Over 1 million tech questions and answers.

Im having trouble with mbam and rkill

Q: Im having trouble with mbam and rkill

Hi Im following your guide to removing windows recovery.
I use windows xp pro
When i try to log on in safe mode is says
press esc to cancel loading SPTD.sys
then it restarts no matter what i do
can you help?
Best wishes
Bostonrock

RELEVANCY SCORE 200
Preferred Solution: Im having trouble with mbam and rkill

I recommend downloading and running Reimage. It's a computer repair tool that has been proven to identify and fix many Windows problems with a high level of success.

I've used it in the past to identify and fix everything from blue screens (BSOD's), ActiveX errors, corrupt files and processes, dll/exe/sys errors, recover lost memory, Windows update problems, defragging, malware removal etc.

You can download it direct from this link http://downloadreimage.com/download.php. (This link will automatically start a download of Reimage that you can save to your computer.)

A: Im having trouble with mbam and rkill

What happens when you try to launch RKILL or MBAM in normal mode?See if you can run this tool in normal modeDownloadTDSSkillerLaunch it.Click on change parameters-Select TDLFS file systemClick on "Scan".Please post the LOG report(log file should be in your C drive)Do not change the default options on scan resultsIf this finds rootkit,remove it and try booting into safemode with networking

Read other 1 answers
RELEVANCY SCORE 63.2

Please help! I am currently running Windows XP.

A:Cannot run rkill or MBAM

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. Please include a clear description of the problems you're having, along with any steps you may have performed so far.Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.Please download OTL from following mirror:This is THE MirrorSave it to your desktop.Double click on the icon on your desktop.Click the "Scan All Users" checkbox.Push the button.Two reports will open, copy and paste them in a reply here:OTL.txt <-- Will be openedExtra.txt <-- Will be minimizedIn the upper right hand cor... Read more

Read other 8 answers
RELEVANCY SCORE 63.2

Does rkill log processes it kills ? Can't see much happening with it or the other renamed copies.Is Malwarebyted software free ? I assumed it was free from what I read on the internet reference page below. The software promts to purchase? On the internet there is no purchase button. What is the price if you charge ? I would like to continue to use System Mechanic.http://www.bleepingcomputer.com/virus-remo...antivirus-suiteI got MBAM_ERROR_UPDATING(12007,0,WinHttpSendRequest)Neither Explorer or Firefox is working on the infected computer. I'm running in safe mode (with networking).Any help is appreciated.Elroy

A:rkill & MBAM

Hello , if it finds something yes.Let's try this to clean.Run FixExe.regFixExe.reg ....click Run when the box opensNext run ATF and SAS: If you cannot access Safe Mode,run in normal ,but let me know.Note: On Vista, "Windows Temp" is disabled. To empty "Windows Temp" ATF-Cleaner must be "Run as an Administrator".From your regular user account..Download Attribune's ATF Cleaner and then SUPERAntiSpyware , Free Home Version. Save both to desktop ..DO NOT run yet.Open SUPER from icon and install and Update itUnder Scanner Options make sure the following are checked (leave all others unchecked):Close browsers before scanning.Scan for tracking cookies.Terminate memory threats before quarantining.Click the "Close" button to leave the control center screen and exit the program. DO NOT run yet.Now reboot into Safe Mode: How to enter safe mode(XP)Using the F8 MethodRestart your computer. When the machine first starts again it will generally list some equipment that is installed in your machine, amount of memory, hard drives installed etc. At this point you should gently tap the F8 key repeatedly until you are presented with a Windows XP Advanced Options menu. Select the option for Safe Mode using the arrow keys. Then press enter on your keyboard to boot into Safe Mode. Double-click ATF-Cleaner.exe to run the program.Under Main "Select Files to Delete" choose: Select All.Click the Empty Selected button.If you use Firefox or Opera... Read more

Read other 4 answers
RELEVANCY SCORE 63.2

My laptop was infected by some kind of virus. The Windows Security always alerts me that my computer is under attack and asks me to run an online anti-virus or something. I successfully installed the MBAM, but it won't run. I tried RKill too (try rename it too), but it won't run either. The error message says that application is failed to run and it is infected. How can I run MBAM then?

A:I can't run MBAM and RKill

Some types of malware will target Malwarebytes Anti-Malware and other security tools to keep them from running properly. If that's the case, please refer to the suggestions provided in For those having trouble running Malwarebytes Anti-Malware.

Read other 5 answers
RELEVANCY SCORE 62.4

Summary: My son's computer is still infected even after I have tried to removeit using: SAS (Super Anti-Spyware), MBAM (MalwareBytes Anti-malware),RKILL, COMBOFIX, etc. Systems summary: Windows XP SP3. Originally I was running Avira anti-virusversion 9, but in the middle of the counter attack I upgraded to version 10.One thing that bothers me about Avitra is that I cannot seem to disable itwith uninstalling it. Several of the tools say to disable antivirus whilethey scan. Also running windows Defender, and Updates are set to Automatic.Symptoms: The original symptom was a slow computer. My son noticed a popupfrom one of the fake antivirus programs. I found many thousand of porn filesunder his content.ie5 folder. I began to counter attack using advice onbleepingcomputer.com including running SAS (Super Anti-Spyware), MBAM(MalwareBytes Anti-malware), RKILL, COMBOFIX, etc. They reported variousproblems and I always chose to remove all the identified problems.I never got GMER to successfully complete. At one point I saw that the GMERscreen had about 20 lines of output. The next time I looked at it the lastdozen lines were not there anymore and there was a popup saying "The scan wasstopped". But it was not stopped by me!Two tools show there is still some infection. In the HijackThis.log I foundthis line. O23 - Service: QUKHGEJP - Unknown owner - C:\DOCUME~1\Steve\LOCALS~1\Temp\QUKHGEJP.exe (file missing)I chose to delete it... Read more

A:Still infected after SAS MBAM RKILL etc.

