O. T. Malwarebytes issue:

M

magineer02

I have a Dell Dimension 8200(Seagate
Barracuda 7200 HD 160Gb) with XP, SP3,
with Spywareblaster, Avast, Malwarebytes
and Windows firewall.


I tried to run malwarebytes but I received
run errors. So I uninstalled it and reinstalled
it from:

www.malwarebytes.org

but still get the same errors.

I also noticed that the underlined single click
icon's no longer function when I click them. I
have to right click them to open them whereas
before I just single clicked them.


Thoughts/Suggestions,
Robert
 
P

Paul

I have a Dell Dimension 8200(Seagate
Barracuda 7200 HD 160Gb) with XP, SP3,
with Spywareblaster, Avast, Malwarebytes
and Windows firewall.


I tried to run malwarebytes but I received
run errors. So I uninstalled it and reinstalled
it from:

www.malwarebytes.org

but still get the same errors.

I also noticed that the underlined single click
icon's no longer function when I click them. I
have to right click them to open them whereas
before I just single clicked them.


Thoughts/Suggestions,
Robert

You can use the Chameleon help file. It's in
C:\Program File\Malwarebytes' Anti-Malware\Chameleon .
The file name is chameleon.chm, but you can't
see the .chm extension in my sample photo below.
The chameleon.chm is disguised as a user manual/help file.
You start the chameleon.chm running. Then, click the
button on the page "Chameleon #1", and it will start
a script running.

You should see something like this, and it could
take a minute or two, for the entire mbam-killer,
database update, and scan procedure, to start. It's
just a wee bit slow on my computer.

http://i59.tinypic.com/2rwvuk4.gif

Paul
 
P

Player

I have a Dell Dimension 8200(Seagate
Barracuda 7200 HD 160Gb) with XP, SP3,
with Spywareblaster, Avast, Malwarebytes
and Windows firewall.


I tried to run malwarebytes but I received
run errors. So I uninstalled it and reinstalled
it from:

www.malwarebytes.org

but still get the same errors.

I also noticed that the underlined single click
icon's no longer function when I click them. I
have to right click them to open them whereas
before I just single clicked them.


Thoughts/Suggestions,
Robert
Why don't you just contact Malwarebytes service by email? The will
knowledgeably answer your question and provide assistance even if you
are only using the free version.

Jeff Barnett
 
D

David H. Lipman

From: said:
I have a Dell Dimension 8200(Seagate
Barracuda 7200 HD 160Gb) with XP, SP3,
with Spywareblaster, Avast, Malwarebytes
and Windows firewall.


I tried to run malwarebytes but I received
run errors. So I uninstalled it and reinstalled
it from:

www.malwarebytes.org

but still get the same errors.

I also noticed that the underlined single click
icon's no longer function when I click them. I
have to right click them to open them whereas
before I just single clicked them.


Thoughts/Suggestions,
Robert


As Jeff suggested, why not contact Malwarebytes. However not by email, just join the
Forums and post the query.
https://forums.malwarebytes.org/index.php?s=e9a3f0cee3c6b85e4a6338b3bbdce9eb&showforum=41

What is also important is to state what is the EXACT error message. Take a Scree-Shot,
write down the exact error message.
To properly answer one needs to know if it is a Runtime message Error number ###, MSVC###
message associated with a missing DLL, etc. Just stating "I received
run errors" is just not enough to go by.

BTW: If you didn't know, I am a former Malwarebytes' employee in their Malware Researcher
group.
 
M

magineer02

I've joined forums like this before
and got no replies to my posts. If
you look at the replies there are a
number of them with none.

Robert
 
M

magineer02

Hello Paul,

I tried to go to:

C:\Program File\Malwarebytes' Anti-Malware\Chameleon

and it came back with file not found
Firefox can't find the file at /C:/Program File/Malwarebytes' Anti-Malware/Chameleon.

Robert
 
J

jim

Hello Paul,

I tried to go to:

C:\Program File\Malwarebytes' Anti-Malware\Chameleon

and it came back with file not found
Firefox can't find the file at /C:/Program File/Malwarebytes' Anti-Malware/Chameleon.

Robert

Have it on my system - Vista ; you are using forward slash / instead of
backslash \ pedantic .
 
M

MerseyBeat

I've joined forums like this before
and got no replies to my posts. If
you look at the replies there are a
number of them with none.

