We help IT Professionals succeed at work.

malware/virus causes error 50

mdsmith52
mdsmith52 asked
on
cannot reinstall trend micro , installed avg on update error 50, malware malbytes was deleted during first scan, super antispyware did not complete first scan
Comment
Watch Question

Odd. I had a nasty malware one time. I ended up pulling out the HDD, slaving it to a second PC, and running malware bytes on it to clean it out. If you have a second PC you can do this (or add the HDD to an external case). The OS is probably infected. You can try booting in safe mode, installing malware bytes and running the check again. But this one sounds nasty to me.
Author of the Year 2011
Top Expert 2006
Commented:
Many current malware variants require that you install and run a 'rogue process stopper' before your scanner will work.

Read the details here:
Stop-the-Bleeding-First-Aid-for-Malware
Rogue-Killer-What-a-great-name

"Slave" and "Safe Mode" scans were common at one time, but there are several reasons to not use them any longer.

Details here:
Malware Fighting – Best Practices
If your OS is trashed there is a way to do a noreformat reinstall of Windows.  I'll post a link tomorrow.
Top Expert 2007

Commented:
Not much info here so we need more info.

When the PC is already infected, you would have trouble installing an antivirus so it is easier to install a scanner that gets rid of the infection or at least de-activate it.
I wouldn't think of installing an antivirus right now when the system is already infected, just try and clean the infection using other scanners and then once the system is clean you can inslall an antivirus.

MalwareBytes was deleted during first scan? Do you mean it stopped scanning?


What other scanners have you tried cleaning the system?

Try TDSSkiller and combofix
http://support.kaspersky.com/viruses/solutions?qid=208280684


If the problem persists, download ComboFix and post thelog for us to check.
http://download.bleepingcomputer.com/sUBs/ComboFix.exe


You need to STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.
Double click combofix.exe & follow the prompts.
When finished, it will produce a log. Please save that log and attach it in your next reply.
Re-enable all the programs that were disabled during the running of ComboFix..

Note:
Do not mouse-click combofix's window while it is running. That may cause it to stall.
CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.


If needed, here's the Combofix tutorial which includes the installation of the Recovery Console:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Author

Commented:
I tried rkill and it stopped one process. no change. I found a service called 4121245218:3720960522.exe running, but was unable to kill it in task mgr. The process is not in the startup or in the registry.

Author

Commented:
I was able to find the process 4121245218:3720960522.exe in the registry. It was located Hkey_Local_Machine\system\controlset 002\services\2236a5f5. I removed the key and after restart the process respawned.
Here is the link for a non reformat rebuild of windows:

http://www.informationweek.com/news/windows/operatingsystems/189400897
Sudeep SharmaTechnical Designer

Commented:
@mdsmith52,

Did you follow the advice from Younghv and RPG?

Did you tried running Rogue Killer and MalwareBytes immeditely before rebooting?

Also did you tried, TDSSKIller and Combofix?

Please do provide the logs once  you ran those tools, all under Normal Mode.

Sudeep

Author

Commented:
malware bytes wants to reboot after upgrade. i did not run malware bytes after removing the registry keys