Viruses that stop Malwarebytes' last step

[RegEdit]

The newest thing that viruses do is after Malwarebytes scans and detects viruses, then you click "next" and the program closes, never giving you the opportunity to remove them. Is there a common fix for this OR do you have to try using an AV Rescue CD?

[Thedog]

Quote:

Originally Posted by RegEdit

The newest thing that viruses do is after Malwarebytes scans and detects viruses, then you click "next" and the program closes, never giving you the opportunity to remove them. Is there a common fix for this OR do you have to try using an AV Rescue CD?

Try using combofix instead. Since it is a "no install" software you can download the file combofix and just rename it to anything and run it, for example HPUPDATE.exe or whatever. Another way would be to look at the things MBAM found and manually remove them.

[RegEdit]

There's got to be a registry fix, a file association fix... something. I really wish I knew what was shutting down the program. One of the viruses prompts the user to uninstall Malwarebytes, so the authors have specifically targeting it.

Interestingly I was able to install and run SuperAntiSpyware, then remove the malware it found no problem. SuperAntiSpyware only found about 1/10th the malware that Malwarebytes found though.

UPDATE: Malwarebytes worked in safe mode.

Just curious... Can CombFix run in Safe Mode if there's no other choice?

[iisjman07]

I ran into this problem a while back and somehow the malware even stopped malwarebytes' removing the infections (like you say) even when I renamed mbam.exe. If I ever run into trouble removing something from inside the OS I just stop and slave the drive in another pc; it saves time usually.

[red12049]

Quote:

Originally Posted by RegEdit

There's got to be a registry fix, a file association fix... something. I really wish I knew what was shutting down the program. One of the viruses prompts the user to uninstall Malwarebytes, so the authors have specifically targeting it.

Interestingly I was able to install and run SuperAntiSpyware, then remove the malware it found no problem. SuperAntiSpyware only found about 1/10th the malware that Malwarebytes found though.

UPDATE: Malwarebytes worked in safe mode.

Just curious... Can CombFix run in Safe Mode if there's no other choice?

Combofix will run in safe mode, if the virus doesn't prevent Windows from starting in safe mode. Many bugs do.

What I've found to be VERY effective and quick is to boot to the UBCD4WIN, and use registry restore to go back to before the virus infected the machine. When that is done and you reboot into Windows, the virus/rogue doesn't start, and you can use your tools to clean it much easier.

If the virus has removed the system restore points, then EZPCFIX to pull out the starting entries.

Rick

[Hercomputers]

After Malwarebytes detects and finds the virus, all the files show up in box with a green check mark in front it. There is a button at the bottom to the left that says 'Remove Selected' you choose this, you are prompted to reboot the computer to complete the removal and that should take care it. I
actually had to do this last nite on a old desktop I working on and it after the reboot, those infected entries were gone.

And about Combo Fix, it can run in safe mode.

[Galdorf]

I have seen this one twice it disables booting into safemode when you run malwarebytes it allows you to scan all the way but when you go to remove it terminates the program, it will not allow you to run combofix it deletes the batch files it creates.
It has 2 rootkits tdss rustock variant and aleuron variant with 4 watchers and uses the new tdss exploit so both are undetectable unless you boot from cd or slave to another machine.
This one is nasty to remove best to slave it and run av,asquared,malwarebytes on it don't waste time trying to clean it while in the OS both rootkits hide each other rootkit scanners find nothing i tried them ALL 30 different ones.
It even prevents autoruns from deleting or changing anything even if you run rkill or returner in the infected OS this thing is a nightmare to remove.

[Xander]

Why not open MBAM's log file and remove what it found manually then?
At that point, it's done all the hard work for you.

[vdub12]

Quote:

Originally Posted by RegEdit

There's got to be a registry fix, a file association fix... something. I really wish I knew what was shutting down the program. One of the viruses prompts the user to uninstall Malwarebytes, so the authors have specifically targeting it.

Interestingly I was able to install and run SuperAntiSpyware, then remove the malware it found no problem. SuperAntiSpyware only found about 1/10th the malware that Malwarebytes found though.

UPDATE: Malwarebytes worked in safe mode.

Just curious... Can CombFix run in Safe Mode if there's no other choice?

Why are so many people dependent on scanners. Its so much faster just removing the virus manually. Why wait an hour or more for a scanner to finish if you can identify the virus and remove it.

[Xander]

Quote:

Originally Posted by RegEdit

Interestingly I was able to install and run SuperAntiSpyware

Any reason you're not running the portable version? Once you've bought the Tech's License, it's legit to run it (or the full version for that matter) on any customer's system as part of your cleanup.