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

Read other 30 answers
RELEVANCY SCORE 62.4

Hi,

My netbook running windows XP is infected with the System Check malware. I tried following online guides by booting into safe mode with networking and applying TDSS.exe, RKill (different file names, from USB etc.). It seems like it did something, but then everytime I tried running MBAM (different names, from USB), it would be blocked by the malware. I am not sure where to go from here besides doing a clean install of XP after using GParted to pull my files out. Please help!

I also tried Super Anti-Spyware and that finds some trojans but after removing those, MBAM still does not work.

A:Rkill and Mbam not working - Please help

Please follow the instructions in ==>This Guide<== starting at Step 6. If you cannot complete a step, skip it and continue.Once the proper logs are created, then make a NEW TOPIC and post it ==>HERE<== Please include a description of your computer issues, what you have done to resolve them, and a link to this topic.If you can produce at least some of the logs, then please create the new topic and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the topic and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.It would be helpful if you post a note here once you have completed the steps in the guide and have started your topic in malware removal. Good luck and be patient.If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.

Read other 3 answers
RELEVANCY SCORE 62.4

This morning, Panda blocked TEN Katushas on a Yahoo web page (after my browser locked up for ~30 sec). To be on the safe side, I decided to run an MBAM scan, only to find this program crashed/vanished about 16 sec in, before it had a chance to actually begin scanning any files. Tried to run rkill MANY times (in normal AND safe modes) only to find the DOS screen crashing after a couple of seconds. Now, as luck would have it, I also noticed a brand spanking new process in Task Manager that had never, EVER been there before this Katusha trouble, something called "2330312413:574691957.exe". And huh--there is a key/entry in my registry (type REG/SZ) called "\systemroot\2330312413:574691957.exe". (I didn't want to start deleting registry entries willy-nilly, though). There are also two instances of a file named "2330312413" one in the Windows directory, the other in "Windows/Prefetch" and BOTH of them created at 11:27 AM this morning, just when my trouble began. "Also, now whenever I start up, Panda quickly blocks a Katusha, and it takes far longer to acquire an IP address (the "little yellow ball spinning around a computer") than before. The internet is also much flakier than before.

And there is one other hangup: I cannot finish a GMER scan. The program crashes with no "rootkit activity" warning (I've tried it multiple times in normal mode) as soon as it displays a red Module entry (the very first... Read more

A:Cannot Run Rkill, Mbam, or GMER

Actually, I've already received a response for another forum, so I'd appreciate closing this thread. So sorry for any inconvenience. You guys have provided superb assistance in the past, but I really do need help on this ASAP, and saw the current backlog. Again, many apologies.

Landulph

Read other 2 answers
RELEVANCY SCORE 61.6

I am receiving an internet redirect after running complete scans of mbam, and sas after running the rkill. Any help would be greatly appreciated. It appears to be the dreaded av install but I am not sure.

DDS (Ver_10-12-12.02) - NTFSx86
Run by Owner at 13:12:47.40 on Thu 12/30/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_23
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2037.1519 [GMT -6:00]

AV: AntiVir Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Owner\Application Data\Dropbox\bin\Dropbox.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Secunia\PSI\PSIA.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Mozilla Firefox\firefox.exe
C... Read more

A:Internet redirect after rkill, mbam and sas

Good evening. Take a trip to this webpage for download links and instructions for running Combofix by sUBs.* Please be aware that this tool may require the PC to be rebooted so close any programs you have open before you start. When CF has finished, it will produce a log - C:\ComboFix.txt - copy and paste it into your next reply. Let me know how the PC is behaving.* There are two points to note from the instructions page:1) The Recovery Console.It is recommended that you install this as, in certain circumstances, it may be the difference between a successful repair and a reformat. If you are uncertain as to whether or not you already have the Recovery Console installed, simply run CF and it will prompt you if it does not detect it.CF will complete some, but not all, of it's removal tasks without the installation of the Console so, should you choose not to allow the installation, you may not get the results you hoped for.2) Disabling your Anti-Virus.CF has been the victim of false-positive detections on occasion and a resident AV may incorrectly identify and delete part of the tool which won't do it much good. If you don't disable your AV, you may not get the results you hoped for either.

Read other 6 answers
RELEVANCY SCORE 61.6

Running Windows XP Home SP3 on a friends computer that started with the following problem:

When I first got the machine all files were on desktop but responded with a "what would you like to do with this file" message box. After running what appeared to be a successful rkill, MBAM failed at quick scan. Reboot, retry rkill and run Eset (I think that is the name). Found dozens of corrupted files, restart, and the "what would you like to do" problem is gone.

