Infected with stuff, which doesn't allow to run firewall, MBAM, avast etc.

Discussion in 'SpywareBlaster & Other Forum' started by buczubuczu, Sep 12, 2014.

  1. buczubuczu

    buczubuczu Registered Member

    Joined:
    Sep 12, 2014
    Posts:
    3
    Location:
    Poland, Silesia, Sosnowiec
    Good day everyone!

    Hope that's a good place to start new topic. For a few days I'm having weird issues with my PC - I cannot run anymore any anti-malware or defence software (neither my avast! 9, my Outpost Firewall Pro, MBAM) - each time I get idiotic message, which says that I'm the only one responsible for that ("this program is blocked by the group policy"). Fine, but I haven't run into AppLocker even once. I've already tried a few different things - somehow get managed to update MBAM from ver. 1.xx to 2.0.12 and run scan (which found fomething!) and update my Outpost firewall to ver. 9.1 (still unable to run, though).
    All my steps made so far are described there
    http://www.bleepingcomputer.com/forums/t/547693/infected-with-stuff-which-doesnt-allow-to-run-firewall-mbam-avast-etc/#entry3475148
    One of moderators told me to start new topic here. I also should type here, why my DDS cannot run. Guide, typed on bleepingcomputer.com tells that it could take up to few minutes to get a full logs (attach.txt and log.txt (not sure about the name)). But, in my case - DDS start's with his window (but not DOS-like, normal window, which is shown after choosing options). All go smooth and quick, last known text is "generating attach.txt. Please wait". After couple of seconds this window is gone and nothing more is likely to appear on the screen. Even if I wait few more minutes - nothing is shown to me and the system is acting like no action was even made. On bleepingcomputer.com stuff told me, that they will be able to fix it here, I hope so too.
    If I put this thread in wrong place, please put it into trash, instead of instant remove ;)
    Best regards,
    Rafał
     
  2. ky331

    ky331 Registered Member

    Joined:
    Jun 25, 2008
    Posts:
    143
    Just tossing out a possibility here... have you run CryptoPrevent? If so --- especially if you applied more than just its default protection --- that could explain the Group Policy blockage.

    If you *DO* have CryptoPrevent, open it, REMOVE ALL of its protection, reboot your computer (not sure if this step is really required), and see if that makes a difference in the programs not running. If they run, then you need to be careful about the degree of CryptoPrevent protection you apply again in the future.

    If you don't have CryptoPrevent, or if removing its protection doesn't fix things, then I would suggest you try running MBAM through its CHAMELION interface (rather than normally).
     
  3. buczubuczu

    buczubuczu Registered Member

    Joined:
    Sep 12, 2014
    Posts:
    3
    Location:
    Poland, Silesia, Sosnowiec
    I haven't got anything in common with CrypoPrevent, so it's not it.
    I've also already tried Chameleon - it get managed to found some unwanted stuff, but it's not it. I forgot to type it there - none of these helped me so far - Chameleon, dds, rkill, adwcleaner, MBAM. Most of them don't even want to start, and if they do, either they work abnormally (no logs, no windows being shown) or they doesn't start at all.
    Nice try, but I think that we've to go deeper into this.
     
  4. zapjb

    zapjb Registered Member

    Joined:
    Nov 15, 2005
    Posts:
    3,518
    Location:
    USA - Back in a real State in time for a real Pres
    Ime you're chasing your tail. Time for a LiveCD & salvage personal data. Then nuke the drive & fresh install.
     
  5. Kerodo

    Kerodo Registered Member

    Joined:
    Oct 5, 2004
    Posts:
    7,779
    That's what I'd do too. There's really no other solution...
     
  6. buczubuczu

    buczubuczu Registered Member

    Joined:
    Sep 12, 2014
    Posts:
    3
    Location:
    Poland, Silesia, Sosnowiec
    Sad to see, that is probably the one and only solution. I've made a contact with Agnitum support team, might as well wait for their reply (should be back in a few days, already gave them the logs and props). If not, I'll wipe this foolish software, nuke it and change it into HeHe.
    But, to be honest, I was expecting something instead of this. I know that format c:\ is good solution for almost any kind of issue, but still. There are plenty of other ways.
     
  7. zapjb

    zapjb Registered Member

    Joined:
    Nov 15, 2005
    Posts:
    3,518
    Location:
    USA - Back in a real State in time for a real Pres
    No there aren't plenty of other ways. Once slammed with problems, especially ones that prevent AVs & associated programs from running. Other solutions besides going back to a clean image or reinstall are precarious at best.
     
  8. Krusty

    Krusty Registered Member

    Joined:
    Feb 3, 2012
    Posts:
    2,872
    Location:
    Australia
    In any case I can't see what this has to do with SpywareBlaster.
     
  9. zapjb

    zapjb Registered Member

    Joined:
    Nov 15, 2005
    Posts:
    3,518
    Location:
    USA - Back in a real State in time for a real Pres
    Didn't even notice lol.
     
Loading...