40 total posts
(Page 1 of 2)
The rep from malware sent me a combofix and its looks liked it worked.
Great to hear !
You are in good hands at the MalwareBytes Anti Malware forum.
Antivirus System PRO on XP on HP laptop
Intermediate user here.
Trying everything to get rid of this junk. It won't allow me to run any of the four versions of rkill, even to open as admin. I have Malwarebytes installed on the laptop, only because I transferred it with a jump stick from another computer. I can't open any programs incl IE browser on affected computer, including a command prompt.
I don't know where to start to get rid of this junk.
Any help is gratefully appreciated.
Think I have it fixed
So far so good, booted the pc and i got rkill up and running before malware started up.
Thank's, it worked!
I had the same problem, but i ran rkill as soon as possible after booting... and it actually worked! Now I can finally go to sleep!
Trying to run rkill but having problems with errors
I'm attempting to run rkill on my WinXP Laptop as an initial step to removing the rogue program "Internet Security 2010". After running rkill for the first time, the rogue program labels it as harmful and stops rkill. At the advice of another thread, I am leaving this error open and rerunning rkill as a work around. This part works. Rkill starts up and creates a few files. Shortly after these files are created, the desktop disappears and the startup background flashes up for a few seconds. The desktop reappears and I get an error message that says "Login.exe" across the top and "Another program is currently using this file." in the message box.
Tried two new links, but had same problem
Thank you for the quick response. I tried the two programs that you suggested, but unfortunately recieved the exact same response and error message as previously described. Any other ideas??? I really appreciate the help.
Have you already tried Malwarebytes Anti Malware?
I would suggest:
please use a friend's or family member's computer and download the Malwarebytes tool and it's manual update from the link below.. Once downloaded, rename the program installer "mbam-setup.exe" file to something else like "Your Name.exe", then copy the installer file and the update file to a CD or flash drive.. Transfer the file to the problem machine, then install the "Your Name.exe" file, then run the update to get the program current.. After that, run a full system scan and delete anything it finds.
Malwarebytes Download Link (Clicking on the links below will immediately start the download dialogue window.)
Malwarebytes Manual Updater link
SuperAntispyware Manual Updater
Does that work?
error message that says "Login.exe" across the top
I found the following:
Name: Windows Login
Fix login.exe errors: Try a Registry Scan
Description: A variant of the Win32/Bifrose Trojan.
File Location: %System%
Startup Type: This startup entry is started automatically from a Run, RunOnce, RunServices, or RunServicesOnce entry in the registry.
Autoruns saved my life....
I can't thank you enough for this post Marianna. I was beginning to think that "Security Tool" had outwitted everyone...
Preventing "Security Tool' from starting, at boot up, at all, and then eliminating it altogether with a mal ware program was a stroke of genius.
A step by step approach for anyone interested in trying this is here:
Thanks so Much
Really appreciated your help.
Thank You! Thank You! Thank You!
My Malwarebytes scan ran all night but it found and erased all of this pesky malware. Thanx so much for this insight.
OMG - This post that somebody sent to me, I think saved my pc from a virus.. I ran the RKILL.exe then Updated and Ran Malwarebytes.. Seems to have found and removed the virus.. I rebooted the laptop it seems to be working as normal so far but doing some final spot checkups tonight.. THANK YOU MARIA for posting these links.. LIFE SAVER!
McAfee sees rkill.com and other rkill files as trojans
I read the posts about using the rkill.com and other renamed versions of it (all of the ones in the posts here), so I tried to download each one in succesion. Each one was tagged as a trojan by my McAfee Total Protection, so I blocked them.
I specifically looked here on CNET because I am careful about following one set of instructions to get rid of a problem when I'm not even sure if they're from a reputable source. Since I trust CNET as a credible source I looked here and see the references to the http://www.bleepingcomputer.com fixes.
What do you guys suggest now given that the files McAfee sees as trojans are the first ones needed in the process to get rid of the Control Center virus?
Hi John, Both Grif and Carol know more about McAfee
than I do but I don't know if either will be around this weekend or not. Is there any way to tell McAfee to ignore those files so you can use them? Most antimalware/AV programs will let you do that but I don't know about McAfee. BTW, we use BleepingComputer's fixes because they are very good.
