KB

Removing Antivirus 2009 and Variants

The current theory is that they are getting in via flash ads in banners.

  1. Use MalwareBytes AntiMalware
  2. VundoFix
  3. SmitFraudFix (CLI utility)
  4. ComboFix (CLI utility)
  5. Avira RescueCD

Maybe TDSS is blocking MalwareBytes?

There has been a rash of the TDSS malware that might be the culprit of not being able to install or run MBAM.
If it is then this solution below might help. If it does then start in Normal Windows mode and try to update MBAM and do a scan.
Then follow the directions above and post the requested information.

  1. Click on Start, click Run, and then type devmgmt.msc and click OK
  2. On the View menu click on Show hidden devices
  3. Browse to Non-Plug and Play Drivers and you should see something like TDSSserv.sys
  4. Highlight that driver and right click on it and select DISABLE
  5. Now RESTART your computer.
  6. Download a copy of Malwarebytes but DO NOT run it yet.
  7. Rename the downloaded installer file to any generic name such as your own name but keep the .EXE extension on the file and run it.
  8. Once the program is installed go to the UPDATE tab and try to update the program if you can.
  9. Then go to the SCANNER tab and run a Quick Scan and allow MBAM to fix anything found.

When I went through this process I got an error on reboot about checking consistency on drives. When windows came up it gave the "recovered from a serious error" message. However, the renamed Malware Bytes executable did install. Was able to run an update and do a scan and all was good.

Use this process at your own risk.

You may also have to do the following if you cannot see TDSSserv.sys:

  1. Open a command prompt.
  2. Run this: "set devmgr_show_nonpresent_devices=1"
  3. Run "start devmgmt.msc"
  4. View menu... Show non-plug and play drivers
  5. Kill TDSSsrv.sys (fully uninstall from Device Manager)
  6. Wash, rinse, but hopefully no need to repeat.

Other Ways to get MalwareBytes to install

Install Malwarebytes in Safe Mode with Networking

If it won't run after being installed

I would also add the recommendation to rename the mbam.exe file before executing it. rename it to whatever , I use remove.exe. Keep in mind that uninstalling MWB after may not remove all files from the machine.

If the the install process stops and does not finish try killing the processes mbam.exe from task manager (i.e. you didn't rename the mbam.exe file). This often allows the install to complete and lets you rename the mbam.exe and run your newly renamed executable.

On a side note, when MBAM fails (often due to other infections not found, you will likely find Superantispyware the soolution to your problems.