WiredWX Hobby Weather ToolsLog in

 


descriptionMalwarebytes crashes after 2 seconds. EmptyMalwarebytes crashes after 2 seconds.

more_horiz
Hi guys,

I know this isn't a rare virus issue because I've seen various guides to fixing the issue, but their always personally directed and seem to have various inconsistencies due to the different cases.

The error is a standard one, Malwarebytes crashes 2 seconds into the scan and other programs like Spybot don't open at all (citing the usual 'Windows cannot access the specified device, path, or file. blah blah blah' story).

I've tried to do a couple things but I'm in need of actual guidance on how to fix this issue.

Hoping for a response soon.

Thanks.

descriptionMalwarebytes crashes after 2 seconds. EmptyRe: Malwarebytes crashes after 2 seconds.

more_horiz
Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2

  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:

    Code:


    :filefind
    scecli.dll
    netlogon.dll
    eventlog.dll
    cngaudit.dll


  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt

descriptionMalwarebytes crashes after 2 seconds. EmptyRe: Malwarebytes crashes after 2 seconds.

more_horiz
SystemLook v1.0 by jpshortstuff (29.08.09)
Log created at 00:22 on 09/09/2009 by Edwina (Administrator - Elevation successful)

========== filefind ==========

Searching for "scecli.dll"
C:\WINDOWS\$NtServicePackUninstall$\scecli.dll -----c 180224 bytes [12:58 08/07/2008] [19:30 03/08/2004] 0F78E27F563F2AAF74B91A49E2ABF19A
C:\WINDOWS\ERDNT\cache\scecli.dll --a--- 181248 bytes [14:48 08/09/2009] [00:12 14/04/2008] A86BB5E61BF3E39B62AB4C7E7085A084
C:\WINDOWS\ServicePackFiles\i386\scecli.dll ------ 181248 bytes [00:12 14/04/2008] [00:12 14/04/2008] A86BB5E61BF3E39B62AB4C7E7085A084
C:\WINDOWS\system32\scecli.dll ------ 181248 bytes [19:30 03/08/2004] [00:12 14/04/2008] A86BB5E61BF3E39B62AB4C7E7085A084

Searching for "netlogon.dll"
C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll -----c 407040 bytes [12:58 08/07/2008] [19:30 03/08/2004] 96353FCECBA774BB8DA74A1C6507015A
C:\WINDOWS\ERDNT\cache\netlogon.dll --a--- 407040 bytes [14:48 08/09/2009] [00:12 14/04/2008] 1B7F071C51B77C272875C3A23E1E4550
C:\WINDOWS\ServicePackFiles\i386\netlogon.dll ------ 407040 bytes [00:12 14/04/2008] [00:12 14/04/2008] 1B7F071C51B77C272875C3A23E1E4550
C:\WINDOWS\system32\netlogon.dll ------ 407040 bytes [19:30 03/08/2004] [00:12 14/04/2008] 1B7F071C51B77C272875C3A23E1E4550

Searching for "eventlog.dll"
C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll -----c 55808 bytes [12:58 08/07/2008] [19:30 03/08/2004] 82B24CB70E5944E6E34662205A2A5B78
C:\WINDOWS\ERDNT\cache\eventlog.dll --a--- 56320 bytes [14:48 08/09/2009] [14:27 08/09/2009] 6D4FEB43EE538FC5428CC7F0565AA656
C:\WINDOWS\ServicePackFiles\i386\eventlog.dll ------ 56320 bytes [00:11 14/04/2008] [00:11 14/04/2008] 6D4FEB43EE538FC5428CC7F0565AA656
C:\WINDOWS\system32\eventlog.dll ------ 56320 bytes [19:30 03/08/2004] [14:27 08/09/2009] 6D4FEB43EE538FC5428CC7F0565AA656

Searching for "cngaudit.dll"
No files found.

-=End Of File=-

descriptionMalwarebytes crashes after 2 seconds. EmptyRe: Malwarebytes crashes after 2 seconds.

more_horiz
Hello.
Please download this file

  1. Please download Junction.zip and save it.
  2. Unzip it and put junction.exe in the Windows directory (C:\Windows).
  3. Go to Start > Run. Now copy and paste in the following command in the Run box and click OK:

    cmd /c junction -s c:\ >log.txt&log.txt& del log.txt

  4. A command window opens starting to scan the system, wait for the scans log file to open.
  5. Save the log file to your Desktop. Now upload the log file at www.rapidshare.com for me to see.
  6. Copy and paste back the share URL rapidshare gives you.

descriptionMalwarebytes crashes after 2 seconds. EmptyRe: Malwarebytes crashes after 2 seconds.

more_horiz
Hi, I went to bed so this is pretty delayed...

http://rapidshare.com/files/277555187/log.txt.html

Thanks for the help so far, do you know much about what the underlying problem is? Are there certain things I should avoid doing in the meantime?

descriptionMalwarebytes crashes after 2 seconds. EmptyRe: Malwarebytes crashes after 2 seconds.

more_horiz
bump

descriptionMalwarebytes crashes after 2 seconds. EmptyRe: Malwarebytes crashes after 2 seconds.

more_horiz
Hello.