All internet browsers still redirect to spam and sites full of crap. Proxy settings have been checked, no apparent proxy settings. Run rkill and reinstall MBAM, again crashes after few seconds of quick scan. I retry all of this in safe mode, same result.

Try to run rkill and install various other AV and malware detectors. All either fail or slow to a crawl that would require days to run. I return to these forums for help. I have tried fixexe.reg, rkill (under every renaming convention), tried unhide, tried exeHelper. All result in MBAM failure.

I returned to this forum again and read "can't run Mbam" posting and tried everything there, NO CHANGE. Except for some reason I could not get the randomized EXE link to work, even after clearing cookies and cache. But I do not think that is going to solve the problem anyway. I have tried renaming the MBAM exe with no success.

I have downloaded ComboFix but figured I would come here first for suggestions.

Do not know if this is con... Read more

A:Rkill, MBAM, FixExe all fail

Welcome aboard Download Security Check from HERE, and save it to your Desktop. * Double-click SecurityCheck.exe * Follow the onscreen instructions inside of the black box. * A Notepad document should open automatically called checkup.txt; please post the contents of that document.=============================================================================Please download MiniToolBox and run it.Checkmark following boxes:Report IE Proxy SettingsReport FF Proxy SettingsList content of HostsList IP configurationList last 10 Event Viewer logList Installed ProgramsList Users, Partitions and Memory sizeClick Go and post the result.=============================================================================Download SUPERAntiSpyware Free for Home Users:http://www.superantispyware.com/Double-click SUPERAntiSpyware.exe and use the default settings for installation.An icon will be created on your desktop. Double-click that icon to launch the program.If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here: http://www.superantispyware.com/definitions.html.)Close SUPERAntiSpyware.Restart computer in Safe Mode.To enter Safe Mode, restart computer, and keep tapping F8 key, until menu appears; pick Safe Mode; you'll see "Safe Mode" in all four corners of your screenO... Read more

Read other 13 answers
RELEVANCY SCORE 61.6

Original issue: intenet address bar redirects to xxxxxxxxx. Tried recommended malware removal @ http://www.bleepingcomputer.com/virus-remo...s-antivirus-pro - Cannot run MBAM - .exe error, desktop icon endless search flashlight - after reading further posts tried "rkill" receiving "logon.exe Another program is currently using this file". Ran COMBO FIX - "date error: 2009-11-15". HELP - keeping getting porn.com pop ups - which would be entertaining if this was not the family computer!Edited to remove dangerous link!

A:Cannot run MBAM, Rkill or Combo Fix - all .exe not responding

Hi and welcome to the HijackThis Logs and Virus/Trojan/Spyware/Malware Removal forum,I am and I am here to help you!I ask that you refrain from running tools other than those I suggest to you while I am cleaning up your computer. The reason for this is so I know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.Please perform all steps in the order received and do not proceed if you need clarification.In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond to your topic and facilitate the cleaning of your machine.After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.I would also like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please be courteous and appreciative for the assistance provided!==========You have tried to run Combofix unsupervised.....this is ill advised!! This is a complex and powerful tool that should not be used except under the supervision and direction of a malware expert. It can and will render your computer unbootable permanently!! Also realize that in most circumstances a single run of Combofix is ineffective. Specialized ... Read more

Read other 83 answers
RELEVANCY SCORE 61.6

Hello you great people at bleeping computer,after many years of much needed help and usually simple fixes I have read from many many articles I now turn to you in complete desperation. I have managed to snag me something rather nasty,first little description of my comp,running XP on an old amd 64 4000+ with 3 gb ram,now windows will not boot normally it gets to the loading screen and the computer restarts,this will go on indefinately,I can hit F8 and pull up "load previously known good configuration" and voila boots perfectly and everything seems to work great for exactly 7 minutes 30 seconds after which I am unable to run any executable or any program shoot even hitting ctrl-alt-del to pull up tskmgr is a no-go,now the only thing here is if I manage to get firefox open for instance it will run until I shut off my computer with some serious website redirections but I can work around that,obviously I am posting here lol. I am not an amateur with this and have been trying every backdoor thing I can think of and this is what happens. First thing soon as windows is loaded leaving me about a 5 minute window to work or so I run RKill, nothing is shutdown or logged,ok beautiful,attempt to run MBAM,starts off fine gets about 30 seconds into the scan and shuts off,try to restart MBAM and get an error "Windows cannot access the specified device, path or file" Same thing goes for RKill this time around Superantispyware even tried avg. By this point my screen flashes ... Read more

A:RKill,MBAM,SuperAntiSpyware all dead

Try running Kaspersky Rescue CD (http://support.kaspersky.com/viruses/rescuedisk)

Read other 3 answers
RELEVANCY SCORE 61.6

Help! Here is what has happened since yesterday. Running Windows XP on Dell Inspirion. I am a malware novice but I searched this forum and followed the steps I thought would help but am at a dead-end. I apologize in advance if there are other things I should have tried before posting. I'm not an expert but can follow any detailed instructions you give me .........Downloaded OpenOffice to read a file sent to me yesterday. (Not sure if this is the culprit but it did try to do something with Java which made me suspicious)After rebooting I got a strange message 'NT AUTHORITY SYSTEM' when attempting to log in. Then these windows popped up:Wireless Configuration: Notification dll has not been registered, program will not work correctlyC:\Program Files\Dell Support Center\gs_agent\dsc.exe: Unable to launch application. Please restart your computer and try again. Error code:-2147023174BTTray: Error: Unable to start the Bluetooth Stack ServicesNoticed two bad processes on my desktop. I will divulge their names if it will help but think I saw somewhere we don't want to publicize.Downloaded rkill to flash drive and ran it on my laptop - killed the bad processes. (rkill seems to run clean now)Attempted to run Malwarebytes Anti Malware already installed on my desktop. Got the dreaded message : Runtime Error '372' vbalGrid from vbalsgrid6.ocx. Your version of vbalsgrid6.ocx may be outdated. I also got this message when running the setu... Read more

