Cannot install MBAM on infected system

Discussion in 'other anti-malware software' started by Victek, Nov 16, 2008.

Thread Status:
Not open for further replies.
  1. Victek

    Victek Registered Member

    Joined:
    Nov 30, 2007
    Posts:
    5,128
    Location:
    USA
    I was attempting to clean a badly infected system recently and to my surprise MBAM would not install. I was in SAFE mode (normal mode was unusable) and when I ran the installer it did nothing. The task manager showed the installer loaded in memory, but inactive. I wonder if MBAM was being specifically targeted by this malware?

    This was perhaps the worst infection I've seen - internet connectivity was possible in SAFE mode, but DNS was poisoned. There was no host file and I checked the router and TCP/IP DNS settings for tampering, but couldn't find anything. I'm guessing there was cloaked root-kit, but unfortunately I couldn't take the time to figure it out. The system will just be erased and reinstalled next week.
     
  2. Biscuit

    Biscuit Registered Member

    Joined:
    May 26, 2006
    Posts:
    978
    Location:
    Isle of Man
    I didn't think you could install anything in safe mode.... o_O
     
  3. Meriadoc

    Meriadoc Registered Member

    Joined:
    Mar 28, 2006
    Posts:
    2,642
    Location:
    Cymru
    Could be malware blocking the runtime files, a manual method or liveCD would help out.
     
  4. ThunderZ

    ThunderZ Registered Member

    Joined:
    May 1, 2006
    Posts:
    2,459
    Location:
    North central Ohio, U.S.A.
    Have heard of instances where renaming the .exe will allow install. Your mileage may vary.
     
  5. EliteKiller

    EliteKiller Registered Member

    Joined:
    Jan 18, 2007
    Posts:
    1,138
    Location:
    TX
    Yes, MBAM is one of the most popular anti-malware tools which is targeted by a lot of malware authors. The Seneka rootkit and TDSServ trojan are known to target MBAM and block access to other anti-malware software and security websites.

    MBAM does not rely on the Windows Installer service therefore it will install in safe mode.

    Correct. If renaming mbam-setup.exe to victek.exe doesn't solve the installation problem then I would run ccleaner and AVZ from a USB flash drive. Afterwards MBAM should install, then you can use the securitywonks.net mirror to download the update in case mlawarebytes.org is still being blocked. If that fails you can download the slightly outdated 1378 update. Otherwise install MBAM on a clean computer, update, then search for rules.ref and copy it to the proper directory on the infected pc.

    Combofix and SDFix are also excellent tools that require little supervision to use. Make sure you have your Windows CD handy in case you need to perform a repair install or use the recovery console.
     
    Last edited: Nov 16, 2008
  6. nando3o5

    nando3o5 Registered Member

    Joined:
    Dec 10, 2008
    Posts:
    1
    hi guys Im new to this forum and I foud this thread on a search for "mbam not opening"

    Here was my problems AND MY SOLUTION!! :)

    My buddy's computer caught that Antivirus 2009 bullsh!t. I thought no problem, I've gotten rid of this using Malwarebytes' Anti-Malware on two other computers perfectly. So yesterday I go install the MBAM setup for the Malwarebyts' Anti-Malware and I click the icon and nothing happens. I found this thread on my search where some of you recommend changing the name. I changed the name to nando3o5 and it worked - the program installed!
    Now the other problem... after being installed it doesn't run.
    So after hours of googling and trying different stuff unsuccessfully. I changed the name of the MBAM file in the program files.
    My Computer/ C:/ Program Files / Malwarebyts' Anti-Malware / MBAM.exe <--- changed that to my name and the program ran.The pc is now free of Antivirus 2009, it looks like that virus evolved to recognize it killer.

    Hope that helps, if it did, sign in and let others know. Like I did.:thumb:
     
  7. mrmalkovich

    mrmalkovich Registered Member

    Joined:
    Dec 20, 2008
    Posts:
    1
    hey there... i'm running xp pro, and i just got the virusremover virus. renaming mbam's setup file helped it to install, but it will not run, even in safe mode and/or with the exe file renamed as well. i think my only option is your advice to "install MBAM on a clean computer, update, then search for rules.ref and copy it to the proper directory on the infected pc."

    can you walk me through the entire process of copying rules.ref to the right directory and anything else i have to do to make this happen? i'm not very experienced when it comes to directory issues, and i don't want to screw my computer up even worse than it already is. i would really appreciate it. this is probably the worst virus i've ever had. who are these people and where do i sign up for a class action lawsuit?
     
  8. JRViejo

    JRViejo Global Moderator

    Joined:
    Jul 9, 2008
    Posts:
    20,972
    Location:
    U.S.A.
    mrmalkovich, first, welcome to Wilders! Perhaps you want to follow these instructions Attacked/Hijacked/Infected... even if you already installed MBAM. I've applied this combo and procedure to a lot of infected PCs, with much success. Let us know what happened. Good luck!
     
Loading...
Thread Status:
Not open for further replies.