Spyware, Viruses, & Security forum

General discussion

malwarebytes not working

by fplanner / October 28, 2009 5:35 AM PDT

need help, i think my computer has been infected, cant open my malwarebytes program. Uninstalled and tried reinstalling and that didnt work. Also, tried working with one of the malwarebytes reps and sent him a file after running something called hijacketc... but still no luck.

Post a reply
Discussion is locked
You are posting a reply to: malwarebytes not working
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: malwarebytes not working
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
Give the following a try.......
by Marianna Schmudlach / October 28, 2009 7:29 AM PDT

Please download and run the following tool to help allow other programs to run. (Thanks to Grinler of BleepingComputer.com)
There are 4 different versions. If one of them won't run then download and try to run the other one.
Vista and Win7 users need to right click and choose Run as Admin
You only need to get one of them to run, not all of them.

Rkill.exe http://download.bleepingcomputer.com/grinler/rkill.exe
Rkill.com http://download.bleepingcomputer.com/grinler/rkill.com
Rkill.scr http://download.bleepingcomputer.com/grinler/rkill.scr
Rkill.pif http://download.bleepingcomputer.com/grinler/rkill.pif

After that update and run Malwarebytes AntiMalware.

Collapse -
thx
by fplanner / October 28, 2009 8:19 AM PDT

The rep from malware sent me a combofix and its looks liked it worked.

Collapse -
Great to hear !
by Marianna Schmudlach / October 28, 2009 11:17 AM PDT
In reply to: thx

You are in good hands at the MalwareBytes Anti Malware forum.

Collapse -
Antivirus System PRO on XP on HP laptop
by chatty_kath / November 21, 2009 10:11 PM PST

Hello all,

Intermediate user here.
Trying everything to get rid of this junk. It won't allow me to run any of the four versions of rkill, even to open as admin. I have Malwarebytes installed on the laptop, only because I transferred it with a jump stick from another computer. I can't open any programs incl IE browser on affected computer, including a command prompt.

I don't know where to start to get rid of this junk.

Any help is gratefully appreciated.

Kathy

Collapse -
Think I have it fixed
by chatty_kath / November 22, 2009 9:07 AM PST

So far so good, booted the pc and i got rkill up and running before malware started up.

K

Collapse -
Thank's, it worked!
by Bendix41 / December 16, 2009 7:49 AM PST
In reply to: Think I have it fixed

I had the same problem, but i ran rkill as soon as possible after booting... and it actually worked! Now I can finally go to sleep!

Collapse -
Trying to run rkill but having problems with errors
by dpick8888 / December 17, 2009 3:54 AM PST

I'm attempting to run rkill on my WinXP Laptop as an initial step to removing the rogue program "Internet Security 2010". After running rkill for the first time, the rogue program labels it as harmful and stops rkill. At the advice of another thread, I am leaving this error open and rerunning rkill as a work around. This part works. Rkill starts up and creates a few files. Shortly after these files are created, the desktop disappears and the startup background flashes up for a few seconds. The desktop reappears and I get an error message that says "Login.exe" across the top and "Another program is currently using this file." in the message box.

Collapse -
Two more links are added.......
by Marianna Schmudlach / December 17, 2009 4:56 AM PST
Collapse -
Tried two new links, but had same problem
by dpick8888 / December 17, 2009 5:32 AM PST

Thank you for the quick response. I tried the two programs that you suggested, but unfortunately recieved the exact same response and error message as previously described. Any other ideas??? I really appreciate the help.

Collapse -
Have you already tried Malwarebytes Anti Malware?
by Marianna Schmudlach / December 17, 2009 5:36 AM PST

I would suggest:

please use a friend's or family member's computer and download the Malwarebytes tool and it's manual update from the link below.. Once downloaded, rename the program installer "mbam-setup.exe" file to something else like "Your Name.exe", then copy the installer file and the update file to a CD or flash drive.. Transfer the file to the problem machine, then install the "Your Name.exe" file, then run the update to get the program current.. After that, run a full system scan and delete anything it finds.

Malwarebytes Download Link (Clicking on the links below will immediately start the download dialogue window.)
http://www.besttechie.net/tools/mbam-setup.exe

Malwarebytes Manual Updater link
http://www.malwarebytes.org/mbam/database/mbam-rules.exe

SuperAntispyware
http://www.superantispyware.com/

SuperAntispyware Manual Updater
http://www.superantispyware.com/definitions.html

Does that work?

Collapse -
error message that says "Login.exe" across the top
by Marianna Schmudlach / December 17, 2009 8:13 AM PST

I found the following:

Name: Windows Login
Filename: login.exe
Fix login.exe errors: Try a Registry Scan
Command: C:\WINDOWS\system32\login.exe
Description: A variant of the Win32/Bifrose Trojan.
File Location: %System%
Startup Type: This startup entry is started automatically from a Run, RunOnce, RunServices, or RunServicesOnce entry in the registry.