A:Infected, tried rkill,mbam, need next steps

Yes uninstall, Run Visual Basic ,reinstall and try it again.Download MSFT Visual Basic from here http://www.microsoft.com/downloads/details...;displaylang=enInstructionsBefore starting the download, create a download directory on your computer. If your internet connection is less than 300K, it is recommended that you run the multi-part download by following the "More Information" link at the upper right, then clicking "Download Now."Click "Download" to begin downloading the single download. When prompted by the download software, choose the option "Save this program to disk" and click OK. Then select the directory you created on your computer. Run the file from the download directory. When prompted, select the same directory you created on your computer. You will be expanding the contents of the EXE into this directory. Run SetupSP6.exe from the download directory. When you accept the terms of the electronic End User License Agreement (EULA) the setup software will replace the appropriate files in your Visual Basic 6.0 installation.

Read other 6 answers
RELEVANCY SCORE 61.6

Hello all, and thank you in advance for helping me out. I had a virus/malware problem a few days ago that looked like a typical "Security Essentials" or "Security Tools" malware/virus. I am running Windows XP, build 2600.xpsp_sp3_gdr.101209-1647:service pack 3. I started in safe mode, and I ran RKILL.com and then followed it up with MBAM. It found multiple infected files (roughly 20) and I restarted, updated MBAM (the virus wouldn't let me update it prior to the first scrub) and rescanned. I found a couple more infected files(maybe 5 tops). I then restarted again, rescanned and MBAM found nothing. I thought I had beat this virus, but I was very, very wrong. I started getting re-directs from Google when searching online. I also found that my computer has been running incredibly slow since I first went toe to toe with this virus. So, today I started windows in safe mode and tried to run RKILL.com. I instantly had a window pop-up that was the "open with" dialog box. The program it was trying to run was iexplorer.exe. Every time I tried to close out of the pop-up "open with" window, a new one popped up. Sometimes it would be for iexplorer.exe and sometimes it would be for explorer.exe. If I clicked the windows closed as fast as I possibly could eventually RKILL.com ran. BUT, before it finishes I get an line in the MS-DOS cmd.exe file that reads:"sed.exe: can't read c:\DOCUME~1\MATTNE~1\LOCALS~1\Temp\rks... Read more

A:Rkill.com and MBAM will not eliminate my malware

Just checking in to see if anyone had any advice to offer on this. I still cannot get rkill.com to work. I have renamed it to iexplorer.exe, eXplorer.exe, etc. But everytime it gets started it says "rks1.log: no such file or directory." I went to the specified directory and renamed a file called rke1.log to rks1.log and it looks like that helped. But, it still wont run, it is telling me that windows cannot locate notepad.exe. Where is the default location of notepad.exe. Or, where is rkill looking for it? I understand how busy you all are, and thanks for doing what you do. Any help at all would be appreciated.

Read other 2 answers
RELEVANCY SCORE 61.2

My computer has been infected with malware which redirects search engine searches to random sites, including other search engines.

I tried to run Malwarebytes but I could not connect to the internet to get updates. I uninstalled MBAM and tried to reinstall it but could not connect to the website. I downloaded a copy onto a memory stick and tried to run it from there but I get error messages (I have screen shots but can't work out how to attach them to this post).

I have tried to run multiple different versions of rkill but it only seems to block itself. One version identified some other files which it blocked (I've also got screen shots of the reports) but I still can't get MBAB to run. I also tried to download the SUPERAntiSpyware Free mentioned in one of the threads but again got an error message from iExplorer when I clicked the download button.

I would be very grateful if someone can help me to solve this problem. Many thanks

A:Can't run MBAM, rkill or any other anti-malware software

Hello,Please follow the instructions in ==>This Guide<==. If you cannot complete a step, skip it and continue.Once the proper logs are created, then make a NEW TOPIC and post it ==>HERE<== Please include a description of your computer issues and what you have done to resolve them.If you can produce at least some of the logs, then please create the new topic and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the topic and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.Orange Blossom

Read other 2 answers
RELEVANCY SCORE 61.2

Hello. I recently suffered an attack from the Antimalware Doctor virus. I checked out the information on this site, and followed the instructions (download and employ rkill and MBAM, which I have used before). Having executed all the steps, upon startup everything goes to plan, but as soon as I try to run a program or even open the start menu I get a busy mouse icon and nothing happens no matter how long I leave it.

This problem doesn't occur in safe mode.

Can anyone help me get my computer back to a normal state again?

edit: apologies if this is in the wrong section.