Robert

Let's see... you have responses to THIS post. OK, so you have posted
without replies in the past. That doesn't change the future. How many
responses will you get by NOT posting?
 
M

magineer02

Hello Paul,

Tried to install malwarebytes on the 8200 and got this:

CoCreateInstance failed; code 0x80040154
Class not registered.

vbAccelerator SGrid II Control
Run Time Error 0

Run-time error 440
Automation error

Run time error '0'

In addition my Quick launch toolbar keeps disappearing
after each session.

So is malwarebytes seriously messed up now because
I received the same messages on my 8500.

Robert
 
P

Paul

Hello Paul,

Tried to install malwarebytes on the 8200 and got this:

CoCreateInstance failed; code 0x80040154
Class not registered.

vbAccelerator SGrid II Control
Run Time Error 0

Run-time error 440
Automation error

Run time error '0'

In addition my Quick launch toolbar keeps disappearing
after each session.

So is malwarebytes seriously messed up now because
I received the same messages on my 8500.

Robert

What do we know:

1) You have a problem.
The problem is likely caused by malware.

2) Not every problem can be fixed by us here.

There are sites like Bleepingcomputer, that help
people by analysing their log files, and suggesting
multiple tools they can use to resolve problems.
But the users in that forum, are generally pretty
experienced people, and seem to have no trouble
getting the tools to run. I'm actually surprised by that
(that so many threads, have successful resolutions).

3) You have two alternatives;

a) Look for a help page, that deals with "stubborn"
MBAM problems. Chameleon was supposed to be a
method of getting MBAM to run. Of course, as you've
noticed, malware can also try to stop the installer
from running. You could work on the problem, purely
with MBAM as the target solution.

b) You could switch over to an offline malware tool
For example, the Kaspersky Rescue CD, can do signature
based scans from it's built-in Linux operating system.
That is for cases, where Windows will no longer run, or
things are really really screwed up.

Kaspersky Rescue CD 375MB
http://support.kaspersky.com/8092

As a philosophical approach for you, I recommend the following:

1) You have two computers. Do *all* your web surfing, on the
one machine. Now, that machine is going to get malware
once in a while.

2) Reserve the second machine, for coming to Google Groups and
posting your problems. That means you won't be surfing to random
sites with the second computer. In the IT industry, they call
that the "technician computer" or the "clean computer". Such a
"clean computer", could be used to download and burn the Kaspersky
Rescue CD for example.

3) If you don't adopt such a policy, you might easily end up with
two computers with the same malware on them.

4) There are mechanisms for malware to move from one machine to
another. Such a mechanism is called a "worm" and uses network
protocols for propagation. Visiting Windows Update and doing the
security updates, is a start at reducing the exposure to those.
Having a resident AV program on each computer, also helps. But
when new malware comes out, sometimes nothing stops it. At work,
we had a "meltdown" one day, when a worm was loose on the network,
and our AV software vendor needed a day or so to produce a removal
and cleanup tool. Even with the best planning, you can still be
bitten. But if you do most of your surfing with the one computer,
it improves the odds your "technician computer" can be used to make
rescue CDs when you need them.

*******

Here, users are having the same sort of problem as you.
MBAM won't install properly. It means the malware is
interfering with it. The last post in the thread, suggests
the person has a root kit present (computer is blue screening).

https://forums.malwarebytes.org/index.php?showtopic=28272

You can see here, the MBAM people know there are some
threats, where additional work is required.

https://forums.malwarebytes.org/index.php?showtopic=17607#entry90223

And that's why, by now, I'd probably be running my Kaspersky Rescue CD,
because I've got one, and it's easy to do an offline scan (offline means
the Windows OS is not running during the scan). There are more
tools of that type. I think there is also a BitDefender CD that
does the same sort of thing. (I think FSecure used to have one,
but I haven't tried that in years and years.)

Each tools has its strengths and weaknesses. With MBAM, it emphasizes
an "online" approach, which means "meeting the malware head on". They don't
even recommend running MBAM in Windows Safe Mode, because you might not
see all the heuristic behavior of the malware that way.
And such a head-banger approach has limits. There are always going to be
malwares out there, where the malware author specifically targets
MBAM, to prevent it from starting.

https://forums.malwarebytes.org/index.php?showtopic=17583

"Newer variants of this malware have become more inventive in how they
stay installed on machines by attacking all cleaning softwares/tools
so they do not run.

In fact the malware only allows certain core system components to
run and your browser.