More here:

http://www.bleepingcomputer.com/startups/login.exe-20411.html

Collapse -
Autoruns saved my life....
by Gayatri999 / January 17, 2010 8:58 AM PST

I can't thank you enough for this post Marianna. I was beginning to think that "Security Tool" had outwitted everyone...
Preventing "Security Tool' from starting, at boot up, at all, and then eliminating it altogether with a mal ware program was a stroke of genius.
A step by step approach for anyone interested in trying this is here:

http://www.bleepingcomputer.com/tutorials/tutorial101.html

Thanks again!

Collapse -
Thanks so Much
by dpick8888 / January 27, 2010 4:39 AM PST

Really appreciated your help. Happy

Collapse -
Thank You! Thank You! Thank You!
by bedfordgrp / January 16, 2010 10:37 PM PST

My Malwarebytes scan ran all night but it found and erased all of this pesky malware. Thanx so much for this insight.
M

Collapse -
Thanks!
by Dxtra30 / March 10, 2010 1:41 AM PST

OMG - This post that somebody sent to me, I think saved my pc from a virus.. I ran the RKILL.exe then Updated and Ran Malwarebytes.. Seems to have found and removed the virus.. I rebooted the laptop it seems to be working as normal so far but doing some final spot checkups tonight.. THANK YOU MARIA for posting these links.. LIFE SAVER!

Collapse -
McAfee sees rkill.com and other rkill files as trojans
by fsujohn / May 15, 2010 3:10 AM PDT

I read the posts about using the rkill.com and other renamed versions of it (all of the ones in the posts here), so I tried to download each one in succesion. Each one was tagged as a trojan by my McAfee Total Protection, so I blocked them.

I specifically looked here on CNET because I am careful about following one set of instructions to get rid of a problem when I'm not even sure if they're from a reputable source. Since I trust CNET as a credible source I looked here and see the references to the http://www.bleepingcomputer.com fixes.

What do you guys suggest now given that the files McAfee sees as trojans are the first ones needed in the process to get rid of the Control Center virus?

Help!

FSUJohn

Collapse -
Hi John, Both Grif and Carol know more about McAfee
by roddy32 / May 15, 2010 3:45 AM PDT

than I do but I don't know if either will be around this weekend or not. Is there any way to tell McAfee to ignore those files so you can use them? Most antimalware/AV programs will let you do that but I don't know about McAfee. BTW, we use BleepingComputer's fixes because they are very good.

Collapse -
McAfee sees rkill as trojan
by fsujohn / May 15, 2010 4:36 AM PDT

McAfee does give me the option to allows the file. After I chose to block it before it popped up a message saying that McAfee had detected and deleted a trojan and that I did not have to take any action. This is why I am weary about allowing the file, since McAfee saw it as a Trojan.

It sounds like you're saying that depsite McAfee seeing it as a trojan file I should trust it anyway. This is why I came here vs. some other random site.

Please clarify if I am understanding your advice correctly and thanks much for the help.

Collapse -
I am not the one that should be helping
by roddy32 / May 15, 2010 4:58 AM PDT

you with this. I am not a trained malware remover. Usually it is the malware that blocks rkill. My suggestion would be to either wait for Grif because he is also a Mod at the McAfee forum or Carol possibly knows more about this, She is familiar with McAfee also. Being a weekend I have no idea if either will be around or not. The other option would be to visit the McAfee forum and either look for an answer or post the question there. Sorry I can't help you more.

http://community.mcafee.com/community/help

Collapse -
Re: McAfee See's Rkill As Trojan
by Carol~ Forum moderator / May 16, 2010 10:20 PM PDT

FSUJohn...

It is NOT uncommon for an A/V to detect Rkill (and other similar tools) as malicious. To avoid interference, temporarily disable McAfee before running Rkill. It's why this thread was created. If McAfee Total Protection has an exclusion list, you can also go that route. I would go one step further, and let McAfee know their Total Protection is detecting Rkill erroneously. Hopefully, they'll correct it.

Additionally, you'll note the creator of Rkill states in his introduction to Rkill:

'On a final note, when you download and run RKill, certain anti-virus programs may state that the program is a security risk. This is because some of the tools used by RKill can be used for good or bad, though the programs themselves are perfectly harmless, and most anti-virus programs just lump them into the bad category. I assure you we are using them only for good purposes'

I commend you for being cautious and asking first.