A:Post-MBAM/rkill Vista freezing

Hello and welcome. Let's try it this way.Reboot into Safe Mode with Networking How to enter safe mode(XP)Using the F8 MethodRestart your computer. When the machine first starts again it will generally list some equipment that is installed in your machine, amount of memory, hard drives installed etc. At this point you should gently tap the F8 key repeatedly until you are presented with a Windows XP Advanced Options menu. Select the option for Safe Mode with Networking using the arrow keys. Then press enter on your keyboard to boot into Safe Mode. >>>> Download this file and doubleclick on it to run it. Allow the information to be merged with the registry.RKill....Download and Run RKillPlease download RKill by Grinler from one of the 4 links below and save it to your desktop.

Link 1
Link 2
Link 3
Link 4

Before we begin, you should disable your anti-malware softwares you have installed so they do not interfere RKill running as some anti-malware softwares detect RKill as malicious. Please refer to this page if you are not sure how.
Double-click on Rkill on your desktop to run it. (If you are using Windows Vista, please right-click on it and select Run As Administrator)
A black screen will appear and then disappear. Please do not worry, that is normal. This means that the tool has been successfully executed.
If nothing happens or if the tool does not run, please let me know in your next replyDo not reboot your computer after running rkill as t... Read more

Read other 12 answers
RELEVANCY SCORE 61.2

A few days ago I ran Roguekiller and the log-files were refused to store (so program stopped working).I found out that suddenly any directory-name with the word "Quarantine" in it was forbidden to access. So I could create a folder Quarantine, and it was impossible to access or to delete.I then ran MBAM and it found Rogue.AntiVirusPC2009 in the folder-name C:\program files\antivirus pc 2009\quarantine.I clicked to solve the problem, MBAM stated it was, however at a rerun the problem was still there.I could not find the folder with my file-manager (ZTreeWin).I found on internet an advise to first run Rkill, and then MBAM or SAS. I did Rkill + SAS.Rkill found a few programs, one always was flux from F.lux (to adapt the monitor-brightness after sun-dawn).After running SAS 2 trojans were found:- Trojan.Agent/Gen-IExplorer[Fake] in C:\Users\MyName\Appdata\Local\Temp\RARSFX0\NIRD\IEXPLORE.EXE- Trojan.Agent/Gen-PEC in C:\Users\MyName\Appdata\Local\Temp\RARSFX0\PROCS\EXPLORER.EXESAS removed the files. However after repeating Rkill + SAS the same trojans were found, now in the directory ..\RARSFX1\...And after again deleting and rerun, again in ....\RARSFX2\....After quite some fumbling around I discovered that running Rkill creates the above mentioned directory/file-names, which are then found by SAS. So Rkill was the cause of the found trojans (so false positi... Read more

A:Seemingly spyware infectrion, MBAM Rkill SAS

Welcome aboard Download Security Check from HERE, and save it to your Desktop. * Double-click SecurityCheck.exe * Follow the onscreen instructions inside of the black box. * A Notepad document should open automatically called checkup.txt; please post the contents of that document.=============================================================================Please download MiniToolBox and run it.Checkmark following boxes:Report IE Proxy SettingsReport FF Proxy SettingsList content of HostsList IP configurationList last 10 Event Viewer logList Users, Partitions and Memory sizeClick Go and post the result.=============================================================================Download Malwarebytes' Anti-Malware (aka MBAM): http://www.malwarebytes.org/products/malwarebytes_free to your desktop. * Double-click mbam-setup.exe and follow the prompts to install the program. * At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish. * If an update is found, it will download and install the latest version. * Once the program has loaded, select Perform quick scan, then click Scan. * When the scan is complete, click OK, then Show Results to view the results. * Be sure that everything is checked, and click Remove Selected. * When completed, a log will open in Notepad. * Post the log back here.Be sure to restart the computer.The log can also be found here:C... Read more

Read other 8 answers
RELEVANCY SCORE 61.2

Hi
I'm fairly sure I have the HDD malware - getting errors - windows can't find hard disk space, damaged hard drive clusters - private data at risk etc. Have seen a mention on here with the same errors.

I've copied rkill to a usb stick and can run it on my laptop - but get access denied error - but it does seem to run. The only process it says it kills is a symantec blah blah.

When I try and install malware from the stick - it goes all the way through the install process till the end - then again, I get access denied error and it rolls back.

Any ideas?

Thanks in advance.
ps using XP

Read other answers
RELEVANCY SCORE 61.2

Hi,

I'm not very good when it comes to viruses..

Lst month my pc encountered Windows XP 2012 Virus.. i was able to fix this thru rkill which i found in this website.
at first it won't work.. i downloaded several antivirus..such as spybot,avg,mbam,etc.. used them all.. at the same time used rkill.. then i do't know how it happened,, but it sudenly stopped the virus from popping up..

next thing happened is after shutting down the pc, when i turn it on again. something about "command..." i can't remeber..
what i did is open the task bar..ctrl alt dlt, then end process explorer... then new task, explorer... somehow during the long run it just seemed that the pc is working fine again..

this month though, while my younger brother was playing on a private server in RUNEscape i think, he did not know what he did but i saw that there is a new virus again..

saying that my pc is infected etc.. my brother downloaded Zentom...

and there the pc started to not work properly again.. lots of pop up.. can't use internet.. keeps popping out.. etc..
so we tried using different computer to access bleepingcomputer..

found this post about zentom removal.. it says use RKILL and MBAM

so i used RKILL,.