Everything else is flagged by the software as infected and blocked
from running.

The truth is they are not infected and the malware is in fact the
software that is causing the issue's and trying to get you to buy it
in order to remove the problem."

That article goes on to demonstrate some approaches to the problem,
such as renaming the MBAM installer file. Now, you don't know
what is interfering on your PC, so using ProcExp from Sysinternals
or Task Manager, you might not know what you're lookin for there.

Picture of a scam. There aren't really 38 malware on this PC.
This is what happens when you download a fake AV by accident.

http://img19.imageshack.us/img19/6911/systemsecurity.jpg

HTH,
Paul
 
B

Ben Myers

Hello Paul,
I tried to go to:
C:\Program File\Malwarebytes' Anti-Malware\Chameleon
and it came back with file not found
Firefox can't find the file at /C:/Program File/Malwarebytes' Anti-Malware/Chameleon.
Robert

Usually "Program Files" with an "s".

C:\Program Files\Malwarebytes' Anti-Malware\Chameleon

Ben
 
B

BillW50

In Paul typed:
1) You have two computers. Do *all* your web surfing, on the
one machine. Now, that machine is going to get malware
once in a while.

Some people don't seem to get malware. I've been running Windows for 21
years and I never got anything. I worked on a lot of machines that had
been infected. I did have a trojan on my Commodores once though back in
the late 80's.
 
D

David H. Lipman

From: "MerseyBeat said:
Let's see... you have responses to THIS post. OK, so you have posted without replies in
the past. That doesn't change the future. How many responses will you get by NOT
posting?


;-)
 
D

David H. Lipman

From: "Paul said:
What do we know:

1) You have a problem.
The problem is likely caused by malware.

No, not neccessirily.

It could just be a simple Visual Basic run-time problem.
 
M

magineer02

Hello Paul,

I thought you said I was ok and wasn't infected?

In any case, I do have the same issue with both
computers so both are infected. So what am I to
do now?

Robert
 
M

magineer02

Hello Paul,

I tried to install malwarebytes again on the
8200 and got this:
vbalsgrid6.ocx- is not correctly registered,
a file is missing or invalid.

I then tried to check for updates but it didn't
open.

Then I tried open Spywareblaster to check for
updates there and this is what it gave me:

Error; access violation at 0x73483F5A (tried
to read from (oxoooooo14), program terminated.
Last CP is 'RF'.

Is it possible I can purchase the Kaspersky Rescue
CD since both computers are infected?

Since my System Image is not separate files but
written over each time I'm wondering if that also
is infected and as such useless. What about doing
a System Restore?

I believe I was infected when I first tried to
download AdwCleaner and clicked the large green
arrow instead of the small blue Bleeping Computer
link.

Thoughts/suggestions?
Robert
 
P

Paul

Hello Paul,

I thought you said I was ok and wasn't infected?

In any case, I do have the same issue with both
computers so both are infected. So what am I to
do now?

Robert

OK, let's back up a bit.

What have you done since AdwCleaner was run ?

Remember that AdwCleaner, removes *adware*. Adware are
potentially unwanted programs, such as Toolbars,
browser hijacks, that sort of thing. Adware is fairly
benign - what usually happens, is they try to show
you advertisements, and in the process, the adware company
makes money from the advertisements.

Malware, on the other hand, generally is a more
serious pest. And different tools are used
to both detect and treat them. Malware can be used
to control the computer, make it part of a botnet,
use the computer to attack other computers, and so on.
AdwCleaner has nothing to do with that stuff.

MBAM free edition, is a scanner that runs while the OS
is still running. And tries to detect popular forms
of malware (the malwares that many people experience).

When you have a resident antivirus program (AV), that
attempts to prevent the problem in the first place. You
use MBAM free version, if something gets through. Even MBAM
won't remove everything. Some commercial AV programs,
where a subscription is charged per year, have a relatively
well rounded feature set, and detect a good mix. But
most of the commercial tools, do not overlap with AdwCleaner.
AdwCleaner and Hitman Pro, are examples of tools intended
for PUPS/Adware, instead of the more serious malware.

