Jump to content


Photo

Removal Tools: "Malwarebytes' Anti-Malware"


  • Please log in to reply
15 replies to this topic

#1 TheJoker

TheJoker

    Forum Deity

  • Boot Camp Mod
  • PipPipPipPipPip
  • 13,245 posts

Posted 08 May 2008 - 10:55 PM

How to run a scan with Malwarebytes' Anti-Malware

Download Malwarebytes' Anti-Malware from Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
    • If the program won't start, go to MBAM's program folder (normally C:\Program Files\Malwarebytes' Anti-Malware), rename mbam.exe to a random file name (keep the .exe extension) and double-click on it to start the program.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.



Troubleshooting MBAM Problems

Some malware targets Malwarebytes' Anti-Malware and other cleaning tools to prevent you from using them to clean your system.

Unable to Run MBAM

If you attempt to run the installer for MBAM and it won't run, or starts and closes, using Windows Explorer go to the folder you saved the install program and try renaming it to one of the following file names:
  • iexplore.exe
  • explorer.exe
  • userinit.exe
  • winlogon.exe
  • mbam.scr
Then double-click on the renamed file to try to run it. If that doesn't work, try one of the other file names above. If you are still unable to run the MBAM installer, then download and run this program to try to kill the malware process:

Please download Rkill by Grinler from one of these links:

Rkill.exe
Rkill.com
Rkill.scr
Rkill.pif

Save rkill.exe to your Desktop.
Double-click on rkill.exe to run it.
If the first one does not run successfully, try the other copies and see if one of them will run.

Once the Rkill program has completed, then try again to run the MBAM installer.

Once you have installed MBAM, if you try to run the program and it won't start, it may still be targeted by malware. Try the same steps that you may have had to try to run the installer program. Using Windows Explorer, go to the folder that you installed MBAM and rename mbam.exe to one of the following file names:
  • mbam.scr
  • mbam.com
  • iexplore.exe
  • explorer.exe
  • userinit.exe
  • winlogon.exe
If you are still unable to run MBAM, Follow the same instructions in the box above to download and run Rkill, and after running it, see if you can run MBAM.

Unable to Update MBAM

Once you are able to start MBAM, if you receive an Error 732 when trying to update the program it could be because malware has changed your connection settings so that you are using a proxy server. To make sure your connection has not been set to use a proxy server, please do the following:
Go to Start > Settings > Control Panel > Internet Options > Tools Menu -> Internet Options -> Connections Tab ->Lan Settings > uncheck "use a proxy server" or reconfigure the Proxy server again in case you have set it previously.
In Firefox in Tools Menu -> Options... -> Advanced Tab -> Network Tab -> "Settings" under Connection.

If you are still unable to update MBAM, there are two other ways to update the program.

1. Download the updated rules as an installable file - download mbam-rules.exe and save it to a convenient location such as your Desktop and double-click on the program to run it, It will install an updated database for MBAM. After updating MBAM with mbam-rules.exe, run MBAM again, scan your system, and clean anything found.

2. The other way to update the program is more complicated, but will result in the very latest update (mbam-rules.exe isn't updated as often as the online updater). Download and install MBAM on an uninfected system, start the program, and update it. Then you can copy the database file (rules.ref) from the folder below and transfer it manually to the infected system. I would recommend burning the file to CD to transfer to the infected system. If you use a flash drive, it could potentially become infected when you insert it into the infected system and then infect any other system it's inserted into (please see this topic - USB/Flash Drive Safety). The database file (rules.ref) is found in the following folder:

  • Windows XP: C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware
  • Windows Vista/Windows 7: C:\Documents and Settings\Users\All Users\Malwarebytes\Malwarebytes' Anti-Malware
If you are unable to see the folder, you may need to reconfigure windows to allow you to see hidden files and folders:
http://www.microsoft...iddenfiles.mspx


More Detailed Troubleshooting Information

For more detailed information on troubleshooting MBAM, please see this topic at their website:
http://forums.malwar...showtopic=10138

Edited by Rocket Grannie, 19 April 2011 - 06:50 PM.
Fixed broken (mbam-rules.exe) link.

Free Tools for Fighting Malware
Anti-Virus: avast! Free Antivirus / Avira Free AntiVirus
OnLine Anti-Virus: ESET / BitDefender / F-Secure
Anti-Malware: Malwarebytes' Anti-Malware / Dr.Web CureIt
Spyware/Adware Tools: MVPS HOSTS File / SpywareBlaster
Firewall: Comodo Firewall Free / Privatefirewall
Tutorials: How did I get Infected? / Internet Explorer Privacy & Security Settings
If we have helped, please help us continue the fight by using the Donate button, or see this topic for other ways to donate.

MS MVP 2009-20010 and ASAP Member since 2005


#2 minky

minky

    Member

  • New Member
  • Pip
  • 1 posts

Posted 09 May 2008 - 05:21 PM

Thank You! so very much I followed the advice you had given to someone else and managed to get rid of a rather nasty trojan, sbmntr.exe ....... hxxp://internetsearchservice.com.

I hasten to add that neither SpyBot Search & Control or NOD32 AntiVirus could actually get rid of it they managed to find it all right and remove it but it kept coming back & spybot even tried at a restart/windows login before anything acually loaded up but like a bad penny there it was again.

I have spent all day trying various things safe mode and a host of other programs & various methods that said they could get rid of it but none worked only yours.

