Resolved Malware appears to be stopping MalwareBytes being able to run

Status
Not open for further replies.

PatrickH

Posts: 6   +0
Hi. I would be grateful for any help.

I am attempting to follow the 5-step-viruses-spyware-malware-preliminary-removal-instructions listed.

Before I can start the process, one of the first things stated to perform is the quick scan using Malware Bytes. This I have attempted to do but it keeps crashing.

I did perform full scan yesterday prior to seeing this thread and am not sure on best way forward, as in, cut & paste yesterdays MBAM log into this thread and move on to GMER or if I need run quick scan again. If I need to do quick scan how I do get past the crashing. Note I also ran avast scan yesterday prior to being aware of this thread.

The error report content for the crash does not allow me to cut & paste or I would have placed into this thread.

Any suggestions would be gratefully received. Patrick.
 
Finally got Malware to run, here's report, of to do GMER, back soon.

Malwarebytes Anti-Malware (Trial) 1.61.0.1400
www.malwarebytes.org

Database version: v2012.06.06.01

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
pat :: PC06 [administrator]

Protection: Disabled

06/06/2012 15:03:29
mbam-log-2012-06-06 (15-03-29).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 436624
Time elapsed: 18 minute(s), 54 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Documents and Settings\Pat\Desktop\SmartSupportB.exe (PUP.Radmin) -> Quarantined and deleted successfully.

(end)
 
Keep going Patrick. I'll review all of the logs after you get them in.

Question: Did you intentionally download a program recently to get remote support?
=========================================
My Guidelines: please read and follow:
  • Be patient. Malware cleaning takes time. I am also working with other members while I am helping you.
  • Read my instructions carefully. If you don't understand or have a problem, ask me. Follow the order of the tasks I give you. Order is crucial in cleaning process.
  • If you have questions, or if a program doesn't work, stop and tell me about it. Don't try to get around it yourself.
  • File sharing programs should be uninstalled or disabled during the cleaning process..
  • Observe these:
    [o] Don't follow directions given to someone else
    [o] Don't use any other cleaning programs or scans while I'm helping you.
    [o] Don't use a Registry cleaner or make any changes in the Registry.
    [o] Don't download and install new programs- except those I give you.
Threads are closed after 5 days if there is no reply.
 
Hi. I t has taken from my post of earlier until now for GMER to run. My machine crashed again. The windows error reports reads...

C:\DOCUME~1\Pat\LOCALS~1\Temp\WER3d16.dir00\Mini060612-01.dmp
C:\DOCUME~1\Pat\LOCALS~1\Temp\WER3d16.dir00\sysdata.xml

Along with...

BCCode : 1000008e BCP1 : C0000005 BCP2 : A77E8827 BCP3 : A74A15F8
BCP4 : 00000000 OSVer : 5_1_2600 SP : 3_0 Product : 256_1

Looking at the time elapsed of 5 hours to get to this point do I go again and potentially wait another 5 hours for another crash or wait for further advice?

Many thanks for your input. Rgds, Patrick.
 
Hi Bobbye

I am not aware of any support software recently downloaded but I have done so in the post.

I am now repeatedly getting a avast error message up regarding system32/ping.exe block. No sure if this is relevant.

Rgds, Patrick
 
On opening GMER again I have this text. The last line of this text is where it previously had an issue when I last checked it before the crash. Again, as per my comments above, system 32/ping.exe

I know this is not complete but was wondering of you could point me in any direction to stop me running GMER again to then potentially wait another 5 hours for the next crash.

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit quick scan 2012-06-06 21:00:20
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP4T0L0-7 Hitachi_HDS721616PLA380 rev.P22OAB3A
Running: 60my2hnk.exe; Driver: C:\DOCUME~1\Pat\LOCALS~1\Temp\ugtdapow.sys

---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateKey [0xA78C428E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateValueKey [0xA78C40F9]

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0xA7939D92]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software)

AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Tcp AswRdr.SYS (avast! TDI Redirect Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Udp AswRdr.SYS (avast! TDI Redirect Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\RawIp AswRdr.SYS (avast! TDI Redirect Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

---- Processes - GMER 1.0.15 ----

Process C:\WINDOWS\system32\ping.exe (*** hidden *** ) 3560

---- EOF - GMER 1.0.15 ----
 
My terminal died, keyboard and mouse both non responsive so ended up doing a partial windows re-install and this appears to have resolved the problem. GMER I simply could not get to run at all. Thanks for your help all the same.
 
Status
Not open for further replies.
Back