Re; Malwarebytes' won't open

by Carol~ Moderator - 7/31/09 6:18 PM

In Reply to: Malwarebytes wont open by jaysmommy

Christine..

Firstly, welcome to the forum. It might be important to know, if you installed MBAM after the problem occurred. Or, if you already had it installed on your system. The former seems to be the case, from my understanding of what you wrote.

If the former is the case, you might want to try this first. Navigate to C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe and rename the mbam.exe, as shown here. Rename it something such as chris.exe. (It may be necessary to unhide your files and folders, in order to view the mbam.exe.) Once renamed, double-click on the file and see if you're able to run the program.

If you're unsuccessful, try running the program in Safe Mode. There are some other things you can "check and try", but for the time being see if the above helps. Let us know how you make out.

Best of luck..
Carol


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

Safe mode?

by jaysmommy - 7/31/09 7:50 PM

In Reply to: Re; Malwarebytes' won't open by Carol~ Moderator

Hi carol! I installed the program after i realized i had an infection on my computer. & i did as you said & re-named the file & im happy to say that it works now!... This might be a dumb question but I'm kinda clueless when it comes to computers so try to bear with me lol should I switch my computer to safe mode to run the scan or should i just run it in regular mode? Does it make a difference?


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

Re: Safe mode?

by Carol~ Moderator - 7/31/09 8:43 PM

In Reply to: Safe mode? by jaysmommy

Christine..

I only mentioned "safe mode", if after renaming the file, you were (still) unable to run MBAM. It may have made it easier for you. Since you are able to run it, I would suggest scanning in normal mode. According to a couple of the Administrators at the Malwarebytes' Forum, MBAM was designed to be used in normal mode, for optimal removal.

And by the way .. as has been said by many, "The only dumb question, is the one not asked". wink

Carol


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

virus

by jaysmommy - 7/31/09 11:39 PM

In Reply to: Re: Safe mode? by Carol~ Moderator

Hi Carol! Sorry I took so long to reply I babysat 3 toddlers today so I've been running around like crazy lol.

What you said is very true, I never thought about that lol. And without asking you will never learn! happy

I ran the MBAM scan & it found 1 trojen today. My computer has been acting strange for almost a month now & for whatever reason I was able to scan my pc using MBAM a few times in the past & it worked fine it just started messing up recently but thats a non-issue anymore since i kno how to fix it now by renaming the file but anyway im getting off topic sorry lol... In my previous MBAM scans (including todays) it picked up 14 trojen viruses but I still suspect I have more that arent coming up because my computer is still acting funny. What should I do?

Thanks

Heres my MBAM logs

Malwarebytes' Anti-Malware 1.38
Database version: 2297
Windows 5.1.2600 Service Pack 3

7/3/2009 6:38:29 PM
mbam-log-2009-07-03 (18-38-28).txt

Scan type: Full Scan (C:\|D:\|E:\|G:\|)
Objects scanned: 242373
Time elapsed: 46 minute(s), 33 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 3
Registry Data Items Infected: 6
Folders Infected: 3
Files Infected: 5

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\windowsupdates (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\windowsupdates (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\wmp (Rootkit.ADS) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.138,85.255.112.9 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{0acf9fb5-f486-4567-9c18-ec68f1bf18ce}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.138,85.255.112.9 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.138,85.255.112.9 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{0acf9fb5-f486-4567-9c18-ec68f1bf18ce}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.138,85.255.112.9 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.138,85.255.112.9 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{0acf9fb5-f486-4567-9c18-ec68f1bf18ce}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.138,85.255.112.9 -> Quarantined and deleted successfully.

Folders Infected:
c:\documents and settings\CHRISTINA\Application Data\pidle (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\skype32 (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lowsec (Stolen.data) -> Quarantined and deleted successfully.

Files Infected:
c:\WINDOWS\system\Update.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32:ntsdexts.exe (Rootkit.ADS) -> Quarantined and deleted successfully.
c:\WINDOWS\Tasks\{5B57CF47-0BFA-43c6-ACF9-3B3653DCADBA}.job (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\documents and settings\Christine\Local Settings\Temp\DigitalHQ.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\MSIVXcount (Trojan.Agent) -> Delete on reboot.