I was just about to give up and format when I googled for internetseachservice and thank god I found you! just in time lol.......

I have just donated $10 as a thank you for the valuable help/time you and the others give in helping the misfortunates like myself........

My hubby who downloaded the trojan, also thanks you as well as he is no longer getting earache from me lol

kind regards

minky

Edited by TheJoker, 09 May 2008 - 06:04 PM.
Active link disabled


#3 livenlife

livenlife

    Member

  • Helper Trainee
  • Pip
  • 18 posts

Posted 03 August 2008 - 10:33 AM

Thanks for another good tutorial Joker
I love all the help you guys provide and I can't wait until I can start helping :)
I have been studying daily for hours...
There is an amazing amount of tricks to the trade of bug killing :bangbang:

#4 Stoner81

Stoner81

    Member

  • Helper Trainee
  • Pip
  • 38 posts

Posted 22 June 2009 - 05:52 PM

Thanks buddy I wont be so quick to get rid of the logs in future ;)

#5 Killer_Klient

Killer_Klient

    Member

  • Full Member
  • Pip
  • 2 posts

Posted 27 August 2009 - 05:59 AM

Thanks buddy I wont be so quick to get rid of the logs in future ;)


It's worked great and managed to reomve the files but after one day they manged to get back in my pc and it's the same process again, any Ideas?.

#6 Budfred

Budfred

    Malware Hound

  • Administrators
  • PipPipPipPipPip
  • 20,364 posts

Posted 27 August 2009 - 09:08 AM

This isn't a help topic or a Malware Removal forum... MBAM is not able to handle every infection out there, so it is important to post in Malware Removal when it doesn't... Since you have already done that, the next step is to post the HijackThis log that was requested so that our helpers have enough information to help you...
Budfred

Helpful link: SpywareBlaster...

MS MVP 2006 and ASAP Member since 2004

Please read the Instructions for posting requested logs and the article "So how did I get infected in the first place?"

#7 higherflier

higherflier

    Member

  • Full Member
  • Pip
  • 4 posts

Posted 06 June 2010 - 11:06 PM

Saw this thread and the date of the post, couldn't find any other posts that related to my problem. My Malwarebyte program was evidently hijacked, so I changed the name to data.exe. Ran scan and it picked up alot of infections. How do I now restore it to it's normal mode?


EDIT:
You have opened a topic in Malware Removal, and received an answer. Please follow the advice given there.
Thank you.

Edited by Rocket Grannie, 07 June 2010 - 12:49 AM.
Request answer to topic.


#8 Koops

Koops

    Member

  • Full Member
  • Pip
  • 16 posts

Posted 14 July 2010 - 07:02 AM

Thanks for the good advice!

#9 happygolucky

happygolucky

    Member

  • New Member
  • Pip
  • 1 posts

Posted 16 August 2010 - 06:32 PM

thanks great tips here

#10 studiotwo

studiotwo

    Member

  • Full Member
  • Pip
  • 2 posts

Posted 15 April 2011 - 06:03 AM

1. Download the updated rules as an installable file - download mbam-rules.exe and save it to a convenient location such as your Desktop and double-click on the program to run it, It will install an updated database for MBAM. After updating MBAM with mbam-rules.exe, run MBAM again, scan your system, and clean anything found.


Hello,

The "Rules Link" (mbam-rules.exe) doesn't seem to be working.

Regards,
Stephen

#11 Rocket Grannie

Rocket Grannie

    SWI Australian Rebel

  • Boot Camp Mod
  • PipPipPipPipPip
  • 6,844 posts

Posted 19 April 2011 - 06:51 PM

1. Download the updated rules as an installable file - download mbam-rules.exe and save it to a convenient location such as your Desktop and double-click on the program to run it, It will install an updated database for MBAM. After updating MBAM with mbam-rules.exe, run MBAM again, scan your system, and clean anything found.


Hello,

The "Rules Link" (mbam-rules.exe) doesn't seem to be working.

Regards,
Stephen


Thank you Stephen. The link has been fixed.

a33.gif
 
My help is free, but if you wish to help keep these forums running please consider a donation, see here for details.


#12 cnm

cnm

    Mother Lion of SWI

  • Administrators
  • PipPipPipPipPip
  • 25,036 posts

Posted 23 June 2012 - 03:44 PM

techmachine02 - Post was moved to its own topic Cleanall virus

Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE


#13 parihar7

parihar7

    Member

  • Full Member
  • Pip
  • 2 posts

Posted 18 October 2012 - 06:07 AM

Hello,

thanks for this tutorial. it is realy helpful.

#14 Luke Clayhill

Luke Clayhill

    Member

  • Helper Trainee (A)
  • Pip
  • 2 posts

Posted 09 November 2012 - 09:24 AM

I have been using Malwarebytes for a few years now and it is a great program, I use it with CC cleaner, and AVG free, and never get any serious problems. (So far)



#15 adambrown

adambrown

    Member

  • Banned
  • Pip
  • 8 posts

Posted 11 March 2013 - 06:51 AM

Hi all,

 

Thanks for nice post.

The shared information is very uesful.


SPAM links deleted... SPAM posting ability removed...


#16 jude24

jude24

    Member

  • Helper Trainee (A)
  • Pip
  • 3 posts

Posted 05 March 2014 - 10:54 AM

I am using malwarebytes and never thought there are more great task that can be done. Thanks


Edited by jude24, 05 March 2014 - 10:55 AM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button