McAfee sees rkill as trojan
McAfee does give me the option to allows the file. After I chose to block it before it popped up a message saying that McAfee had detected and deleted a trojan and that I did not have to take any action. This is why I am weary about allowing the file, since McAfee saw it as a Trojan.
It sounds like you're saying that depsite McAfee seeing it as a trojan file I should trust it anyway. This is why I came here vs. some other random site.
Please clarify if I am understanding your advice correctly and thanks much for the help.
I am not the one that should be helping
you with this. I am not a trained malware remover. Usually it is the malware that blocks rkill. My suggestion would be to either wait for Grif because he is also a Mod at the McAfee forum or Carol possibly knows more about this, She is familiar with McAfee also. Being a weekend I have no idea if either will be around or not. The other option would be to visit the McAfee forum and either look for an answer or post the question there. Sorry I can't help you more.
Re: McAfee See's Rkill As Trojan
It is NOT uncommon for an A/V to detect Rkill (and other similar tools) as malicious. To avoid interference, temporarily disable McAfee before running Rkill. It's why this thread was created. If McAfee Total Protection has an exclusion list, you can also go that route. I would go one step further, and let McAfee know their Total Protection is detecting Rkill erroneously. Hopefully, they'll correct it.
Additionally, you'll note the creator of Rkill states in his introduction to Rkill:
'On a final note, when you download and run RKill, certain anti-virus programs may state that the program is a security risk. This is because some of the tools used by RKill can be used for good or bad, though the programs themselves are perfectly harmless, and most anti-virus programs just lump them into the bad category. I assure you we are using them only for good purposes'
I commend you for being cautious and asking first.
Best of luck..
Now I can't get Malwarebytes to work
Out of frustration and knowing I would likely not have much time to devote to this issue after the weekend was done I did what Carol suggested before I even saw her post. I got rkill on a jump drive and was able to disable control center, I think. I have malwarebytes anti-malware on the infected computer, but when I tried to run it by calling up the task manager and looking for it in programs the exe file is nowhere to be found. I tried reinstalling it from the jumpdrive and it looks like it installs, but I can't get it to run. I also can't seem to get it to properly, or completely, uninstall to do a clean installation.
So, in a nutshell I'm still stuck on the infected computer and I'm at the point where I can get the rkill and the installation file for malwarebytes on a jump drive, but I'm stuck from there.
Re: Now I can't get MBAM to work
'I'm still stuck on the infected computer and I'm at the point where I can get the rkill and the installation file for malwarebytes on a jump drive, but I'm stuck from there.'
Before copying the MBAM installer/mbam-setup.exe (AND the update file ) on to the jump drive, did you rename the installer? If not, you need to. Rename it fsujohn.exe, or the like.
Your first paragraph confuses me. IF you already managed to install MBAM on the infected computer, navigate to C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe and rename the mbam.exe. (It may be necessary to unhide your files and folders, in order to view the mbam.exe.) Once renamed, double-click on the file and see if you're able to run the program.
At one point, you mentioned the mbam.exe was no where to be found. There are certain instances, where the mbam.exe will be missing. If this continues to be the case, let us know, and I'll include a renamed mbam.exe in my next post.
At another point you stated you were unable to completely uninstall MBAM. If THAT'S the case, then try the MBAM Clean Up Utility and start again, as noted above. I don't know what set of instructions you've been following, but they should be similar to this.
Yep, Carol's Got It Right..
A number of malware types will remove the main mbam.exe executable from the Program Files\Malwarebytes Antimalware folder.. The easiest way to fix the problem is to simply copy the mbam.exe file from a second computer where Malwarebytes is installed, then transfer it using a flash drive to the infected machine.. Paste the copied file into the C:\Program Files\Malwarebytes Antimalware folder and double click on the file to run the program..
Be sure to perform this procedure after running Rkill and without restarting the computer.
Hope this helps.
Internet Security 2010 virus
This thing has taken over my computer. Made a few attempts to find it and delete it in harddrive, and it blocked me from access. Can't get past the "Welcome" screen where you have to click on "owner" box. Any tips on how to bypass that would be greatly appreciated. I am fairly computer ignorant, so good instructions would be very helpful. Thanks.
I really appreciate the advice, but my main problem now is that the software won't let me past the Welcome page to get to my desktop to load any software and do anything. When I click on the "owner" box to enter, my desktop flashes briefly and then the virus takes me right back to the Welcome page. Any ideas?
Can you log on into SAFEMODE ?
How to Start Windows in Safe Mode
Then use System Restore and go back several days....
Once you get in, you will notice that Windows is now running in safe mode, because "safe mode" is displayed in the four corners of your screen. You will also notice it by the reduced functionality and display settings.
Do not worry, if everything goes according to plan, this is only temporary. Now that you are in Windows, you can use System Restore to flash your computer back to when it was still working.
Click Start->All Programs->Accessories->System Tools->System Restore.
In the System Restore wizard, check the option to "Restore my computer to an earlier time" and click next.
In the calendar that appears, choose a good restore point and click next. When the operation is complete, your computer will restart and it will tell you that the system was restored.
Does it work?
I really appreciate your attempts to help me, but I guess I am going to have to get the Geeek Squad people out here. I am using an extra older computer to connect with you.
My main computer is still locked up by this virus. No matter which safe mode I try, the thing always takes me back to the same Welcome page. Won't let me past that. I downloaded the malware and rkill software but can't load it without getting past the virus. Thanks again for your help.
If the "geek squad" has not come...
Rowdy, I'm Cleaning A Similar Problem Here, Here's How..
First, you'll want to have a Windows CD for use on a "repair" installation later, maybe. If the cleanup tools work correctly, things may resolve themselves easily. If not, you may need the Windows CD to run a repair installation.
Next, on separate clean computer, download the free Avira Rescue Disc program and create a bootable rescue disc using the instructions below. Once that's done, boot the computer using the Rescue disc and make sure to select the option to "Rename files" per the instructions, then run the scan using the disc.. You don't need to login to your computer as the rescue disc will run "outside" of Windows.
Avira AntiVir Rescue System
After the disc is created, follow these instructions to run it:
Tutorial for Avira Rescue CD
Next, follow the instructions below which you already have some of the tools for. The rescue disc should have eliminated enough of theproblem to allow "rkill" to run and allow you to install malwarebytes, etc.. In some case, after the installation of Malwarebytes, the actual "mbam.exe' file will be removed by the malware.. You can easily replace it by copying the file from a separate computer where Malwarebytes is installed, renaming it, then placing in the correctly folder listed below.:
Download ALL of the tools below on a friend or family member's, CLEAN computer and copy them to a CD or flash drive, then transfer them to the problem machine.
First, please download and run the following tool to help allow the removal programs below to run. (courtesy of Grinler at BleepingComputer.com)
There are 4 different versions. If one of them won't run then try to run the other one.
Vista and Win7 users need to right click and choose Run as Admin
You only need to get one of them to run, not all of them.
IMMEDIATELY after running the "Rkill" tool above, run/install the Malwarebytes and SuperAntispyware installer and update files from the links below which you've also copied to a CD or flash drive, and transfered to the problem machine. Do NOT restart the computer after running Rkill.
Once downloaded and before transferring Malwarebytes and SuperAntispyware to the problem machine, rename the program installer "mbam-setup.exe" file to something else like "Gogetum.exe", then copy the installer file and the update file to a CD or flash drive.. Transfer the file to the problem machine, then install the "Gogetum.exe" file, then run the update to get the program current.. After that, run a full system scan and delete anything it finds.
Malwarebytes Installer Download Link (Clicking on the links below will immediately start the download dialogue window.)
Malwarebytes Manual Updater link
Next, install and run a full system scan with the SuperAntispyware program and the manual updater from the links below. As before, you may need to rename the installer file to get the program to install.:
SuperAntispyware Manual Updater
In a few situations, in order for the program to run, it was also necessary to rename the main "mbam.exe" file also after installing it.. It resides in the C:\Programs Files\Malwarebytes Antimalware folder....
Hope this helps.