TechSpot

Google links redirected, b.exe, Malware programs do not run

By howmuch
Sep 22, 2009
  1. Google links are being redirected to random ad sights or obscure search engines. b.exe published by "popcap" keeps popping up in Spybot and is running in the task manager. Malwarebytes will install and start to run but is then stopped and will not run until it is renamed and the security settings are reset on the mbam.exe file. It will then run for a few seconds and then close and disable. I have tried renaming and changing the extension. I have tried DDS scan and Rootrepeal and the same thin happens with them. My AV was disabled when I attempted to run the programs. I was able to run Super Antispyware which found some trojans and fixed the pop up add windows that were popping up when IE was closed. After the initial scan, Super Antispyware cannot be opened. I tried to run Malwarebytes in safe mode, but it was stopped.
     
  2. Tmagic650

    Tmagic650 TS Ambassador Posts: 17,244   +234

    Format and reinstall Windows... Doing this will save you a lot of time and some major headaches
     
  3. Jawshh

    Jawshh TS Enthusiast Posts: 392

    IMO he should try combofix first.
     
  4. almcneil

    almcneil TS Guru Posts: 1,277

    I didn't read anything about trying Safe Mode. I'd try running AS in Safe Mode and see if they complete. Also, check the Startup list in MS System Configuration Utility for obvious spyware programs.

    Repost with results.

    -- Andy
     
  5. howmuch

    howmuch TS Rookie Topic Starter

    What is AS? I will tr it and I will try Combofix, but don't want to do it without instruction.
     
  6. Jawshh

    Jawshh TS Enthusiast Posts: 392

    AS= Antivirus . Can you attach an HJT log here?
     
  7. howmuch

    howmuch TS Rookie Topic Starter

    My antivirus will run but does not detect anything. I am running McAfee. Should I try running a different antivirus? HJT will run for a few seconds and then is shut down. Then it will not open unless I go into program files and change the security permissions. The malware changes the security permissions to "everyone".
     
  8. Jawshh

    Jawshh TS Enthusiast Posts: 392

    Ok. First run http://www.kaspersky.com/virusscanner if you cant the follow:

    Boot into safe mode and run malwarebytes,superantispyware and mcafee. then type "msconfig" without quotes in run box. Uncheck "load startup items"(check Attachment) and then reboot to normal mode and try HJT.
     
  9. almcneil

    almcneil TS Guru Posts: 1,277

    AS = Anti-Spyware
    AV = Anti-Virus

    -- Andy
     
  10. howmuch

    howmuch TS Rookie Topic Starter

    I have run spybot S&D and spyware doctor. They did not find it.
     
  11. howmuch

    howmuch TS Rookie Topic Starter

    No dice. It still shuts down HJT. Kapersky did not find anything.
     
  12. almcneil

    almcneil TS Guru Posts: 1,277

    You wrote initially you couldnot get Malwarebytes or SuperAntipsyware to run in Normal Mode. Have you tried them in Safe Mode? If not, try them next. if you have, we're running out of options. Looks like you might have to re-install Windows.

    Repost with results or answers please.

    -- Andy
     
  13. howmuch

    howmuch TS Rookie Topic Starter

     
  14. howmuch

    howmuch TS Rookie Topic Starter

    SuperAntipsyware will run once after it is installed, but then it will not run again. It found some trojans the first time but now it does not find anything.
     
  15. Jawshh

    Jawshh TS Enthusiast Posts: 392

    run rootkit scan with kaspersky.
     
  16. almcneil

    almcneil TS Guru Posts: 1,277

    Sorry howmuch, but at this point I'm recommending you re-install Windows. It's guaranteed to work and we can do without reformatting so your personal files will not be touched. But you will need to re-install device drivers and programs.

    Repost if you want to try this.

    -- Andy
     
  17. howmuch

    howmuch TS Rookie Topic Starter

    Will re-installing windows get rid of the malware?
     
  18. almcneil

    almcneil TS Guru Posts: 1,277

    For the most part, yes, it will get rid of the malware. When you re-install Windows, you get a new registry. If the programs are not in the registery, they cannot run (with one exception) Now there is one type of spyware I have encounter that is "sneaky" as it hides in your personal files and re-installs when you go restore your personal files from backup. But by far the majority are not like that. Simply re-installing Windows wipes them out.

    The real downside to re-installing Windows is you are then forced to re-install all yhour programs and some device drivers. So you need to find all your installation CDs and/or download installation programs from the Internet all over again.

    -- Andy
     
  19. Tmagic650

    Tmagic650 TS Ambassador Posts: 17,244   +234

    Just to make sure you are clean always delete the old partition and format before you reinstall Windows
     
  20. Jawshh

    Jawshh TS Enthusiast Posts: 392

  21. Jawshh

    Jawshh TS Enthusiast Posts: 392

  22. Tmagic650

    Tmagic650 TS Ambassador Posts: 17,244   +234

    "make sure you download and save all the malware equipment you'll need"...

    Do you mean to say " download and install all the antimalware software you'll need?"...
     
  23. Jawshh

    Jawshh TS Enthusiast Posts: 392



    lol. Yea:haha: install and save the setup files also. In case they don't run.
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...