a virus ate my malwarebytes
 

... i think i'm pretty much fucked... :(

... computer AIDS... went straight for the immune system... anyone want to have unprotected cybersex?

:(...help, anybody?


i have hijack this, but i don't know how to use it...

Details usually help.

during reboot, it either replaces the file mbam.exe (malwarebytes anti-malware) with a spurious file, or removes it altogether...

reinstalling malwarebytes will reach close to the end of the process and then spit out the following error:

Unable to execute file:
C:\Program Files\Malwabytes' Anti-Malware\mbam.exe

CreateProcess failed; code 2.
The system cannot find the file specified.

i thot you were a macaholic and macs didn't have viruses?

i feel deceived...

if you can decode the details:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:23:10 PM, on 10/9/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\program_util\mozilla firefox\firefox.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\system32\hasplms.exe
C:\program_util\Nero 7\InCD\InCDsrv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\program_util\McAfee\VirusScan Enterprise\EngineServer.exe
C:\program_util\McAfee\Common Framework\FrameworkService.exe
C:\program_util\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\WINDOWS\system32\mfevtps.exe
C:\Program Files\Linksys\Wireless-G Notebook Adapter\NICServ.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\program_util\McAfee\VirusScan Enterprise\Mcshield.exe
C:\program_util\McAfee\VirusScan Enterprise\ShStat.exe
C:\DOCUME~1\ALLUSE~1\APPLIC~1\69194130\69194130.ex e
C:\WINDOWS\system32\ctfmon.exe
C:\program_util\Trend Micro\HijackThis\HijackThis.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [luzanonol] Rundll32.exe "c:\windows\system32\revesele.dll",a
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O20 - AppInit_DLLs: c:\windows\system32\revesele.dll,fiyamepe.dll
O21 - SSODL: miyelugaw - {f7a7021d-ee1d-49e8-a3d0-0e2c7f8bdd2b} - c:\windows\system32\revesele.dll
O22 - SharedTaskScheduler: gahurihor - {f7a7021d-ee1d-49e8-a3d0-0e2c7f8bdd2b} - c:\windows\system32\revesele.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762# # (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: HASP License Manager (hasplms) - Aladdin Knowledge Systems Ltd. - C:\WINDOWS\system32\hasplms.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\program_util\Nero 7\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: McAfee Engine Service (McAfeeEngineService) - McAfee, Inc. - C:\program_util\McAfee\VirusScan Enterprise\EngineServer.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\program_util\McAfee\Common Framework\FrameworkService.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\program_util\McAfee\VirusScan Enterprise\Mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\program_util\McAfee\VirusScan Enterprise\VsTskMgr.exe
O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - McAfee, Inc. - C:\WINDOWS\system32\mfevtps.exe
O23 - Service: NBService - Nero AG - C:\program_util\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NICSer_WPC54G - Unknown owner - C:\Program Files\Linksys\Wireless-G Notebook Adapter\NICServ.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

Ah, malwarebytes is a bit of software. Without doing the usual googling (Googling problems is your friend) I would suggest that it's probably worth trying a different anti-virus to interrogate the problem. AVG or one of the other free ones. I don't really know. Google it.

throw your computer out of a window.

mcafee could be doing it.

C:\DOCUME~1\ALLUSE~1\APPLIC~1\69194130\69194130.ex e would be something I'd look at too.

do you know what it is? I don't trust numbered .exe files or .exe's that load from documents and settings.

ps: macs don't have folders called "documents and settings". :p

ps: try booting up in safe-mode first.

just believe floatz

yes... i have tried removing that several times with Hijack This... but a number of things keep reappearing after i "fix" them. most ominously:

O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent

which i figure is responsible for killing my anti-virus software...

god, i hate computers.

first, try to uninstall malwarebytes.

install spybot s&d and adaware (free). start them and update them (but don't scan).

unplug yr modem after you've updated them both.

boot up in safe mode (for xp-based it can usually be done by hitting the F8 key right after bios loads).

select the setting with limited drivers.

go to C:\Program Files\ and delete the entire folder \Malwarebytes' Anti-Malware folder (if it still exists).

go to C:\documents and settings1\allusers\applications.. and delete \69194130

NOTE: look inside the folder and make sure it's not something you really want to keep. I doubt it, but check just in case.

empty to the recycle bin.

now, run spybot s&d and adaware.

if yr machine is up to it, you can try running both at once, but that can bog you down if the pc can't handle it.

http://www.safer-networking.org/index2.html <- spybot s&d
http://www.lavasoft.com/ <- adaware

take 2 pills and call me in the morning.