Malwarebytes' Anti-Malware 1.39
Database version: 2421
Windows 5.1.2600 Service Pack 3

7/31/2009 11:44:23 PM
mbam-log-2009-07-31 (23-44-23).txt

Scan type: Full Scan (C:\|D:\|E:\|G:\|)
Objects scanned: 243042
Time elapsed: 43 minute(s), 14 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\MSIVXcount (Trojan.Agent) -> Delete on reboot.


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

Re: Virus

by Carol~ Moderator - 8/1/09 1:11 AM

In Reply to: virus by jaysmommy

Christine...

Please update MBAM. The current database version (as of now) is 2539. Run another scan. I suspect after updating, scanning and rebooting, you will continue to see the same infected file: C:\WINDOWS\system32\MSIVXcount (Trojan.Agent) -> Delete on reboot.

If that is the case, I would suggest downloading and installing HijackThis. Post the new MBAM log, along with the HJT log, at the Malwarebytes' Forum. HijackThis will allow them to see more of what's going on. They also have tools at their disposal, which will help. We don't analyze HJT logs here.

You can download Trend Micro's HijackThis from here: http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis/download

Read the Instructions here: http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis/qsg

Post the logs here: http://www.malwarebytes.org/forums/index.php?s=3bc54148eb5885f4b8c7295fa434fb79&showforum=7

Best of luck ..
Carol


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

thank you

by jaysmommy - 8/1/09 6:38 PM

In Reply to: Re: Virus by Carol~ Moderator

carol-
Thank you for all of your help & time. I just updated MBAM & I'm going to run the scans now.


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

...

by jaysmommy - 8/1/09 6:41 PM

In Reply to: Re: Virus by Carol~ Moderator

I just downloaded & tried to run HJT but it wont open! Should I rename it the same way I did for MBAM?


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

You're welcome. Yes you can rename it.

by Carol~ Moderator - 8/2/09 2:05 AM

In Reply to: ... by jaysmommy

Rename it in the same way you did MBAM. How about renaming it jay.exe ( wink ) this time?

If you run into any further problems, please don't hesitate to let us know.

Carol


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

More Discussions

Forum Icon Legend

  • UnreadUnread
  • ReadRead
  • Locked threadLocked thread
  •   
  •   
  •   
  •   
  •   
  •   
  •   
  • ModeratorModerator
  • CNET StaffCNET Staff
  • Samsung StaffSamsung Staff
  • Norton Authorized Support TeamNorton Authorized Support Team
  • AVG StaffAVG Staff
  • avast! Staffavast! Staff
  • Webroot Support TeamWebroot Support Team
  • Acer Customer Experience TeamAcer Customer Experience Team
  • Windows Outreach TeamWindows Outreach Team
  • DISH staffDISH staff
  • Dell StaffDell Staff
  • Intel StaffIntel Staff
  • QuestionQuestion
  • Resolved questionResolved question
  • General discussionGeneral discussion
  • TipTip
  • Alert or warningAlert or warning
  • PraisePraise
  • RantRant

You are e-mailing the following post: Post Subject

Your e-mail address is used only to let the recipient know who sent the e-mail and in case of transmission error. Neither your address nor the recipient's address will be used for any other purpose.

Sorry, there was a problem emailing this post. Please try again.

Submit Email Cancel

Thank you. Sent email to

Close

Thank you. Sent email to

Close

You are reporting the following post: Post Subject

If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.

Offensive: Sexually explicit or offensive language

Spam: Advertisements or commercial links

Disruptive posting: Flaming or offending other users

Illegal activities: Promote cracked software, or other illegal content

Sorry, there was a problem submitting your post. Please try again.

Submit Report Cancel

Your message has been submitted and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.

Close

Your message has been submitted and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.

Close

You are posting a reply to: Post Subject

The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to the CNET Forums policies for details. All submitted content is subject to CBS Interactive Site Terms of Use.

You are currently tracking this discussion. Click here to manage your tracked discussions.

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

Sorry, there was a problem submitting your post. Please try again.

Sorry, there was a problem generating the preview. Please try again.

Duplicate posts are not allowed in the forums. Please edit your post and submit again.

Submit Reply Preview Cancel

Thank you, , your post has been submitted.

> Click here to view your post. > Manage your tracked discussions. > Track this discussion. Close

Thank you, , your post has been submitted and will appear on our site shortly.

Close