Malwarebytes exe gets deleted by Trojan Vundo, WinFixer, Virtumonde, Msevents and

its variations.

Here's the symptoms:

When you try to I launch malwarebytes, it does not run. If you try installing it again it goes through the installation but comes

up with an error below:

---------------------------
Setup
---------------------------
Unable to execute file:

C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe

CreateProcess failed; code 2.

The system cannot find the file specified.
---------------------------
OK
---------------------------

One of the ways of eradicating this issue that we've tested is using file protection software that controls access to read,

view copy, move or delete them. Use google and you'll come up with quite a few hits for free file protection utilities.

In this specific case, as soon as the Malwarebytes installations is complete mbam.exe file gets immediately deleted by the

malicious program that resides on your PC. All you have to do is to protect mbam.exe file from deletions.

Here’s the steps:

1. Open up Windows Explorer and browse over the Malwarebytes installation directory. By default it’s:

C:\Program Files\Malwarebytes' Anti-Malware.

2. Start MB installation, follow the wizard and carefully watch the progress bard as files are getting copied to

your drive. Important: As you are installing the program make sure that your widow to:

C:\Program Files\Malwarebytes' Anti-Malware is open.

3. Toward the end of installation you’ll see mbam.exe appears in the directory. Make sure to make a copy of it

immediately, as it will get deleted in as soon as installation concludes.

4. Once the original executable has been deleted rename your copy into: mbam.exe, then password protect it.

That way you can run MalwareBytes now, update malware definitions and remove infecions from your computer.

We used EXE Protector that comes with WinUtilities program, entered the path for the executable and password protected it.

Another way, which seems to be much easier, is to take advantage of the link available at malwarebytes.com to obtain

a fresh copy of the executable.

You can download MalwareBytes executable file directly from MB site here What this link does it randomly

generates a name for MB executable each time you click on it.

Once prompted to run/save the file, save it to the MB installation directory:

C:\program files\Malwarebytes' Anti-Malware\.

Next, go to C:\program files\Malwarebytes' Anti-Malware\ folder and open up the file you’ve just downloaded to launch MB.

The program should start now and you will be able to perform a full scan.

Make sure to run Update to get the most recent malware/virus definitions before you ran the scanner.

Once the scan is complete, click on Remove Selected to get rid of the virus/malware infections. You will most likely be

prompted to restart your computer.

We recommend to scan your computer using other tools regardless of the results.

Your can download the FixVundo.exe file from Symatec here
Save the file to a convenient location, such as your Desktop.

Close all the open programs and disconnect the computer from the network and the Internet.
If you are running Windows Me or XP, turn off System Restore.

Locate the file that you just downloaded and double-click on it to start the removal process.
Click Start to begin the process, and then allow the tool to run.

Note: Do not launch any new applications while the tool is running.


Once finished, restart the computer and run the removal tool again to ensure that the system is clean.
If you have disabled System Restore now it's time to re-enable it and reconnect the computer to the network or to

the Internet connection.
Make sure to Run Live Update to get the most current virus definitions from Symantec.

When the tool has finished running, you will see a message indicating whether Vundo is still residing on your computer.

You will also see detailed scan results such as:

• Total number of the scanned files
• Number of deleted files
• Number of terminated viral processes
• Number of fixed registry entries added by Vundo trojan