This is highly dubious too :

O20 - AppInit_DLLs: c:\windows\system32\revesele.dll,fiyamepe.dll
O21 - SSODL: miyelugaw - {f7a7021d-ee1d-49e8-a3d0-0e2c7f8bdd2b} - c:\windows\system32\revesele.dll
O22 - SharedTaskScheduler: gahurihor - {f7a7021d-ee1d-49e8-a3d0-0e2c7f8bdd2b} - c:\windows\system32\revesele.dll

Do a scan of your hard drives with Stinger and then Housecall, and give us the scan results.

Hey there

not to sound like a smart ass, but GUI does usually stand for graphic user interface, possibly whatever sits in the system tray. Are you sure that mbam.exe and mbamgui.exe are not fine and both part of the same program?

What exactly did you find wrong before you started trying to "fix" things, as you put it?

I had the same problem actually and atsonicpark just told me to rename the .exe file.

I just found I had a similar problem and now I can't connect to the internet.

....you are right... it does not sound like a malicious file. what went wrong was that i got hit with a browser hijacker and a flood of pop-ups. so i tried to remove them with the program that i use to remove browser hijackers (malwarebytes anti-malware) only to find that it would not run and in fact had been removed from my computer.


floating and torn, thanks for the help... i will follow the instructions when i have a little more time.

well, anything that you do should be done in rebooted safe-mode. it helps prevent trojans from reinstalling payloads before you delete them.

ps: get a Mac.

i never got any of this shit in my pc days. "browser hijacker"? for fucks sakes...

actually i still have a pc that runs fine.

i don't know what people do with their machines.

--

ps- nice helmet there, birdman

I never get it either. girlgun used to, though (pre-Mac).

every other month, she'd call me at work, crying "the computer is brokeeeeeeennn".

I just shrug and fix it.

you're a saint

or a buddha.

and for the record, i do fear my mac getting fucked some day by unexpected shit we're completely unprepared for, kinda like the 12 colonies on the day the cylons attacked.

scan with prevx csi and write down the red files (you have to pay to have it take care of them)
put the hijackthis log here
http://www.hijackthis.de/en

and see what it says

manually delete red files from prevx scan
use wholockme to check and kill al processes running that makes it impossible to manually delete the malicious files

when you delete them rerun prevx csi and check if it passes

reboot
try to uninstall malwarebytes
reinstall it
send me 374$ via paypal
retry hijack this and recheck the report
send 374$ more if you still have problems.
today I got hit by a fuckin' motorcycle.

heres an idea-- why not back up all important documents, do a clean install, run a simple antivirus, and avoid warez?

perhaps it's the universe's way of telling you not to neg rep me anymore.

you have no idea what you started, cosmically speaking.

ohm

oh shit i didn't spot the accident amid the instructions

are you alright? was it a hot girl who is now indebted to you and will do anything to keep you from calling the cops?

anyway, found this shit that likely still applies:

http://www.pcstats.com/articleview.cfm?articleID=1579

gotta go... i need drugs and the board is on a respirator at this hour anyway

your machine is infected with a variant of the russian trojan vundo.

here,
http://vundofix.atribune.org/

the spirit of the unicorn is strong with this one.

I'm extremely confused as to why people don't use protection against computer aids.

we'll see....BWAHAHAHAHA



ah, nothing too worrying, a stupid biker turned right and hit me (I was on my bicycle) while trying to avoid a car which slowed down for no apparent reason.
I fell on my fuckin' chin, lemme tell ya, beard and blood is a real mess, but I'm ok, not even need for stitches. I guess the damage to his (motor)bike is enough of a revenge, plus I'm not 100% sure whose fault it is...

enuff with my life, time to collect those 748 dollars.

...

Hahaha.

Shouldn't you be in the woods?

I returned!

I've been gone for 2 days!