Results 1 to 10 of 106

Thread: Blocked from running Spybot or any other malware remover

Hybrid View

Previous Post Previous Post   Next Post Next Post
  1. #1
    Join Date
    Aug 2011
    New York City

    Default Blocked from running Spybot or any other malware remover


    First off, I'm using Windows XP, and have run all the necessary updates to the best of my knowledge promptly and accurately.

    I am being blocked from running Spybot, so I cannot even create a log to submit here. I will try my best to explain the problem as best I can figure it out, but please bear in mind that I am not very technical literate when it comes to such matters.

    If anyone can help, I would sincerely appreciate it.

    Now, I first started noticing something was amiss when the latest Microsoft Windows auto update came through several days ago. I saw the little icon in my system tray, and I clicked on it, and then installed the update. Afterwards, I was told to restart my PC. I did so. However, now I constantly see the Windows Updater icon in my system tray as if there is an update, even when I have already run the update.

    I looked into just what it was that Windows wanted me to update, and I found that it is the "Windows Malicious Software Removal Tool - August 2011 (KB890830)". Except, it's listed as having "0 bytes". I don't know if that important or not, but I'm making notice of it here just the same. I since downloaded this file over and over, but it still won't disappear.

    Furthermore, now whenever I shut my PC down for the day, I notice the little Windows install shield promising to install the update before shutting my PC down. I let it do this each time, and each time it is still there the next time I shut my PC down.

    In addition to this, I might add, my McAfee Security Center has been unable to run a scan for two weeks now. Whenever I try to run one, I get an error code.

    Realizing that I might be infected with some kind of malware, I went to all my usual steps. I tried HijackThis first. I ran the updates on it first, then tried to open the program. I receive a message saying that Windows could not gain access to this particular file.

    I tried Spybot S&D next, but the same thing occurred. I uninstalled Spybot and downloaded a more up to date version from Safer Networking, but again I was told that Windows could not access this file after the program was installed.

    Lastly, I tried Ad-Aware, but . . . you get the picture.

    I even went to Microsoft's Windows site and manually downloaded the Malicious Software Removal tool, which succeeded in getting the installer onto my desktop. But after installing the tool and running it, halfway through the quick scan the process suddenly shut down.

    I received a message from my Firewall saying that it blocked a program from accessing the web. This happened again when I tried to run it from MS online directly.

    I'm afraid I'm fresh out of ideas!

    I even went to Safer Networking and purchased the bootable CD, but that could take many days to arrive and I don't even know if that is the right step to take in combating whatever this problem might be.

    I don't know if anyone can help me, but I hope so. I'm at my wit's end! I apologize for the rather long post, but I figured it was best to be as thorough as possible.




  2. #2
    Senior Member
    Join Date
    Aug 2010
    Near Atlanta, GA


    Hello Ryodin and welcome to Safer-Networking Form.
    I'm RedCar92 and my name is Bill, I'll be glad to help you with your computer problems.

    • Please observe these rules while we work:
    • Read the entire procedure
    • It is important to perform ALL actions in sequence.
    • If you don't know, stop and ask! Don't keep going on.
    • Please reply to this thread. Do not start a new topic.
    • Stick with me till you're given the all clear. Malware removal can be stressful but we will clean it.
    • Remember, absence of symptoms does not mean the infection is all gone.
    • Don't attempt to clean your computer with any tools other than the ones I ask you to use during the cleanup process.

    Please be advised, as I am still in training, all my replies to you will be checked for accuracy by one of our experts to ensure that I am giving you the best possible advise, this will be a team effort.
    This may cause a delay, but I will do my best to keep it as short as possible.

    Please bear with me, I will post back to you as soon as I can.

    IMPORTANT NOTE : Please do not delete anything unless instructed to.
    DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision.

    Doing so could make your pc inoperative and could require a full reinstall of your OS, losing all your programs and data.

    Stay with this topic until I give you the all clean post.

  3. #3
    Join Date
    Aug 2011
    New York City


    Hi Bill,

    Thank you so much for the speedy reply. I will do as you suggest and wait until you can get back to me. I understand this may take some time, but I'm in it for the long haul.

    If it helps any, I will include below the message window that pops up whenever I try to run a malware removal program (SpyBot, Ad-Aware, etc.):

    "Windows cannot access the specified device, path, or file. You may not have the appropriate permissions to access the item."

    Again, this happens anytime I try to open and/or run an anti-malware tool. I don't experience this problem with any other programs on my PC, however.

    Thanks again!


  4. #4
    Senior Member
    Join Date
    Aug 2010
    Near Atlanta, GA


    Thanks Ryodin, I will be back asap.

