Software > Computer viruses and spyware
Help please! Malwarebytes won't run. SAS and HJT Logs included...
caytidid:
No luck in safe mode unfortunately. It doesn't seem to even register that I opened it. No error this time, just nothing!
harry 48:
<Removed>
Please don't send users away. EF
evilfantasy:
Hello caytidid.
Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.
There are 4 different versions. If one of them won't run then download and try to run the other one.
Vista and Win7 users need to right click Rkill and choose Run as Administrator
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.
* Rkill.com
* Rkill.scr
* Rkill.pif
* Rkill.exe
* Double-click on the Rkill desktop icon to run the tool.
* If using Vista or Windows 7 right-click on it and choose Run As Administrator.
* A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
* If not, delete the file, then download and use the one provided in Link 2.
* If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
* Do not reboot until instructed.
* If the tool does not run from any of the links provided, please let me know.
Once you've gotten one of them to run then try to immediately run the following.
Now download and Run exeHelper.
* Please download exeHelper from Raktor to your desktop.
* Double-click on exeHelper.com to run the fix.
* A black window should pop up, press any key to close once the fix is completed.
* A log file named log.txt will be created in the directory where you ran exeHelper.com
* Attach the log.txt file to your next message.[/list]
Note: If the window shows a message that says "Error deleting file", please re-run the program before posting a log - and post the two logs together (they will both be in the one file).
If you already have ComboFix be sure to delete it and download a new copy.
Download ComboFix© by sUBs from one of the below links. Be sure top save it to the Desktop.
Link #1
Link #2
**Note: It is important that it is saved directly to your Desktop
Close any open Web browsers. (Firefox, Internet Explorer, etc) before starting ComboFix.
Temporarily disable your antivirus and any antispyware real time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them.
Double click combofix.exe & follow the prompts.
Vista users Right-Click on ComboFix.exe and select Run as administrator (you will receive a UAC prompt, please allow it)
When finished ComboFix will produce a log for you.
Post the ComboFix log in your next reply.
Important: Do not mouseclick ComboFix's window while it is running. That may cause it to stall.
Remember to re-enable your antivirus and antispyware protection when ComboFix is complete.
If you have problems with ComboFix usage, see How to use ComboFix
----------
Next post please add:
[*] exeHelper log
[*] ComboFix log[/list]
caytidid:
Hi evilfantasy,
Thanks for the reply and sorry for the delay, I had some trouble disabling all aspects of my antivirus software. Everything seemed to run fine after that. I have attached both of the requested logs. I don't know if this is worth noting or not, but after I ran Combofix and the computer restarted, I got the RUNDLL errors for both hafimiw.dll and c:\windows\system32\rosogobu11. I'm guessing those are remnants of malware that have been deleted. Didn't know if it was relevant but I figured full disclosure was best. Thanks for you help on this!
[Saving space, attachment deleted by admin]
evilfantasy:
--- Quote from: caytidid on November 07, 2009, 05:29:20 PM ---Thanks for you help on this!
--- End quote ---
Your welcome.
--- Quote from: caytidid on November 07, 2009, 05:29:20 PM ---after I ran Combofix and the computer restarted, I got the RUNDLL errors for both hafimiw.dll and c:\windows\system32\rosogobu11. I'm guessing those are remnants of malware that have been deleted. Didn't know if it was relevant but I figured full disclosure was best.
--- End quote ---
Yes and we will take care of that.
Did you create these folders and files?
--- Quote ---2009-11-07 21:24 . 2009-11-07 21:30 -------- d-----w- c:\program files\Attempt 6 SM
2009-11-07 18:52 . 2009-11-07 18:53 -------- d-----w- c:\program files\Attempt 5
2009-11-07 18:24 . 2009-11-07 18:28 -------- d-----w- c:\program files\Attempt 4
2009-11-07 18:20 . 2009-11-07 18:20 -------- d-----w- c:\program files\Attempt 3
2009-11-07 14:33 . 2009-11-07 14:33 -------- d-----w- c:\program files\please work
2009-11-07 05:20 . 2009-11-07 05:20 4045528 ----a-w- c:\program files\xxxx.exe
2009-11-07 05:12 . 2009-11-07 14:41 -------- d-----w- c:\program files\MF
2009-11-07 05:07 . 2009-11-07 05:10 -------- d-----w- c:\program files\MW-upfucker
2009-11-07 05:06 . 2009-11-07 05:06 4045528 ----a-w- c:\program files\mw-upfucker.exe
2009-10-22 18:12 . 2009-10-22 19:04 -------- d-----w- c:\program files\lmxiyi
--- End quote ---
Navigation
[0] Message Index
[#] Next page
[*] Previous page
Go to full version