[TheJoker]

How to run a scan with Malwarebytes' Anti-Malware

Download Malwarebytes' Anti-Malware from Here

Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  
• If an update is found, it will download and install the latest version.
  
• Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • If the program won't start, go to MBAM's program folder (normally C:\Program Files\Malwarebytes' Anti-Malware), rename mbam.exe to a random file name (keep the .exe extension) and double-click on it to start the program.
  
  
• The scan may take some time to finish,so please be patient.
  
• When the scan is complete, click OK, then Show Results to view the results.
  
• Make sure that everything is checked, and click Remove Selected.
  
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.

Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.


Troubleshooting MBAM Problems

Some malware targets Malwarebytes' Anti-Malware and other cleaning tools to prevent you from using them to clean your system.

Unable to Run MBAM

If you attempt to run the installer for MBAM and it won't run, or starts and closes, using Windows Explorer go to the folder you saved the install program and try renaming it to one of the following file names:

• iexplore.exe
  
• explorer.exe
  
• userinit.exe
  
• winlogon.exe
  
• mbam.scr

Then double-click on the renamed file to try to run it. If that doesn't work, try one of the other file names above. If you are still unable to run the MBAM installer, then download and run this program to try to kill the malware process:

Please download Rkill by Grinler from one of these links:

Rkill.exe
Rkill.com
Rkill.scr
Rkill.pif

Save rkill.exe to your Desktop.
Double-click on rkill.exe to run it.
If the first one does not run successfully, try the other copies and see if one of them will run.

Once the Rkill program has completed, then try again to run the MBAM installer.

Once you have installed MBAM, if you try to run the program and it won't start, it may still be targeted by malware. Try the same steps that you may have had to try to run the installer program. Using Windows Explorer, go to the folder that you installed MBAM and rename mbam.exe to one of the following file names:

• mbam.scr
  
• mbam.com
  
• iexplore.exe
  
• explorer.exe
  
• userinit.exe
  
• winlogon.exe

If you are still unable to run MBAM, Follow the same instructions in the box above to download and run Rkill, and after running it, see if you can run MBAM.

Unable to Update MBAM

Once you are able to start MBAM, if you receive an Error 732 when trying to update the program it could be because malware has changed your connection settings so that you are using a proxy server. To make sure your connection has not been set to use a proxy server, please do the following:
Go to Start > Settings > Control Panel > Internet Options > Tools Menu -> Internet Options -> Connections Tab ->Lan Settings > uncheck "use a proxy server" or reconfigure the Proxy server again in case you have set it previously.
In Firefox in Tools Menu -> Options... -> Advanced Tab -> Network Tab -> "Settings" under Connection.

If you are still unable to update MBAM, there are two other ways to update the program.

1. Download the updated rules as an installable file - download mbam-rules.exe and save it to a convenient location such as your Desktop and double-click on the program to run it, It will install an updated database for MBAM. After updating MBAM with mbam-rules.exe, run MBAM again, scan your system, and clean anything found.

2. The other way to update the program is more complicated, but will result in the very latest update (mbam-rules.exe isn't updated as often as the online updater). Download and install MBAM on an uninfected system, start the program, and update it. Then you can copy the database file (rules.ref) from the folder below and transfer it manually to the infected system. I would recommend burning the file to CD to transfer to the infected system. If you use a flash drive, it could potentially become infected when you insert it into the infected system and then infect any other system it's inserted into (please see this topic - USB/Flash Drive Safety). The database file (rules.ref) is found in the following folder:

• Windows XP: C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware
  
• Windows Vista/Windows 7: C:\Documents and Settings\Users\All Users\Malwarebytes\Malwarebytes' Anti-Malware

If you are unable to see the folder, you may need to reconfigure windows to allow you to see hidden files and folders:
http://www.microsoft...iddenfiles.mspx


More Detailed Troubleshooting Information

For more detailed information on troubleshooting MBAM, please see this topic at their website:
http://forums.malwar...showtopic=10138

This post has been edited by TheJoker: 10 April 2010 - 05:14 PM
Reason for edit: Added troubleshooting information

[minky]

Thank You! so very much I followed the advice you had given to someone else and managed to get rid of a rather nasty trojan, sbmntr.exe ....... hxxp://internetsearchservice.com.

I hasten to add that neither SpyBot Search & Control or NOD32 AntiVirus could actually get rid of it they managed to find it all right and remove it but it kept coming back & spybot even tried at a restart/windows login before anything acually loaded up but like a bad penny there it was again.

I have spent all day trying various things safe mode and a host of other programs & various methods that said they could get rid of it but none worked only yours.

I was just about to give up and format when I googled for internetseachservice and thank god I found you! just in time lol.......

I have just donated $10 as a thank you for the valuable help/time you and the others give in helping the misfortunates like myself........

My hubby who downloaded the trojan, also thanks you as well as he is no longer getting earache from me lol

kind regards

minky

This post has been edited by TheJoker: 09 May 2008 - 06:04 PM
Reason for edit: Active link disabled

[livenlife]

Thanks for another good tutorial Joker
I love all the help you guys provide and I can't wait until I can start helping
I have been studying daily for hours...
There is an amazing amount of tricks to the trade of bug killing

[Stoner81]

Thanks buddy I wont be so quick to get rid of the logs in future

[Killer_Klient]

Stoner81, on Jun 22 2009, 05:52 PM, said:

Thanks buddy I wont be so quick to get rid of the logs in future

It's worked great and managed to reomve the files but after one day they manged to get back in my pc and it's the same process again, any Ideas?.

[Budfred]

This isn't a help topic or a Malware Removal forum... MBAM is not able to handle every infection out there, so it is important to post in Malware Removal when it doesn't... Since you have already done that, the next step is to post the HijackThis log that was requested so that our helpers have enough information to help you...

[higherflier]

Saw this thread and the date of the post, couldn't find any other posts that related to my problem. My Malwarebyte program was evidently hijacked, so I changed the name to data.exe. Ran scan and it picked up alot of infections. How do I now restore it to it's normal mode?


EDIT:
You have opened a topic in Malware Removal, and received an answer. Please follow the advice given there.
Thank you.

This post has been edited by Rocket Grannie: 07 June 2010 - 12:49 AM
Reason for edit: Request answer to topic.

[Koops]

Thanks for the good advice!

[happygolucky]

thanks great tips here