Ok thanks I will begin again!Originally Posted by jholland1964
Before I do Is there some way I could update the mbam data manually?, like copying an entire mbam folder from an updated uninfected machine???
Do I need to download each time to ensure the files are not damaged?
Would I be able to acheive the same end by keeping it all in a zip on the infected macine
...and just unapacking each time I need to use?
The only way I can get files to/from the PC is via FileZilla. Is that ok/safe to use?
Anyhoo, I spent all day on the following, could you peruse it as I have some questions?
Ok now I have all the files I need in a zip file on the infected PC
I prepare as follows...
1. delete all the (possibly damaged) rkills on the desktop
2. unpack the files from the zip to a temporary sub folder
3. copy the rkills to the desktop
4. Delete the temporary sub folder
Am I right that this guarantees that I'm testing with undamaged files?
Also during the tests I am keeping the Windows Task Manager open to keep an eye on the process list,
please let me know if this interferes in any way?
Results of my tests....
First Test
Step 1.
I opened WiNlOgOn.exe
waited for the log to show
Tried to start mbam (by right-click + Open on my mbam desktop shortcut)
mbam.exe stalled (shows in process list but not doing much, using
Rkill Log:
Rkill was run on 20/05/2012 at 17:12:30.
Operating System: Microsoft Windows XP
Processes terminated by Rkill or while it was running:
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\Documents and Settings\All Users\Application Data\Macrovision\FLEXnet Connect\6\ISUSPM.exe
C:\Documents and Settings\Fred\Desktop\WiNlOgOn.exe
C:\Documents and Settings\Fred\Desktop\eXplorer.exe
C:\Documents and Settings\Fred\Desktop\rkill.com
C:\Documents and Settings\Fred\Desktop\rkill.exe
C:\Documents and Settings\Fred\Desktop\rkill.scr
C:\Documents and Settings\Fred\Desktop\uSeRiNiT.exe
Rkill completed on 20/05/2012 at 17:12:33.
Step 2.
I opened uSeRiNiT.exe
waited for the log to show
Rkill Log:
Rkill was run on 20/05/2012 at 17:19:35.
Operating System: Microsoft Windows XP
Processes terminated by Rkill or while it was running:
Rkill completed on 20/05/2012 at 17:20:08.
All the icons on the desktop disappeared
the Windows Start button and taskbar were visible but not responding to clicks
I found that if I did a File/New Task (Run...) for "c:\" in the Task Manager then the desktop icons reappeared
I did not try to start mbam at this point as mbam.exe was still showing in process list, but not doing much,
and refused to be killed with an "End task"
Step 3.
So I opened rkill.scr
waited for the log to show
Rkill Log:
Rkill was run on 20/05/2012 at 17:23:49.
Operating System: Microsoft Windows XP
Processes terminated by Rkill or while it was running:
Rkill completed on 20/05/2012 at 17:24:46.
mbam.exe was still showing in process list but...
I though I'd try to start it again (by right-click + Open on my mbam desktop shortcut)
bingo ! mbam loaded and showed a pop-up...
Updating Malwarebytes Anti-Malware...
Downloading v2012.05.20.04
6,946.20 kb [100%]
The progress bar reached 100% (I was getting hopefull)
But then it complained that "mbam is already running" (from step 1)
Step 4.
I ran all the remaining rkills and tried to start mbam after each one completed,
I ended up with 3 or 4 stalled mbams
3 of them having downloaded the upgrades but not getting any further.
So I rebooted and started again following Steps 1 to 3
except I did not try to start mbam until I had run the 3rd rkill,
but this simply stalled like before
Reply With Quote