Malwarebytes Finds 2 Threats Won't Go Away

[burnnoticefan]

Malwarebytes found 2 infections. It deleted infections believe called BadCompany with Notepad. Now WinPatrol advises these 2 threats are trying to make changes to computer. 1. Microsoft Notepad.exe% Want to make change for this type of file registry editor Microsoft regit.exe %1 #2 .SCE Microsoft Notepad.exe %1 Want to change for this file type to file, (with no company name) to %1/s. How do I get rid of these threats. WinPatrol is driving me crazy with alerts. Thank You

 

[Lemur]

Try booting into safe mode. Then run malwarebytes.

 

[Corrine]

Malwarebytes found 2 infections. It deleted infections believe called BadCompany with Notepad.

Hi, burnnoticefan.

Please launch MBAM and click the Logs tab. Post a copy of the log.

Try booting into safe mode. Then run malwarebytes.

FYI -- MBAM works best in normal mode.

 

[Lemur]

Hi Corrine. I saw your post here:

http://www.sevenforums.com/system-security/53038-malwarebytes-safe-mode.html

but am stubborn, and still think if a virus or malware is detected but can't be removed in normal mode, you have to go to safe mode. And it has worked for me on other users in the past. Then again (and I plead amnesia) I may have been spywarebot (which I no longer use).

 

[karlsnooks]

burnnoticefan,
And you current anti-virus program is?

Also, take the easy way out. Run MalwareBytes in normal mode. Run MalwareBytes in Safe Mode.

 

[Corrine]

He already ran MBAM. I'd like to see the log of the 2 infections removed.

 

[karlsnooks]

corrine,
we all want to see the problem solved.

The normal/safe mode was my solution to satisfy the two suggestions as to how to run MalwareBytes.

 

[Corrine]

Agreed, Karl. I wanted to see the MBAM log for what was removed that is causing the WinPatrol alerts. It could well be that the malware changed the file type association and WinPatrol merely is looking for confirmation of the MBAM reversal.

 

[dajogejr]

I turn off any kind of system restore/backup, boot into safe mode and run it in Safe.
Then I run it again and again until I get a clean run.
Then I'll run it in normal Windows mode to make sure.

Maybe I'm old school...but windows with out all the bells and whistles running is quicker to scan and easier to remove nasties in safe mode.

 

[Lemur]

The OP had disappeared... at least for now.

 

[Corrine]

The OP had disappeared... at least for now.

Perhaps he is in a different time zone or tied up with work or school and will return.

I turn off any kind of system restore/backup, boot into safe mode and run it in Safe.
Then I run it again and again until I get a clean run.
Then I'll run it in normal Windows mode to make sure.

Maybe I'm old school...but windows with out all the bells and whistles running is quicker to scan and easier to remove nasties in safe mode.

Hi, jajogejr.

I am indeed "old school" and to me that means NOT turning off System Restore. If there is a false/positive during clean-up or a critical file removed, the only option at that point may be a complete format and fresh install. Although a clean install may be a wise move with certain types of malware, the option to save critical documents may well be lost.

My recommendation is to create a fresh restore point after cleanup and then remove all but that last point with Disk Cleanup.

 

[dajogejr]

IMO...
And I clean up plenty of computers...
If turning off system restore and cleaning results in a non-operating system, I resort to a repair install.
If that fails, it was time to save data (slave mode) and do a fresh install anyways.

I get paid to be quick and get the job done right. I equate a virus/trojan/malware infection to brain surgery.
Sometimes, you just don't know how it's going to end up.

Long ago...I could spend hours and hours trying to fix PCs, etc. I don't need the practice any more...I am the professional now. I stay busy with referrals and work due to being speedy and thorough...

I completely understand your point if it were my PC for my personal use. But when it's the customer's dime...I just get it done quickly and efficiently...

 

[madtownidiot]

When malwarebytes can't remove something, write down the location of the file(s), then boot to the windows install disk and manually delete them with a command prompt or alternatively (and much easier), create a bootable ubuntu flash drive and delete them that way.

 

[Corrine]

Yes, dajogejr, when in the business of fixing PCs it is different than what the home computer user faces. In your case, time is money. The average home user does not have a backup and would have no clue how to connect another drive as slave to retrieve data.

 

[yowanvista]

Using this might help: Kaspersky Rescue Disk 10