[Guide] Running MBAM on an infected computer

Customer Support
If you have found this thread by using the forum search tool, please note that it is a niche thread and probably not the most appropriate one for your particular situation. Please refer to the thread by MVP Shammoz linked to below unless you were specifically linked to this one.

[Guide] How to SCAN and SECURE your PC - Part II
http://eu.battle.net/wow/en/forum/topic/1820913657






#DoomAuth
Unable to install Malwarebytes Anti-Malware
After doing as described in each section below, try to install Malwarebytes and run a Full Scan.


SUPERAntiSpyware

Download the free version of this program here;
http://www.superantispyware.com/download.html

Check for updates, then perform a scan and remove all threats detected.


Rkill

Here's a link to where you can download Rkill;
http://www.bleepingcomputer.com/download/anti-virus/rkill

Rkill is designed to terminate malware running on your computer. It doesn't delete malware from your computer; it simply stops the malware from running so that you can install security programs (in this case Malwarebytes' Anti-Malware) which will scan for and remove malicious files.

Try running the .exe version. If it doesn't work, or causes a BSoD, run the .com version.

Note: Do not restart your computer after running Rkill; the malware will resume running on start-up.


TDSSKiller

Here's a link to where you can download TDSSKiller;
http://media.kaspersky.com/utilities/VirusUtilities/EN/tdsskiller.exe

TDSSKiller will scan your computer for malware, and unlike Rkill it will attempt to permanently remove anything it detects. If TDSSKiller wants to restart your computer, allow it to do so immediately.


Rename mbam-setup.exe

Here's a list of names I'd suggest;
- iexplore.exe
- explorer.exe
- firefox.exe
- userinit.exe
- winlogon.exe
- mbam-setup.com
- installer.com
Unable to run Malwarebytes Anti-Malware
Note: None of the below is an alternative to running a Full Scan with Malwarebytes' Anti-Malware. After attempting each section below, you should always attempt to run a Full Scan using MBAM.


Chameleon

Malwarebytes has its own utility for this.

Go to the folder called Malwarebytes Anti-Malware. If you chose a custom directory, then it should be there. Otherwise, look in the \Program Files\ and \Program Files (x86)\ directories. You can also search your computer for 'Malwarebytes Anti-Malware', as it should naturally be the only result.

When you have found the Malwarebytes Anti-Malware directory, go into the Tools folder. Open the file called 'Malwarebytes Anti-Malware Chameleon'. Due to the nature of Chameleon, it has numerous ways of trying to run Malwarebytes Anti-Malware. If your first attempt is unsuccessful, try all of the others.

Note: It's possible that your PC is infected with a program which will also try to block Chameleon.

If the file won't open, then enter the Chameleon folder. You can try to run Chameleon by double-clicking on the various files in the Chameleon folder (except mbam-killer.exe, stay away from that one).


Rename mbam.exe

Here's a list of names I'd suggest;
- iexplore.exe
- explorer.exe
- firefox.exe
- userinit.exe
- winlogon.exe
- mbam.com
- installer.com


Safe Mode

When unable to run Malwarebytes Anti-Malware normally, it is sometimes possible to run the program when booted into Safe Mode. Restart in Safe Mode and try to run a Quick Scan with MBAM.

Here's how to boot into Safe Mode in Windows 8;
- Hold down the Windows key and tap C.
- Choose Settings and then click Power.
- Hold down the Shift key and select Restart.
- Select Troubleshoot and go into Advanced Options.
- Pick Startup Settings and click Restart.
- Press 4 to enter Safe Mode.

Here's how on Windows XP, Vista & 7;
- Restart your computer normally.
- Repeatedly tap F8 as it boots.
- Select Safe Mode when the menu opens.


Rkill

Here's a link to where you can download Rkill;
http://www.bleepingcomputer.com/download/anti-virus/rkill

Rkill is designed to terminate malware running on your computer. It doesn't delete malware from your computer; it simply stops the malware from running so that you can install security programs (in this case Malwarebytes' Anti-Malware) which will scan for and remove malicious files.

Try running the .exe version. If it doesn't work, or causes a BSoD, run the .com version.

Note: Do not restart your computer after running Rkill; the malware will resume running on start-up unless you've already ran Malwarebytes Ant-Malware and removed the infection.


TDSSKiller

Here's a link to where you can download TDSSKiller;
http://media.kaspersky.com/utilities/VirusUtilities/EN/tdsskiller.exe

TDSSKiller will scan your computer for malware, and unlike Rkill it will attempt to permanently remove anything it detects. If TDSSKiller wants to restart your computer, allow it to do so. Then try to run Rkill and perform a full scan with Malwarebytes' Anti-Malware to make sure everything's gone.
MBAM Errors & Solutions
This section of the guide will include some common MBAM error messages and their respective solutions. It should not be seen as an alternative to their forum or contacting them using their web form.

Here is the Malwarebytes forum;
http://forums.malwarebytes.org/

Here is a link to contacting Malwarebyes Support;
http://www.malwarebytes.org/contact_consumer/


Error 732

This error usually means your internet connection settings have been changed to use a proxy.

Here's a guide on how to correct your settings;
https://eu.battle.net/support/en/article/7300083

[Other errors & solutions TBA]
Reserved.
*Virtual like* (as I cannot actually click it :P )
I have added a link to this guide in the Mbam section of mine. Just need a blue to make the links clicky again :)
Thank guys!

When I was almost finished with all of the inevitable editing after submitting the thread, I learned that apparently SUPERAntiSpyware is quite good at getting rid of the kind of nasties which stop you from using MBAM, and of course you already have it in your thread. Oh well, live and learn. :P
A fine addition! =3
Very nice post.
This is definitely going to help a lot of people in the future.

Good work! ^^

Join the Conversation

Return to Forum