  5. #5
    Senior Member
    Join Date
    Aug 2010
    Near Atlanta, GA


    Greetings ryodin,
    I feel your pain, so let's get started,

    Please download exeHelper to your desktop.
    Double-click on to run the fix.
    A black window should pop up, press any key to close once the fix is completed.
    Post the contents of exehelperlog.txt (Will be created in the directory where you ran, and should open at the end of the scan)

    • Please download aswMBR ( 511KB ) to your desktop.
    • Double click the aswMBR.exe icon to run it
    • Click the Scan button to start the scan
    • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

    • Download OTL to your desktop.
    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • When the window appears, underneath Output at the top change it to Minimal Output.
    • Check the boxes beside LOP Check and Purity Check.
    • Under Custom Scan paste this in

      %systemroot%\*. /mp /s
      %systemroot%\system32\*.dll /lockedfiles
      %systemroot%\Tasks\*.job /lockedfiles
      %systemroot%\system32\drivers\*.sys /lockedfiles

    • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
      • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
      • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.
      • You may need two posts to fit them both in.

    Logs to post:
    • aswMBR.txt
    • OTL.txt
    • Extras.txt

  6. #6
    Join Date
    Aug 2011
    New York City



    Sorry for the late reply. I've been having trouble running these steps you outlined above. As I mentioned before, whatever it is that's infecting my PC seems to be blocking attempts to run .exe files I try to open. With this in mind, I decided against saving "exeHelper" and "aswMBR" to my desktop. I opted instead to press "run" instead of "save" and run them off the host site directly.

    This worked for the above two .exe files, but not for the third: OTL. When I tried to run OTL from the website, I was told that I could not do so and would have to save it first. So I did so. I was able to open OTL and implement all the steps you outlined, up to and including pasting the "Custom Scan" list. Once I did this, I clicked the "Run Scan" button. The program immediately closed and would not respond. Upon attempting to open OTL a second time, I received that familiar message: "Windows cannot access the specified device, path, or file . . ." as I mentioned earlier in this thread.

    Additionally, I'm not even allowed to remove the OTL .exe from my desktop. When I tried to delete it, I'm told that I am not allowed to.

    So, unfortunately, I cannot post any logs from OTL. I do, however, have logs from exeHelper and aswMBR. Since you did not ask me to post the log from the exeHelper scan, I will instead only paste the aswMBR one below.

    However, before I do so, I would like to point out that it seems the aswMBR scan did not completely cycle through. It found a bunch of errors, but then appeared to stall out near the end. Or perhaps it was already at the end of the scan? I can't tell because there was no message or anything telling me that the scan had been completed. To me it appears like as if it simply stopped scanning beyond a certain point. So after 30 minutes of waiting, I finally hit the "save log" button and generated a report.

    Maybe you can make sense of it. Here is a copy of the log:


    11:07:09.250 Disk 0 Vendor: ST3120026AS 8.05 Size: 114440MB BusType: 3
    11:07:11.312 Disk 0 MBR read successfully
    11:07:11.312 Disk 0 MBR scan
    11:07:12.515 Disk 0 Windows XP default MBR code
    11:07:12.531 Disk 0 scanning sectors +234372285
    11:07:12.781 Disk 0 scanning C:\WINDOWS\system32\drivers
    11:08:59.218 File: C:\WINDOWS\system32\drivers\serial.sys **INFECTED** Win32:Sirefef-H [Rtk]
    11:09:14.109 Service scanning
    11:09:20.656 Modules scanning
    11:09:32.093 Module: C:\WINDOWS\System32\DRIVERS\serial.sys **SUSPICIOUS**
    11:10:02.218 Disk 0 trace - called modules:
    11:10:02.250 ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x8a5247c0]<<
    11:10:02.625 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a699ab8]
    11:10:02.625 3 CLASSPNP.SYS[f7637fd7] -> nt!IofCallDriver -> [0x8a512e48]
    11:10:02.625 \Driver\00000696[0x8a5bcb60] -> IRP_MJ_CREATE -> 0x8a5247c0
    11:10:07.375 AVAST engine scan C:\WINDOWS
    11:11:33.968 AVAST engine scan C:\WINDOWS\system32
    11:20:46.812 AVAST engine scan C:\WINDOWS\system32\drivers
    11:21:36.875 File: C:\WINDOWS\system32\drivers\serial.sys **INFECTED** Win32:Sirefef-H [Rtk]
    11:21:59.125 AVAST engine scan C:\Documents and Settings\David Batista
    11:55:38.031 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\David Batista\Desktop\Logs\MBR.dat"
    11:55:38.031 The log file has been saved successfully to "C:\Documents and Settings\David Batista\Desktop\Logs\aswMBR.txt"


    I would also like to mention that I do own another, more up-to-date PC, running Windows 7. I also own a flash thumb drive. I'm only making you aware of this in case we might be able to use that to fix my infected PC.

    Thanks for the help again!


Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts