Articles

Mysterious virus blocking Malwarebytes

October 9, 2009 at 17:49:58
Specs: Microsoft Windows XP Home Edition, 1.993 GHz / 1022 MB

I am running XP home edition. I have avg anti-virus the free version, spybot, ad-aware, and Malwarebytes. The virus or spyware won't let me run spybot, ad-aware, or Malwarebytes. Everytime I run avg it freezes up, can someone please help me.

I ran BitDefender Online Scanner, Windows Defender, and it found some virus's, then I was able to run my avg free antivirus program. All three found some virus's but they didn't find all of them and I think they didn't delete a couple of them. I'm still not able to use spybot, ad-aware, and Malwarebytes.

Now I can hear music or commericals being played in the background for no reason at all. When I have my firefox browser up a new tab will open up about some gambling site. Now when I start my computer up I get a error message saying: ViewpointService.exe - Application Error
the exception Breakpoint
A breakpoint has been reached.
(0x0000003)occurred in the application at location 0x00402250
then it ask to either click ok to terminate the program or click cancel to debug the program.

I also got this ViewMgr message:
szAppName : ViewpointService.exe szAppVer : 2.0.0.54
szModName : ViewpointService.exe szModVer : 2.0.0.54 offset : 00002250


See More: Mysterious virus blocking Malwarebytes

Report •


#1
October 22, 2009 at 19:29:48

When I ran AVG free it found some problems, but it didn't fix the problem. Kaspersky's online scan wasn't available, so I used Bitdefender and ESET NOD32 online scan and they found problems with my java software. The trojans came from my outdated java software and now I have updated it. But I still can't use malwarebytes and spybot. I had to update my free version of Ad-Aware to get it to work and it keeps finding this win32 trojan.Tdss, every time it runs it always find that trojan and it tells me to quarantine it which is what I do. Then it tells me to restart my computer and Ad-Aware does the scan again and finds the same win32 trojan.Tdss every time. So can anyone please help me to get rid of the win32 trojan?

Every time I start my computer up I get a error message saying: ViewpointService.exe - Application Error
the exception Breakpoint
A breakpoint has been reached.
(0x0000003)occurred in the application at location 0x00402250
then it ask to either click ok to terminate the program or click cancel to debug the program.

I also got this ViewMgr message:
szAppName : ViewpointService.exe szAppVer : 2.0.0.54
szModName : ViewpointService.exe szModVer : 2.0.0.54 offset : 00002250


Report •

#2
October 24, 2009 at 11:13:03

Sounds like the vundo virus. Rename the malwarebytes exe (I think it's called mb.exe) and call it something else - fred.exe or something then run that. It should detect and remove vundo and it's variants - good luck!

Report •

#3
October 26, 2009 at 10:24:09

bigruss99uk I tried renaming malwarebytes.exe, it will install but once I try to run it nothing happens. spybot won't run only ad-aware and avg free will run.
I turned off system restore and I ran Ad-Adware and it found that win32 trojan.Tdss once again. Ad-Adware told me to restart my computer which I did. Ad-Adware found that same trojan once again, so can anyone tell me what else I need to do.

Report •

Related Solutions

#4
October 26, 2009 at 10:56:10

If you installed malwarebytes go into your "C:\Program Files\Malwarebytes' Anti-Malware\ folder and rename mbam.exe to something else ( correct.exe) but keep the exe file extension then try to run it.

Tufenuf


Report •

#5
October 26, 2009 at 11:09:01

Tufenuf I did that already

Report •

#6
October 26, 2009 at 18:38:34

superfusion, Check out the link below.

http://www.malwarebytes.org/forums/...

Tufenuf


Report •

#7
October 27, 2009 at 03:00:30

Uninstall MBAM , Goto Device Manager , View , show hidden , and scroll to Non Plug and Play Devices , Look for any thing that starts TDSS especially TDSSserver.sys and disable , do not uninstall or delete .
Down load Malwarebytes's Antimalware again , this time save as 3345setup.exe instead of mbamsetup.exe install and update , rename mbam.exe to mbam.com , double click and run the quick scan clean all it finds then shut down for 10 minutes before re-starting .

You could also try a 30 day trial of " UnHookMe " they say It's quite good when MBAM fails .

Good luck


Report •

#8
October 27, 2009 at 05:49:41

Sorry Tufenuf I seemed to have scrolled right past your last post , I don't know how that happened , Old age I expect ... :- | .

Report •

#9
October 27, 2009 at 06:36:38

superfusion, You may want to try the tool nentioned in the thread at the link below. Read thru that posting as it gives instructions.

"rkill (created by grinler (Bleeping Computers)"


http://forums.cnet.com/5208-6132_10...

Tufenuf


Report •

#10
October 28, 2009 at 01:02:35

Hey Jack Frost46 and Tufenuf I did what both of you said and renamed that file to get malwarebytes to work. Here is a copy of the log. I haven't deleted those threats yet because it said the threats were located in the memory, so what should I do?

Malwarebytes' Anti-Malware 1.41
Database version: 3045
Windows 5.1.2600 Service Pack 3

10/28/2009 2:52:58 AM
mbam-log-2009-10-28 (02-52-48).txt

Scan type: Full Scan (C:\|F:\|)
Objects scanned: 139073
Time elapsed: 1 hour(s), 27 minute(s), 9 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 3
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 3

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
\\?\globalroot\systemroot\system32\UACdyxidqoeuc.dll (Trojan.FakeAlert) -> No action taken.
\\?\globalroot\systemroot\system32\UACfdavxijxve.dll (Rootkit.TDSS) -> No action taken.
\\?\globalroot\systemroot\system32\UACpabcypnqlt.dll (Trojan.FakeAlert) -> No action taken.

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
\\?\globalroot\systemroot\system32\UACdyxidqoeuc.dll (Trojan.FakeAlert) -> No action taken.
\\?\globalroot\systemroot\system32\UACfdavxijxve.dll (Rootkit.TDSS) -> No action taken.
\\?\globalroot\systemroot\system32\UACpabcypnqlt.dll (Trojan.FakeAlert) -> No action taken.


Report •

#11
October 28, 2009 at 20:12:10

I went ahead and deleted those threats and now spybot is working as well. I did another scan and my computer is clean. I'm gonna do one more scan with malwarebytes and avg to be on the safe side. My only problem is that my computer is running slower than I remember. It takes like 5-7 minutes for Firefox to start. I have a lot of programs on my computer that may be the cause, so if anyone has any suggestions please let me know.

Report •

#12
October 29, 2009 at 02:22:21

After malware cleaning I find it's best to use CCleaner to get rid of all the old temp files ect. and perhaps defrag .

Report •


Ask Question