frankbustos
asked on
My XP computer was infected with spyware and malware
after I cleaned it with malwarebytes, it worked ok for 2days and now what it does is the internet explorer doesn't open but after I reboot if works fine for a day and then the next day it stops responding again. I tried to run malwarebytes again and I get a pop up that says this:
c:\program files\malwabytes' anti-malware\mbam.exe
windows cannot access the specific device, path or file. you may not have the appropiate permissions to access the item
i'm logged in as admin.
please help me
c:\program files\malwabytes' anti-malware\mbam.exe
windows cannot access the specific device, path or file. you may not have the appropiate permissions to access the item
i'm logged in as admin.
please help me
Have you tried running Malwarebytes from safe mode? That is what I would try next.
Go to :
c:\program files\malwabytes' anti-malware
and check if you could find it there (mbam.exe)
If not then probably you would have uninstalled it accidentally or it might have be removed or disabled by some nasty malware or virus.
Further you should not run the program and tools in safe mode, you should run them in Normal Mode
I also suggest to go through the following articles before cleanup
Run Rogue Killer before MalwareBytes without any reboot in between.
https://www.experts-exchange.com/A_4922.html (Rogue-Killer-What-a-great -name)
https://www.experts-exchange.com/A_5124.html (Stop-the-Bleeding-First-A id-for-Mal ware)
https://www.experts-exchange.com/A_1940.html (Basic Malware Troubleshooting)
I hope that would help.
Sudeep
c:\program files\malwabytes' anti-malware
and check if you could find it there (mbam.exe)
If not then probably you would have uninstalled it accidentally or it might have be removed or disabled by some nasty malware or virus.
Further you should not run the program and tools in safe mode, you should run them in Normal Mode
I also suggest to go through the following articles before cleanup
Run Rogue Killer before MalwareBytes without any reboot in between.
https://www.experts-exchange.com/A_4922.html (Rogue-Killer-What-a-great
https://www.experts-exchange.com/A_5124.html (Stop-the-Bleeding-First-A
https://www.experts-exchange.com/A_1940.html (Basic Malware Troubleshooting)
I hope that would help.
Sudeep
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
A couple of questions first:
Is your computer running an Award BIOS? If so, you may have the nasty BIOS rootkit that pretty much means replacing the BIOS chip. Also take a gander at my article on rootkits and reviews of the tools to treat them (https://www.experts-exchange.com/Virus_and_Spyware/Anti-Virus/A_2245-Anti-rootkit-software.html). SSharma's suggestions are sound, especially about RogueKiller.
But before you go crazy, have you tried doing a system restore. I ran into a similar problem and found that the user had not tried System Restore yet. Once they did they back up and running in no time.
Check out these articles on System Restore:
https://www.experts-exchange.com/Software/Internet_Email/Anti-Virus/A_1934-Viruses-in-the-System-Volume-Information-System-Restore.html
https://www.experts-exchange.com/OS/Microsoft_Operating_Systems/Windows/XP/A_2209-Removing-protected-System-Restore-files-if-they-have-been-infected.html
It is important you DO NOT remove your system restore files until you have your machine back up and running properly.
Is your computer running an Award BIOS? If so, you may have the nasty BIOS rootkit that pretty much means replacing the BIOS chip. Also take a gander at my article on rootkits and reviews of the tools to treat them (https://www.experts-exchange.com/Virus_and_Spyware/Anti-Virus/A_2245-Anti-rootkit-software.html). SSharma's suggestions are sound, especially about RogueKiller.
But before you go crazy, have you tried doing a system restore. I ran into a similar problem and found that the user had not tried System Restore yet. Once they did they back up and running in no time.
Check out these articles on System Restore:
https://www.experts-exchange.com/Software/Internet_Email/Anti-Virus/A_1934-Viruses-in-the-System-Volume-Information-System-Restore.html
https://www.experts-exchange.com/OS/Microsoft_Operating_Systems/Windows/XP/A_2209-Removing-protected-System-Restore-files-if-they-have-been-infected.html
It is important you DO NOT remove your system restore files until you have your machine back up and running properly.
Appears that you still have the TDSS root kit. Download and run TDSSKiller.
http://support.kaspersky.com/faq/?qid=208283363
After removing TDSS, post back if you are still having problems opening programs -- including MBAM.
http://support.kaspersky.com/faq/?qid=208283363
After removing TDSS, post back if you are still having problems opening programs -- including MBAM.
ASKER
willcomp,
I ran TDSSKiller and it let me install re-install malwarebytes and i'm running a scan now but it didn't allow my system to get an ip address from dhcp, I had to put in a static manually???? so far malwarebytes have found 8 threats and still scanning.
I ran TDSSKiller and it let me install re-install malwarebytes and i'm running a scan now but it didn't allow my system to get an ip address from dhcp, I had to put in a static manually???? so far malwarebytes have found 8 threats and still scanning.
After MBAM completes, you can use Rogue Killer to undo some changes made by the malware.
https://www.experts-exchange.com/Virus_and_Spyware/Anti-Virus/A_4922-Rogue-Killer-What-a-great-name.html?sfQueryTermInfo=1+30+killer+rogu
https://www.experts-exchange.com/Virus_and_Spyware/Anti-Virus/A_4922-Rogue-Killer-What-a-great-name.html?sfQueryTermInfo=1+30+killer+rogu
ASKER
I ran rogue and same problem. I can browse Internet but can't get to any map drives on the network. If I select dhcp to get an ip, it jut spins and spins.
Did you check your hosts file? (windows/system32/drivers/ etc)
ASKER
yes, I did and the host file looks ok. I'm about to format this thing, i've spent way too much time on it. I can't believe there is nothing out there to clean this and avoid formatting!! this spyware/malware/trojan, virus crap stinks!!
Have backed up? Have you tried using Ubuntu? If you tried everything, including all the suggestions on this page, a clean install may be in order. Do make sure you are not using an Award Bios first though. If you are you can reinstall Windows and if you have the BIOS rootkit it will reinfect the new install. In that case you need a new BIOS chip.
ASKER
no, I haven't tried abuntu...what is that and where do I find it? yes, I have backup the data and i'm not using award bios.
I use SARDU to create a bootable USB or DVD with all the necessary tools. It is easy to use and has all the links you need with the click of a button. Try it here:http://www.sarducd.it/downloads.html. You can also read my article about it here: https://www.experts-exchange.com/Storage/Misc/A_3038-Boot-Disks-UBCD-UBCD4Win-and-SARDU.html
Note that the article refers to the previous version of SARDU, so everything is actually easier.
Note that the article refers to the previous version of SARDU, so everything is actually easier.
Before nuking the disk, run ComboFix. If it doesn't clear the problem(s), then best option is probably a clean install. We've apparently gotten it relatively clean but something is still present. ComboFix will remove malware and root kits that MBAM will not. Follow instructions in link.
http://www.bleepingcomputer.com/combofix/how-to-use-combofix
http://www.bleepingcomputer.com/combofix/how-to-use-combofix
ASKER
thanks everyone for your help, but at the end a clean install was my only option. Not even combofix helped or anything. I just formatted the drive and installed XP and restore my data.