it seemed to work.. after a hundred time..
then for MBAM, it won't seem to work... no matter how hard we try it never worked.. so i just let the computer be.. since internet is working already and the virus zentom seemed to be gone..

the thing is when openin... Read more

A:Zentom Virus, used rkill, then mbam won't work

Hello youi may have more as perhaps you picked up a downloader.Reboot into Safe Mode with Networking How to enter safe mode(XP/Vista)Using the F8 MethodRestart your computer. When the machine first starts again it will generally list some equipment that is installed in your machine, amount of memory, hard drives installed etc. At this point you should gently tap the F8 key repeatedly until you are presented with a Windows XP Advanced Options menu. Select the option for Safe Mode with Networking using the arrow keys. Then press enter on your keyboard to boot into Safe Mode. >>>> Download this file and doubleclick on it to run it. Allow the information to be merged with the registry.RKill....Download and Run RKillPlease download RKill by Grinler from one of the 4 links below and save it to your desktop.

Link 1
Link 2
Link 3
Link 4

Before we begin, you should disable your anti-malware softwares you have installed so they do not interfere RKill running as some anti-malware softwares detect RKill as malicious. Please refer to this page if you are not sure how.
Double-click on Rkill on your desktop to run it. (If you are using Windows Vista, please right-click on it and select Run As Administrator)
A black screen will appear and then disappear. Please do not worry, that is normal. This means that the tool has been successfully executed.
If nothing happens or if the tool does not run, please let me know in your next replyDo not reboot your computer ... Read more

Read other 3 answers
RELEVANCY SCORE 61.2

Have been working on this problem for 3 days. Trouble shooting started in this post:

http://www.bleepingcomputer.com/forums/topic413677.html/page__gopid__2367311#entry2367311

GMER fails, as detailed in above posting.
.
DDS (Ver_2011-06-23.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_24
Run by ramon somoano at 1:09:40 on 2004-08-29
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.511.212 [GMT -4:00]
.
.
============== Running Processes ===============
.
C:\WINDOWS\3308045974:1765397306.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\lxdnserv.exe
C:\WINDOWS\system32\lxdncoms.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\... Read more

A:Rkill, MBAM, FixExe and TDSS all fail

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything. We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here. To help Bleeping Computer better assist you please perform the following steps:*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resouce! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/413988 <<< CLICK THIS LINK If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.*************************************************** If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the low... Read more

Read other 26 answers
RELEVANCY SCORE 61.2

Suddenly tonight my computer went haywire everytime I tried my browser.

it kept sending me to ad sites other than where I was trying to go.

and my network printer quit.

865 objects detected.

named pup.whitesmoke translator

genome.bwru

A:riddled with threats RKill and MBAM saves me again

Please post the complete results of your MBAM scan for review.To retrieve the Malwarebytes Anti-Malware scan log information, launch MBAM.Click the Logs Tab at the top.The log will be named by the date of scan in the following format: mbam-log-date(time).txt
-- If you have previously used MBAM, there may be several logs showing in the list.Click on the log name to highlight it.Go to the bottom and click on Open.The log should automatically open in notepad as a text file.Go to Edit and choose Select all.Go back to Edit and choose Copy or right-click on the highlighted text and choose Copy from there.Come back to this thread, click Add Reply, then right-click and choose Paste.Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.Logs are saved to the following locations:-- XP: C:\Documents and Settings\<Username>\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-yyyy-mm-dd-- Vista, Windows 7, 2008: C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-yyyy-mm-dd

Read other 29 answers
RELEVANCY SCORE 61.2

I have some kind of malware that is redirecting me to ad sites and has placed a google desktop icon on the lower right hand section of my screen. I first tried running mbam and it is blocked. I also tried spybot and it is blocked as well. I have McAfee Total Protection which I ran in safe mode with networking. It came up with nothing. So I have downloaded rkill now but I still can't open mbam to do a malware scan. I still can't open spybot. Is there another way to bring up mbam? Do I need to download rkill again since I have rebooted?

A:Can't open mbam or spybot after downloading rkill

Ok, so for starters, have you actually run rkill? If not, I would go ahead and do that as it should stop the virus from stopping you from running mbam. If you still can't run mbam, I would try running it in safe mode. I would do a full scan inside of safe mode, that way it can atleast detect and remove some of the virus' files required for running.

Read other 2 answers
RELEVANCY SCORE 60.4

Already installed programs open just fine but I cannot run JRT, install malwarebytes (not even with chameleon), rkill and some others.
 
Was able to run combofix and hijackthis.
 
Could really use some help!

A:Combofix & Hijackthis Logs | Cannot run mbam, mbar, jrt, rkill, etc...

Hello, Welcome to BleepingComputer.I'm nasdaq and will be helping you.If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.===Download Malwarebytes' Anti-Malware from HereDouble-click mbam-setup-2.X.X.XXXX.exe to install the application (X's are the current version number).Make sure a checkmark is placed next to Launch Malwarebytes' Anti-Malware, then click Finish.Once MBAM opens, when it says Your databases are out of date, click the Fix Now button.Click the Settings tab at the top, and then in the left column, select Detections and Protections, and if not already checked place a checkmark in the selection box for Scan for rootkits.Click the Scan tab at the top of the program window, select Threat Scan and click the Scan Now button.If you receive a message that updates are available, click the Update Now button (the update will be downloaded, installed, and the scan will start).The scan may take some time to finish,so please be patient.If potential threats are detected, ensure that Quarantine is selected as the Action for all the listed items, and click the Apply Actions button.While still on the Scan tab, click the link for View detailed log, and in the window that opens click the Export button, select Text file (*.txt), and save the log to your Desktop.The log is automatically saved by MBAM and can also be viewed by clicking the History tab and then selecting Application Log... Read more

Read other 5 answers
RELEVANCY SCORE 60.4

Hi everyone -

I'm trying to get an infection off someone's computer running XP SP3.