Best of luck..
Carol

Collapse -
Now I can't get Malwarebytes to work
by fsujohn / May 16, 2010 10:34 PM PDT

Out of frustration and knowing I would likely not have much time to devote to this issue after the weekend was done I did what Carol suggested before I even saw her post. I got rkill on a jump drive and was able to disable control center, I think. I have malwarebytes anti-malware on the infected computer, but when I tried to run it by calling up the task manager and looking for it in programs the exe file is nowhere to be found. I tried reinstalling it from the jumpdrive and it looks like it installs, but I can't get it to run. I also can't seem to get it to properly, or completely, uninstall to do a clean installation.

So, in a nutshell I'm still stuck on the infected computer and I'm at the point where I can get the rkill and the installation file for malwarebytes on a jump drive, but I'm stuck from there.

Help!

Collapse -
Re: Now I can't get MBAM to work
by Carol~ Forum moderator / May 17, 2010 1:50 AM PDT

'I'm still stuck on the infected computer and I'm at the point where I can get the rkill and the installation file for malwarebytes on a jump drive, but I'm stuck from there.'

Before copying the MBAM installer/mbam-setup.exe (AND the update file ) on to the jump drive, did you rename the installer? If not, you need to. Rename it fsujohn.exe, or the like.

Your first paragraph confuses me. IF you already managed to install MBAM on the infected computer, navigate to C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe and rename the mbam.exe. (It may be necessary to unhide your files and folders, in order to view the mbam.exe.) Once renamed, double-click on the file and see if you're able to run the program.

At one point, you mentioned the mbam.exe was no where to be found. There are certain instances, where the mbam.exe will be missing. If this continues to be the case, let us know, and I'll include a renamed mbam.exe in my next post.

At another point you stated you were unable to completely uninstall MBAM. If THAT'S the case, then try the MBAM Clean Up Utility and start again, as noted above. I don't know what set of instructions you've been following, but they should be similar to this.

Carol

Collapse -
Yep, Carol's Got It Right..
by Grif Thomas Forum moderator / May 17, 2010 3:12 AM PDT

A number of malware types will remove the main mbam.exe executable from the Program Files\Malwarebytes Antimalware folder.. The easiest way to fix the problem is to simply copy the mbam.exe file from a second computer where Malwarebytes is installed, then transfer it using a flash drive to the infected machine.. Paste the copied file into the C:\Program Files\Malwarebytes Antimalware folder and double click on the file to run the program..

Be sure to perform this procedure after running Rkill and without restarting the computer.

Hope this helps.

Grif

Collapse -
Internet Security 2010 virus
by Rowdy50 / January 27, 2010 4:14 AM PST

This thing has taken over my computer. Made a few attempts to find it and delete it in harddrive, and it blocked me from access. Can't get past the "Welcome" screen where you have to click on "owner" box. Any tips on how to bypass that would be greatly appreciated. I am fairly computer ignorant, so good instructions would be very helpful. Thanks.

Collapse -
IF you start with.......
by Marianna Schmudlach / January 27, 2010 5:05 AM PST

Please download and run the following tool to help allow other programs to run. (courtesy of BleepingComputer.com)
There are 4 different versions. If one of them won't run then download and try to run the other one.
Vista and Win7 users need to right click and choose Run as Admin
You only need to get one of them to run, not all of them.

Rkill.exe http://download.bleepingcomputer.com/grinler/rkill.exe
Rkill.com http://download.bleepingcomputer.com/grinler/rkill.com
Rkill.scr http://download.bleepingcomputer.com/grinler/rkill.scr
Rkill.pif http://download.bleepingcomputer.com/grinler/rkill.pif

Then follow instructions from here:


http://www.bleepingcomputer.com/virus-removal/remove-internet-security-2010

Collapse -
Thanks
by Rowdy50 / January 27, 2010 7:15 AM PST

Marianna,
I really appreciate the advice, but my main problem now is that the software won't let me past the Welcome page to get to my desktop to load any software and do anything. When I click on the "owner" box to enter, my desktop flashes briefly and then the virus takes me right back to the Welcome page. Any ideas?

Collapse -
Can you log on into SAFEMODE ?
by Marianna Schmudlach / January 27, 2010 7:24 AM PST

How to Start Windows in Safe Mode

http://www.pchell.com/support/safemode.shtml


Then use System Restore and go back several days....


Once you get in, you will notice that Windows is now running in safe mode, because "safe mode" is displayed in the four corners of your screen. You will also notice it by the reduced functionality and display settings.

Do not worry, if everything goes according to plan, this is only temporary. Now that you are in Windows, you can use System Restore to flash your computer back to when it was still working.

Click Start->All Programs->Accessories->System Tools->System Restore.

In the System Restore wizard, check the option to "Restore my computer to an earlier time" and click next.

