[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 459
  • Last Modified:

My XP computer was infected with spyware and malware

after I cleaned it with malwarebytes, it worked ok for 2days and now what it does is the internet explorer doesn't open but after I reboot if works fine for a day and then the next day it stops responding again. I tried to run malwarebytes again and I get a pop up that says this:

c:\program files\malwabytes' anti-malware\mbam.exe
windows cannot access the specific device, path or file. you may not have the appropiate permissions to access the item

i'm logged in as admin.

please help me
0
frankbustos
Asked:
frankbustos
  • 5
  • 4
  • 3
  • +4
1 Solution
 
MtnChickCommented:
Have you tried running Malwarebytes from safe mode?  That is what I would try next.
0
 
Sudeep SharmaTechnical DesignerCommented:
Go to :

c:\program files\malwabytes' anti-malware

and check if you could find it there (mbam.exe)

If not then probably you would have uninstalled it accidentally or it might have be removed or disabled by some nasty malware or virus.

Further you should not run the program and tools in safe mode, you should run them in Normal Mode

I also suggest to go through the following articles before cleanup

Run Rogue Killer before MalwareBytes without any reboot in between.

http://www.experts-exchange.com/A_4922.html (Rogue-Killer-What-a-great-name)
http://www.experts-exchange.com/A_5124.html (Stop-the-Bleeding-First-Aid-for-Malware)
http://www.experts-exchange.com/A_1940.html (Basic Malware Troubleshooting)

I hope that would help.

Sudeep
0
 
peter197911Commented:
Advice: If you're really sure it was infected, and problems like non working anti-malware programs show up   -----> reinstall Windows.

Backup Documents / Favorites / etc etc .....

Cleaning infected/ half broken systems sucks.
If you're really attached with you're XP install, download hirens.info cd and run some of the free malware tools in the Minixp environment.h..


But still.. reisntall is the best option
0
Cyber Threats to Small Businesses (Part 1)

This past May, Webroot surveyed more than 600 IT decision-makers at medium-sized companies to see how these small businesses perceived new threats facing their organizations.  Read what Webroot CISO, Gary Hayslip, has to say about the survey in part 1 of this 2-part blog series.

 
Thomas Zucker-ScharffSystems AnalystCommented:
A couple of questions first:

Is your computer running an Award BIOS?  If so, you may have the nasty BIOS rootkit that pretty much means replacing the BIOS chip.  Also take a gander at my article on rootkits and reviews of the tools to treat them (http://www.experts-exchange.com/Virus_and_Spyware/Anti-Virus/A_2245-Anti-rootkit-software.html).  SSharma's suggestions are sound, especially about RogueKiller.  

But before you go crazy, have you tried doing a system restore.  I ran into a similar problem and found that the user had not tried System Restore yet.  Once they did they back up and running in no time.

Check out these articles on System Restore:

http://www.experts-exchange.com/Software/Internet_Email/Anti-Virus/A_1934-Viruses-in-the-System-Volume-Information-System-Restore.html
http://www.experts-exchange.com/OS/Microsoft_Operating_Systems/Windows/XP/A_2209-Removing-protected-System-Restore-files-if-they-have-been-infected.html

It is important you DO NOT remove your system restore files until you have your machine back up and running properly.
0
 
willcompCommented:
Appears that you still have the TDSS root kit. Download and run TDSSKiller.
http://support.kaspersky.com/faq/?qid=208283363

After removing TDSS, post back if you are still having problems opening programs -- including MBAM.
0
 
frankbustosAuthor Commented:
willcomp,

  I ran TDSSKiller and it let me install re-install malwarebytes and i'm running a scan now but it didn't allow my system to get an ip address from dhcp, I had to put in a static manually???? so far malwarebytes have found 8 threats and still scanning.
0
 
willcompCommented:
After MBAM completes, you can use Rogue Killer to undo some changes made by the malware.
http://www.experts-exchange.com/Virus_and_Spyware/Anti-Virus/A_4922-Rogue-Killer-What-a-great-name.html?sfQueryTermInfo=1+30+killer+rogu
0
 
frankbustosAuthor Commented:
I ran rogue and same problem. I can browse Internet but can't get to any map drives on the network. If I select dhcp to get an ip, it jut spins and spins.
0
 
Thomas Zucker-ScharffSystems AnalystCommented:
Did you check your hosts file? (windows/system32/drivers/etc)
0
 
frankbustosAuthor Commented:
yes, I did and the host file looks ok. I'm about to format this thing, i've spent way too much time on it. I can't believe there is nothing out there to clean this and avoid formatting!! this spyware/malware/trojan, virus crap stinks!!
0
 
Thomas Zucker-ScharffSystems AnalystCommented:
Have backed up?  Have you tried using Ubuntu?  If you tried everything, including all the suggestions on this page, a clean install may be in order.  Do make sure you are not using an Award Bios first though.  If you are you can reinstall Windows and if you have the BIOS rootkit it will reinfect the new install.  In that case you need a new BIOS chip.
0
 
frankbustosAuthor Commented:
no, I haven't tried abuntu...what is that and where do I find it? yes, I have backup the data and i'm not using award bios.
0
 
Julian HernandezProject ManagerCommented:
Ubuntu is Just another Operating System Like XP
for more info go here
http://www.ubuntu.com/ 
0
 
Thomas Zucker-ScharffSystems AnalystCommented:
I use SARDU to create a bootable USB or DVD with all the necessary tools.  It is easy to use and has all the links you need with the click of a button.  Try it here:http://www.sarducd.it/downloads.html.  You can also read my article about it here: http://www.experts-exchange.com/Storage/Misc/A_3038-Boot-Disks-UBCD-UBCD4Win-and-SARDU.html

Note that the article refers to the previous version of SARDU, so everything is actually easier.
0
 
willcompCommented:
Before nuking the disk, run ComboFix. If it doesn't clear the problem(s), then best option is probably a clean install. We've apparently gotten it relatively clean but something is still present. ComboFix will remove malware and root kits that MBAM will not. Follow instructions in link.
http://www.bleepingcomputer.com/combofix/how-to-use-combofix
0
 
frankbustosAuthor Commented:
thanks everyone for your help, but at the end a clean install was my only option. Not even combofix helped or anything. I just formatted the drive and installed XP and restore my data.
0

Featured Post

A Cyber Security RX to Protect Your Organization

Join us on December 13th for a webinar to learn how medical providers can defend against malware with a cyber security "Rx" that supports a healthy technology adoption plan for every healthcare organization.

  • 5
  • 4
  • 3
  • +4
Tackle projects and never again get stuck behind a technical roadblock.
Join Now