One of the many pop ups says:

"System error. Hard disk failure detected

It's highly recommended to run complete HDD scan to prevent loss of personal files."

Based on that message, I think I'm dealing with the FakeHDD malware?

Anyway, I have the system in Safe Mode and am trying to run rkill, but it seems to find nothing. Additionally, TDSSKiller seems to find nothing and MBAM starts to install and at the end gives me an "Access Denied" message.

I have tried doing running these in both Safe Mode and Safe Mode with Networking using both accounts on the computer (which are both specified as being Administrator accounts).

The one thing I've noticed is that when I'm trying to run a program on this computer, the system will pop up the "You're working in Safe Mode" message asking if I want to continue. I've never seen that pop up on another computer after the initial one at boot. Makes me think that's suspicious.

Any thoughts on what my options are? Is it worth attempting a System Restore?

Thanks so much in advance!

-- N

A:FakeHDD infection ? -- rkill finds nothing; MBAM won't install

An update...

I tried SUPERAntiSpyware and it installed and is now scanning.

-- N

Read other 2 answers
RELEVANCY SCORE 60.4

My wife has recently discovered Facebook and has been using my laptop quite a bit for the past week. All of a sudden my computer, which is running Windows XP, has started to experience misdirections while doing Google searches as well as pop-ups from NeXplore & Registry Defender to name a few. This is my first time posting so I am doing my best to follow guidelines. Thanks in advance for any help you can provide! Below is the DDS.txt:DDS (Ver_09-12-01.01) - NTFSx86 NETWORK Run by Nick at 12:42:23.62 on Mon 01/25/2010Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_17Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1684 [GMT -8:00]============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\system32\svchost.exe -k netsvcssvchost.exesvchost.exeC:\WINDOWS\system32\ctfmon.exeC:\WINDOWS\explorer.exeC:\Program Files\Sonic\RecordNow!\RecordNow.exeC:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcrobatInfo.exeC:\SpyWare Folder\dds.scr============== Pseudo HJT Report ===============uInternet Connection Wizard,ShellNext = iexploreuURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dllBHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\progra~1\yahoo&... Read more

A:Registry Defender/NeXplore Pop-ups - Can not run Mbam, rKill or SUPERAntiSpyware

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

Read other 19 answers
RELEVANCY SCORE 60.4

Internet Security 2010 made itself apparent to me on 1/6/2010. I followed the tutorial provided here in an attempt to remove it myself. rkill successfully ends the processes as it should, MBAM removes a few lingering files and all seems well. However, my issue doesn't seem to be so simple. After completing the tutorial instructions, I am unable to adjust my desktop in Display and certain websites result in a "Restricted" page that is certain to be virus or malware related. I've discovered that smitfraudfix resolves the browser issue, but it is the least of my troubles.The real problem is, beyond rkill/MBAM/smitfraudfix etc; the entire Internet Security 2010 infection resurfaces with full force after every reboot. In other words, I can only solve the infection to a certain degree using the provided tutorial. IS2010 is clearly not being dealt with in it's entirety, unless I am ignorant to further underlying issues. Also; AVG9.0 seems to uncover more threats than MBAM, but everything I outlined above persists regardless.I would like to have my usual desktop image back, as well as the ability to reboot my computer without being set back to the beginning of this infectious malware war I seem to be waging

A:Internet Security 2010 persists after rkill/MBAM

Can you post the log from your most recent run of Malwarebytes?

Read other 3 answers
RELEVANCY SCORE 60.4

I have a co-worker who ran rkill.com and Malwarebytes' Anti-Malware earlier today. The mbam.log file included the following information.

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6685

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

5/26/2011 11:16:56 AM
mbam-log-2011-05-26 (11-16-56).txt

Scan type: Full scan (C:\|)
Objects scanned: 242089
Time elapsed: 15 minute(s), 35 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\documents and settings\xxxxxxx\Desktop\rkill.com (Trojan.BankerBot.Gen) -> Quarantined and deleted successfully.
c:\documents and settings\xxxxx\Desktop\rkill.com (Trojan.BankerBot.Gen) -> Quarantined and deleted successfully.

My co-worker believes that rkill.com was the source of the infection. I attempted to replicate the issue on my PC and it did not find any infected files (and, more importantly, any infected files associated with rkill.com). What, if any... Read more

A:Rkill.com listed as infected by Trojan.BankerBot.Gen in mbam.log

I had the same problem just the other day. I have copies of Rkill and iexplore (same file different name) on my Dell laptop. I also have copies on a flash drive that I use to fix clients computers that have malware infections.

I ran MalwareBytes. The copies on my flash drive were infected with trojan.bankerbot.gen, but NOT the copies on my Dell computer. The copies on my flash drive are themselves copies of the the ones on my Dell computer. This tells me that the copies on my flash drive probably got infected themselves when I used the flash drive to remove malware from a clients computer.