In the calendar that appears, choose a good restore point and click next. When the operation is complete, your computer will restart and it will tell you that the system was restored.


http://www.windows-help-central.com/system-restore-in-safe-mode.html


Does it work?

Collapse -
2010 virus
by Rowdy50 / January 28, 2010 4:27 AM PST

Marianna,

I really appreciate your attempts to help me, but I guess I am going to have to get the Geeek Squad people out here. I am using an extra older computer to connect with you.

My main computer is still locked up by this virus. No matter which safe mode I try, the thing always takes me back to the same Welcome page. Won't let me past that. I downloaded the malware and rkill software but can't load it without getting past the virus. Thanks again for your help.

Collapse -
If the "geek squad" has not come...
by Donna Buenaventura / January 28, 2010 5:17 AM PST
In reply to: 2010 virus
Collapse -
Rowdy, I'm Cleaning A Similar Problem Here, Here's How..
by Grif Thomas Forum moderator / January 28, 2010 10:37 AM PST
In reply to: 2010 virus

First, you'll want to have a Windows CD for use on a "repair" installation later, maybe. If the cleanup tools work correctly, things may resolve themselves easily. If not, you may need the Windows CD to run a repair installation.

Next, on separate clean computer, download the free Avira Rescue Disc program and create a bootable rescue disc using the instructions below. Once that's done, boot the computer using the Rescue disc and make sure to select the option to "Rename files" per the instructions, then run the scan using the disc.. You don't need to login to your computer as the rescue disc will run "outside" of Windows.

Avira AntiVir Rescue System

After the disc is created, follow these instructions to run it:

Tutorial for Avira Rescue CD

Next, follow the instructions below which you already have some of the tools for. The rescue disc should have eliminated enough of theproblem to allow "rkill" to run and allow you to install malwarebytes, etc.. In some case, after the installation of Malwarebytes, the actual "mbam.exe' file will be removed by the malware.. You can easily replace it by copying the file from a separate computer where Malwarebytes is installed, renaming it, then placing in the correctly folder listed below.:

Download ALL of the tools below on a friend or family member's, CLEAN computer and copy them to a CD or flash drive, then transfer them to the problem machine.

First, please download and run the following tool to help allow the removal programs below to run. (courtesy of Grinler at BleepingComputer.com)
There are 4 different versions. If one of them won't run then try to run the other one.
Vista and Win7 users need to right click and choose Run as Admin
You only need to get one of them to run, not all of them.

Rkill.exe http://download.bleepingcomputer.com/grinler/rkill.exe
Rkill.com http://download.bleepingcomputer.com/grinler/rkill.com
Rkill.scr http://download.bleepingcomputer.com/grinler/rkill.scr
Rkill.pif http://download.bleepingcomputer.com/grinler/rkill.pif
_____________________

IMMEDIATELY after running the "Rkill" tool above, run/install the Malwarebytes and SuperAntispyware installer and update files from the links below which you've also copied to a CD or flash drive, and transfered to the problem machine. Do NOT restart the computer after running Rkill.

Once downloaded and before transferring Malwarebytes and SuperAntispyware to the problem machine, rename the program installer "mbam-setup.exe" file to something else like "Gogetum.exe", then copy the installer file and the update file to a CD or flash drive.. Transfer the file to the problem machine, then install the "Gogetum.exe" file, then run the update to get the program current.. After that, run a full system scan and delete anything it finds.

Malwarebytes Installer Download Link (Clicking on the links below will immediately start the download dialogue window.)
http://www.besttechie.net/tools/mbam-setup.exe

Malwarebytes Manual Updater link
http://www.malwarebytes.org/mbam/database/mbam-rules.exe

Next, install and run a full system scan with the SuperAntispyware program and the manual updater from the links below. As before, you may need to rename the installer file to get the program to install.:

SuperAntispyware
http://www.superantispyware.com/

SuperAntispyware Manual Updater
http://www.superantispyware.com/definitions.html
____________

In a few situations, in order for the program to run, it was also necessary to rename the main "mbam.exe" file also after installing it.. It resides in the C:\Programs Files\Malwarebytes Antimalware folder....
_____________________


Hope this helps.

Grif

Popular Forums
icon
Computer Help 49,613 discussions
icon
Computer Newbies 10,349 discussions
icon
Laptops 19,436 discussions
icon
Security 30,426 discussions
icon
TVs & Home Theaters 20,308 discussions
icon
Windows 10 360 discussions
icon
Phones 15,802 discussions
icon
Windows 7 7,351 discussions
icon
Networking & Wireless 14,641 discussions

Smartphone tip

Hoarding photos on your phone?

Those picture are hogging memory and could be slowing down your phone.