AdwCleaner, - Adware/Nuisance Toolbars/PUPS
Hitman Pro

Avast! - Used to prevent malware (while Windows is running)
MBAM free - Used to clean malware if any gets through

TDSSKiller - Example of a free rootkit removal tool
RootkitRevealer - Class of tool, used to detect rootkits,
a special kind of malware

Kaspersky Rescue CD - Scans for malware while Windows is not running.
For cases where MBAM won't run perhaps. It's not
clear to me, how good it is at removing problems.
It uses signature based detection (can't use
heuristics, as Windows is not running). BitDefender
and FSecure have made discs like that in the past
as well.

Depending on the situation, you could still make a Kaspersky Rescue CD.
Now, if your browser cannot visit the link, that would be another
hint that you have a significant problem on the machine. A malware
that blocks access to anti-malware sites. If the browser still works,
and the download still works, chances are the CD will work. You
need a CD burning program, to convert the ISO9660 file, into
a bootable CD. Imgburn can do that, but computers from Dell likely
have their own CD burner software. You don't just "drag and drop" the
375MB .iso file onto the optical drive. The burner program opens
the .iso file, and converts it into a boot CD. So don't drag and drop.

Chances are good, that your browser still works, and you can get here.

http://support.kaspersky.com/8092

And if you see any additional "weird" symptoms, please post
them, as they may hint at how serious your situation is.

*******

I can find a match for the .ocx problem here. And the links at the
end of the article, don't really shine any light on what
actually broke. The four links at the end, are relatively
generic instructions on what to do. They may not actually
match what has happened to you. The person who posted those
links, obviously didn't want to go into details, which is
unfortunate. It would be nice to know, what the real reason
for the problem is.

https://forums.malwarebytes.org/index.php?showtopic=6207

In this example, it appears AVG quarantined the .ocx file in question.
A false positive. But this happened on an installation of the
commercial resident version of MBAM. Not for someone attempting
to install MBAM free one-shot scanner.

https://forums.malwarebytes.org/index.php?showtopic=90976

Since both computers do it, my guess is both machines use
the same AV product, both AV products did a definitions
update, and they've done something that has created
the problem. You'd open the AV program log file, and
find out what significant things have happened in the
last few days (i.e. the time after your last successful
MBAM run), to get more hints about what happened. Maybe
it isn't the named .ocx file in particular, but some
other file that got quarantined. I can't study the MBAM
installer very well, because I don't have lots of unpacker/hacker
tools for examining it. It uses INNO setup apparently.

We live in a complex world. You can run a computer without
any protection, but then you have to be a genius, to not
click the wrong "Download" button or fall into a trap. And
even large, business-oriented web sites, have been hacked and
used to deliver malware. So being a genius isn't enough,
and eventually you'll get infected.

The alternative, is to load up on protection tools. One
resident AV program. A variety of one-shot scanners for
cleanup. That sort of thing. And then, when your tools
get into a fight, and one tool shoots the other tool
in the foot, you again have to be a "genius", look
at the logs, use your Googling skills, to narrow down
what happened. If this was a false positive, normally
one of the antimalware company forums would be
filled with pissed-off customers. And Google would
help you find the thread discussing the details.
That's how I'd do it, "use the Google".

*******

If you want to restore from a backup, that's certainly
your choice. I can't really guess from here, how many
steps it's going to take, to fix it the regular way.
Of course, to restore from backup, you still require
some skills. Nothing you're about to do, is completely
without risk.

With backup/restore software, the weakest link, is not
having tested that restorations work. To test backup/restore,
requires one known-working backup solution (that you know works).
Plus the new and untested backup solution. You test the new
tool, and if it can't restore the computer, you then go
back to your tried-and-tested backup/restore solution. That's
about the lowest risk way to proceed.

I can give a concrete and funny example of backup/restore.
I worked in a "miniature computer company". We made all our
own utilities. One of our departments wrote the backup/restore
utility for our computer product. So the software guys have
finished the software, and they're pretty proud of themselves.
They immediately start using the software, and have maybe thirty
daily backups made (i.e. have been doing backups for a month,
without really looking at them). Then, our main server goes down.
The backup utility guys go to restore the main server from tape
and... it doesn't work :) Just the look on their faces was
priceless. *Always* test that the restore works properly,
*before* you really need it. That is something they neglected to
do, and they taught me a valuable lesson.

If worse comes to worse, the Dell can be restored to factory
conditions. That's your final option. But that really shouldn't
be necessary for this minor problem. If the computer was
completely frozen and locked up, the screen was full of
popup windows from a malware attack, then, I might be
tempted to "restore to factory" :)

Paul
 
P

Paul

Hello Paul,

I thought you said I was ok and wasn't infected?

