Before I do Is there some way I could update the mbam data manually?, like copying an entire mbam folder from an updated uninfected machine???
If you have an uninfected machine then Why are you using a zip file to store these files? That makes no sense whatsoever. Why are you using Filezilla? All you need is a clean flash drive. You can easily move files from a flash drive to a computer. No need for zip files. Unzipping a file may be all this infection needs to react. The act of unzipping IS a running process.
A zipped file will not necessarily remain clean. Everytime you unzip it then it is open and the files inside can become infected. Many infections spread via zipped files.
You were not told to put any files into a zip file. You were told to use the executable files, not from a zip file.
Am I right that this guarantees that I'm testing with undamaged files? ABSOLUTELY NOTI prepare as follows...
1. delete all the (possibly damaged) rkills on the desktop
2. unpack the files from the zip to a temporary sub folder
3. copy the rkills to the desktop
4. Delete the temporary sub folder
You are making this all the more complicated than it needs to be by doing things that are not listed in ANY steps...keeping the Task Manager open for one thing. That is a running file which may interfere. EVERYTHING except the ONE rkill should be closed. Nothing else should be open. None of those other rkill files should have been running.
The instructions are very clear. The files don't go to any temporary folder. The file directly to the desktop, either via downloading using Safe Mode with Networking OR moving them from a flash drive to the infected computer.
RKill only terminates RUNNING infection processes it doesn't remove them. It doesn't remove other files that are not running.
You don't ever run all of them UNLESS ONE of them doesn't work. Then you move to the next ONE not all of them.
If ONE works then the others don't need to be run.
Once ONE works then you move forward to do MBA-M and not one held in a zip file but a brand new clean copy either downloaded via safe mode with networking to the infected computer OR by transferring the brand new CLEAN MBA-M install file (not the entire program) to the infected computer and installing it.
If you really wanted assistance you would have followed ONLY the steps given, not anything else.
By continually re-using the same "dirty" files is defeating everything. mba-m.exe should NOT have been running at all prior to rkill being run, it should not have been showing in the running processes. It should not have been started until rkill was finished and it DOES show you that it is finished. Then and only then should MBA-M have been downloaded and installed, NOT before.
Your computer has an EXTREMELY dangerous infection on it as noted by the file found by MBA-M in your initial run and that is the Trojan.SpyEyes in the family of password stealers and remote access trojans.
It is an infection that can enter the computer via a zip file, P2P file sharing, OR, visiting remote, crack and keygen sites. Obivously the removal of the ONE file by MBA-M did not remove the full infection, if it had you should not be having to still try to remove it.
This infection injects code in legitimate files and in many cases the infected files (which could number in the thousands) cannot be disinfected properly by your anti-virus program or likely other removal programs either. When disinfection is attempted, the files often become corrupted and the system may become unstable or irreparable. The longer the infection remains on a computer, the more files it infects and corrupts so the degree of infection can vary.
Since you have not even followed the instructions as given I am sure this infection has taken an even deeper hold on your computer.
Your best bet at this point is a reformat and reinstall of the system.
Reply With Quote