Please download this file

Download it to your Desktop, but do not run it just yet.
Right click the file > Select "Copy".

Now using Windows Explorer (Windows key + E), navigate to this folder:

c:\Program Files\Malwarebytes' Anti-Malware

Go inside the MBAM folder, and dight click anywhere in that folder > Select "Paste"
Now find mbam.exe and drag it onto inherit.exe and then drop it.

This will launch inherit.exe, let it run until it says OK.

Now run MBAM, it will work now we have unlocked the permission.

descriptionMalwarebytes crashes after 2 seconds. EmptyRe: Malwarebytes crashes after 2 seconds.

more_horiz
I managed to unlock Malwarebytes without the Inherit.exe and it runs fine. Avira also works and I ran a scan and picked up a couple little things.

I ran a full scan with Malwarebytes and found 4 infected files and 2 infected registry keys. I quarantined/removed them straight to hell (where they belong), but Spybot still refuses to work.

The Malwarebytes log is here:

---

Malwarebytes' Anti-Malware 1.40
Database version: 2770
Windows 5.1.2600 Service Pack 3

10/09/2009 8:29:07 PM
mbam-log-2009-09-10 (20-29-07).txt

Scan type: Full Scan (C:\|D:\|E:\|)
Objects scanned: 234519
Time elapsed: 52 minute(s), 27 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 4

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\BITS\ImagePath (Hijack.WindowsUpdates) -> Bad: (%fystemRoot%\system32\svchost.exe -k netsvcs) Good: (%SystemRoot%\System32\svchost.exe -k netsvcs) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\wuauserv\ImagePath (Hijack.WindowsUpdates) -> Bad: (%fystemroot%\system32\svchost.exe -k netsvcs) Good: (%SystemRoot%\System32\svchost.exe -k netsvcs) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\13846254\13846254.exe.vir (Rogue.SystemSecurity) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\hjgruipcpkogim.dll.vir (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\tajf83ikdmf.dll.vir (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2AF1D626-236F-48C5-AE45-CFD96DA1AA86}\RP1\A0000005.dll (Trojan.Sirefef) -> Quarantined and deleted successfully.

---

p.s. I am watching this thread closely, if I'm not mistaken we are in very different timezones (Australia to America maybe?) so don't be offended if it takes me a while to respond to any assistance. Your help is greatly appreciated.

descriptionMalwarebytes crashes after 2 seconds. EmptyRe: Malwarebytes crashes after 2 seconds.

more_horiz
Hello.
Don't worry about the time it takes me to reply. I will reply when I get time.

Spybot is locked, we can unlock it now.
Follow my instructions for using inherit.exe, only place it in the "Spybot - Search & Destroy" folder, then drag "SpybotSD.exe" onto inherit.exe

descriptionMalwarebytes crashes after 2 seconds. EmptyRe: Malwarebytes crashes after 2 seconds.

more_horiz
Ah... Now heres something different. I opened the Spybot folder and discovered that there was no SpybotSD.exe.

This was the first odd thing.

I attempted to reinstall the program but during the installation process it said that SpywareSD.exe is a readme file and it couldn't write over it.

I then "add/removed" the entire program and attempted to delete the (now) empty Spybot - Search & Destroy folder but came up with this issue, which I screenshotted. As you can see I included the program files folder showing me attempting to delete, the empty folder showing it is indeed empty and the error showing there is indeed something wrong...

Malwarebytes crashes after 2 seconds. Spybot11

I also ran a search of the entire computer for SpybotSD.exe and turned up 0 results.

As far as I can tell there is no suggestion that any such file exists on the computer except for this error.

What. The. Hell.

descriptionMalwarebytes crashes after 2 seconds. EmptyRe: Malwarebytes crashes after 2 seconds.

more_horiz

  • Download combofix from here
    Link 1
    Link 2
1. If you are using Firefox, make sure that your download settings are as follows:

* Tools->Options->Main tab
* Set to "Always ask me where to Save the files".

2. During the download, rename Combofix to svchost as follows:

Malwarebytes crashes after 2 seconds. CF_download_FF

Malwarebytes crashes after 2 seconds. 2aflf5z

3. It is important you rename Combofix during the download, but not after.
4. Please do not rename Combofix to other names, but only to the one indicated.
5. Close any open browsers.
6. We need to disable your local AV (Anti-virus) before running Combofix.

  • See HERE for how to disable your AV.
  • Double click on svchost.exe.
  • Follow the prompts. NOTE:
  • Allow combofix to run
  • Post C:\combofix.txt back here.

    Note:
    Do not mouse click combofix's window whilst it's running. That may cause it to stall.

descriptionMalwarebytes crashes after 2 seconds. EmptyRe: Malwarebytes crashes after 2 seconds.

more_horiz
privacy_tip Permissions in this forum:
You cannot reply to topics in this forum