In any case, I do have the same issue with both
computers so both are infected. So what am I to
do now?

Robert

Latest advice.

https://forums.malwarebytes.org/index.php?showtopic=55807

To Fully Remove and Reinstall a Fresh New Copy of
Malwarebytes - Read Carefully Windows Vista and Windows 7:

* Click on the Start button and select Control Panel
* Click on Programs and Features
* Uninstall Malwarebytes' Anti-Malware
* Restart your computer very important !
* Download and run mbam-clean.exe from

http://www.malwarebytes.org/mbam-clean.exe

[ That gives you mbam-clean-1.60.2.0003.exe 80,456 bytes]

It will ask to restart your computer, please allow it
to do so, very important. After the computer restarts,
temporarily disable your Anti-Virus and install the
latest version of Malwarebytes' Anti-Malware from

http://www.malwarebytes.org/mbam-download.php

*******

As Dave hinted, the MBAM code happens to use a third-party
library to do some stuff on the screen. I cannot find
a reference to error 440 on here. Maybe running mbam-clean.exe
will be enough to make the thing install again. I expect
what happened was, the installation stage was finished,
and mbam.exe was starting to run the first time, when
the problem showed up.

http://www.vbaccelerator.com/insprob.htm

The VB Accelerator uses either VB5 or VB6, and
probably VB6 based on the name of the ocx file vbalsgrid6.ocx.

http://www.vbaccelerator.com/install.htm

I think vbalsgrid6.ocx has already loaded, and so a
VB6 dependency isn't the problem. This install file
from Microsoft, is likely already in your system folder.

http://www.vbaccelerator.com/install.htm

Now, those VB6 files they mention are *ancient*. The OS should
already have a msvbvm60.dll. When I use DependencyWalker
on vbalsgrid6.ocx, the only thing it seems to use is msvbvm60.dll.
There would likely be some other error report, if
msvbvm60.dll was missing. I don't really feel this kind
of messing around is necessary, but we'll see if the
mbam-clean does any good first.

http://support.microsoft.com/kb/235420/en-us

Paul
 
B

Buffalo

wrote in message
Hello Paul,

I tried to install malwarebytes again on the
8200 and got this:
vbalsgrid6.ocx- is not correctly registered,
a file is missing or invalid.

I then tried to check for updates but it didn't
open.

Then I tried open Spywareblaster to check for
updates there and this is what it gave me:

Error; access violation at 0x73483F5A (tried
to read from (oxoooooo14), program terminated.
Last CP is 'RF'.

Is it possible I can purchase the Kaspersky Rescue
CD since both computers are infected?

Since my System Image is not separate files but
written over each time I'm wondering if that also
is infected and as such useless. What about doing
a System Restore?

I believe I was infected when I first tried to
download AdwCleaner and clicked the large green
arrow instead of the small blue Bleeping Computer
link.

Thoughts/suggestions?
Robert

Somewhere it sounds like you ran AdwCleaner. It most likely messed up your
SpywareBlaster program and your toolbar, at the very minimum.
If AdwCleaner has a recover feature, I suggest you use it.
You can always try the Free version of SAS (SuperAntiBlaster).
http://www.superantispyware.com/ Red Button
You could also dl the Professional Trial version Green Button
It is an excellent program and I use the Pro version of SAS on my laptop and
the Pro version of MBAM on my Desktop.
DL, install,update and run the Quick Scan.
Let if fix what it finds and follow its directions. When it finds no more,
update and run the Complete Scan.
 
P

Paul

Buffalo said:
wrote in message


Somewhere it sounds like you ran AdwCleaner. It most likely messed up
your SpywareBlaster program and your toolbar, at the very minimum.
If AdwCleaner has a recover feature, I suggest you use it.
You can always try the Free version of SAS (SuperAntiBlaster).
http://www.superantispyware.com/ Red Button
You could also dl the Professional Trial version Green Button
It is an excellent program and I use the Pro version of SAS on my laptop
and the Pro version of MBAM on my Desktop.
DL, install,update and run the Quick Scan.
Let if fix what it finds and follow its directions. When it finds no
more, update and run the Complete Scan.

AdwCleaner is a two stage program (like some others). You click
the Scan button, then review the things shown on the screen. That's
when you would effectively be warned you might be about to remove
something important. You only click "Clean", when you're
absolutely sure what needs cleaning.

Paul
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads


Top