TechSpot

Malware appears to be stopping MalwareBytes being able to run

Resolved
By PatrickH
Jun 6, 2012
Topic Status:
Not open for further replies.
  1. Hi. I would be grateful for any help.

    I am attempting to follow the 5-step-viruses-spyware-malware-preliminary-removal-instructions listed.

    Before I can start the process, one of the first things stated to perform is the quick scan using Malware Bytes. This I have attempted to do but it keeps crashing.

    I did perform full scan yesterday prior to seeing this thread and am not sure on best way forward, as in, cut & paste yesterdays MBAM log into this thread and move on to GMER or if I need run quick scan again. If I need to do quick scan how I do get past the crashing. Note I also ran avast scan yesterday prior to being aware of this thread.

    The error report content for the crash does not allow me to cut & paste or I would have placed into this thread.

    Any suggestions would be gratefully received. Patrick.
     
  2. PatrickH

    PatrickH TS Rookie Topic Starter

    Finally got Malware to run, here's report, of to do GMER, back soon.

    Malwarebytes Anti-Malware (Trial) 1.61.0.1400
    www.malwarebytes.org

    Database version: v2012.06.06.01

    Windows XP Service Pack 3 x86 NTFS
    Internet Explorer 8.0.6001.18702
    pat :: PC06 [administrator]

    Protection: Disabled

    06/06/2012 15:03:29
    mbam-log-2012-06-06 (15-03-29).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 436624
    Time elapsed: 18 minute(s), 54 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 1
    C:\Documents and Settings\Pat\Desktop\SmartSupportB.exe (PUP.Radmin) -> Quarantined and deleted successfully.

    (end)
     
  3. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    Keep going Patrick. I'll review all of the logs after you get them in.

    Question: Did you intentionally download a program recently to get remote support?
    =========================================
    My Guidelines: please read and follow:
    • Be patient. Malware cleaning takes time. I am also working with other members while I am helping you.
    • Read my instructions carefully. If you don't understand or have a problem, ask me. Follow the order of the tasks I give you. Order is crucial in cleaning process.
    • If you have questions, or if a program doesn't work, stop and tell me about it. Don't try to get around it yourself.
    • File sharing programs should be uninstalled or disabled during the cleaning process..
    • Observe these:
      [o] Don't follow directions given to someone else
      [o] Don't use any other cleaning programs or scans while I'm helping you.
      [o] Don't use a Registry cleaner or make any changes in the Registry.
      [o] Don't download and install new programs- except those I give you.
    Threads are closed after 5 days if there is no reply.
     
  4. PatrickH

    PatrickH TS Rookie Topic Starter

    Hi. I t has taken from my post of earlier until now for GMER to run. My machine crashed again. The windows error reports reads...

    C:\DOCUME~1\Pat\LOCALS~1\Temp\WER3d16.dir00\Mini060612-01.dmp
    C:\DOCUME~1\Pat\LOCALS~1\Temp\WER3d16.dir00\sysdata.xml

    Along with...

    BCCode : 1000008e BCP1 : C0000005 BCP2 : A77E8827 BCP3 : A74A15F8
    BCP4 : 00000000 OSVer : 5_1_2600 SP : 3_0 Product : 256_1

    Looking at the time elapsed of 5 hours to get to this point do I go again and potentially wait another 5 hours for another crash or wait for further advice?

    Many thanks for your input. Rgds, Patrick.
     
  5. PatrickH

    PatrickH TS Rookie Topic Starter

    Hi Bobbye

    I am not aware of any support software recently downloaded but I have done so in the post.

    I am now repeatedly getting a avast error message up regarding system32/ping.exe block. No sure if this is relevant.

    Rgds, Patrick
     
  6. PatrickH

    PatrickH TS Rookie Topic Starter

    On opening GMER again I have this text. The last line of this text is where it previously had an issue when I last checked it before the crash. Again, as per my comments above, system 32/ping.exe

    I know this is not complete but was wondering of you could point me in any direction to stop me running GMER again to then potentially wait another 5 hours for the next crash.

    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit quick scan 2012-06-06 21:00:20
    Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP4T0L0-7 Hitachi_HDS721616PLA380 rev.P22OAB3A
    Running: 60my2hnk.exe; Driver: C:\DOCUME~1\Pat\LOCALS~1\Temp\ugtdapow.sys

    ---- System - GMER 1.0.15 ----

    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateKey [0xA78C428E]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateValueKey [0xA78C40F9]

    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0xA7939D92]
    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject
    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject

    ---- Devices - GMER 1.0.15 ----

    Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software)

    AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)
    AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
    AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
    AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
    AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
    AttachedDevice \Driver\Tcpip \Device\Tcp AswRdr.SYS (avast! TDI Redirect Driver/AVAST Software)
    AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
    AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
    AttachedDevice \Driver\Tcpip \Device\Udp AswRdr.SYS (avast! TDI Redirect Driver/AVAST Software)
    AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
    AttachedDevice \Driver\Tcpip \Device\RawIp AswRdr.SYS (avast! TDI Redirect Driver/AVAST Software)
    AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

    ---- Processes - GMER 1.0.15 ----

    Process C:\WINDOWS\system32\ping.exe (*** hidden *** ) 3560

    ---- EOF - GMER 1.0.15 ----
     
  7. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    Leave GMER and go on to DDS please. Leave those 2 logs for review.
     
  8. PatrickH

    PatrickH TS Rookie Topic Starter

    My terminal died, keyboard and mouse both non responsive so ended up doing a partial windows re-install and this appears to have resolved the problem. GMER I simply could not get to run at all. Thanks for your help all the same.
     
  9. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    Thank you for the update.
     
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.