Read other 2 answers
RELEVANCY SCORE 59.6

The malware is preventing me from opening browsers and other programs. These are the steps I have tried so far:
 
-rkill in regular mode
-rkill in safe mode
-different versions of rkill
-SuperAntispyware (won't install)
-MBAM (won't install)
-MBAM Chameleon (won't install)
-Renamed MBAM (won't install)
-System Restore (doesn't work)
 
When I try to install MBAM I get this error: internal error failed to expand shell folder constant commonappdata. This leads me to believe the malware is making edits to the registry. If I can fix those I might be able to install MBAM or something else.
 
-Snookyms

A:Windows 8 malware infection. Rkill, SuperSpyware, MBAM not working

Hello, Welcome to BleepingComputer.I'm nasdaq and will be helping you.If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.===Download the correct version of this tool for your operating system.Farbar Recovery Scan Tool (64 bit)Farbar Recovery Scan Tool (32 bit)and save it to a folder on your computer's Desktop.Double-click to run it. When the tool opens click Yes to disclaimer.Press Scan button.It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.===Please paste the logs in your next reply DO NOT ATTACH THEM unless specified.Wait for further instructions.

Read other 2 answers
RELEVANCY SCORE 59.6

As the title says, I'm getting a clean report from MBAM and MSE, but when I run rkill, it is terminating the process:
 
C:\Windows\SysWOW64\ACEngSvr.exe (PID: 4916) [WD-HEUR]
 
Just curious whether this means anything?

A:Rkill found one process to terminate, but MBAM and MSE show clean

Heur is the keyword there for questioning whether it is malware or a false-positive.
 
From the net.....The average file size is about 169.29 KB. The file is a digitally signed and issued to ASUSTeK Computer Inc. by VeriSign.
The programs ASUS Splendid Video Enhancement Technology, NVIDIA Stereoscopic 3D Driver and USBCharge+ have been observed as
installing specific variations of acengsvr.exe.
 
Most likely a false-positive if you have any of the products mentioned. You can also go to the file and verify the size.
You can submit the file to VirusTotal - Free Online Virus and Malware Scan  to be scanned by 50 security programs for further analysis.

Read other 2 answers
RELEVANCY SCORE 59.6

I was following the instructions posted here at BC to rid my laptop of DAP, but there were issues along the way. 1. When I finally made it to safe mode with networking, I got the message that a required componebt failed to load, so it just had a black screen with the words safe mode at the top and bottom. I tried several times to no avail. So, i used a flashdrive to download RKill versions... It let me copy those to the desktop, but all failed to run. Then, I tried to connect to the Internet and got on. So, I downloaded mbam and I cannot find the download although it says it is complete.
At this point, I will try anything ... This is my work computer .. Everything is on it!! If I don 't figure this out on my own, come Monday they will simply re-image it and all will be lost.
it is a HP 6910. Intel ® Core ™ 2Duo CPU T7500 @ 2.20GHz 2.19GHz. 3.00 GHz RAM running Win XP, Pro Ver 2002, SP 3
Thanks in advance.

A:RKill & mbam are prevented from working by Disk Antivirus Professional (DAP)

Can you launch task manager in safemode with networking?
 
Press ctrl+Alt+Del which should launch task manager
 
Click on File-new task and type
 
explorer and click ok
 
Does desktop load now?

Read other 5 answers
RELEVANCY SCORE 59.6

Hello - posting to this forum for the first time - great info on this site. Unfortunately, my laptop has been infected with a virus, and the steps I have taken in an attempt to remediate the problem have proven fruitless.

OS = Windows Vista

Issues: Windows Security Essentials showing a fake alert; unable to open Internet Explorer or searches being redirected to spam sites; unable to run System Restore; unable to run Disk Check.

Attempted solutions: Download and run rkill; I'm unable to run rkill - I've tried running all rkill variations downloaded from this site (right-click and run as System Administrator), and it appears to run for a second, but then the file icon changes (has ??). When I try to re-run, a popup indicates I don't have permissions because I'm not a System Administrator). I am also unable to delete the rkill.exe files I downloaded. Additionally, I'm unable to run MBAM (runs for about 10 seconds, then quits); when I try to re-run, a popup indicates I don't have permissions because I'm not the System Administrator.

I am sometimes able to use Internet Explorer briefly when I am in Safe Mode with Networking.

Any assistance is appreciated.

A:Laptop Virus - Windows Vista; Unable to run rkill and MBAM

I completed all steps, starting with step 6, in the Prep Guide as instructed to do so in another fourm. I am running 32-bit Windows Vista, but was unable to complete Step 8 - Create GMER file, as the infection will not allow me to run .exe files. When I right-click on the gmer.exe file and select Run as Administrator, the screen flashes, but nothing happens. When I again right-click on the icon and select Run as Administrator, I receive the following popup: "Windows cannot access the speficied device, path or file. You may not have the appropriate permissions to access the file."

I am also starting to see the "Windows Update has stopped working - A problem caused the program to stop working correctly. Windows will close the program and notify you if a solution is available." popup every minute or so.

DDS.txt log:

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.19120
Run by Dan at 7:16:50 on 2011-10-24
Microsoft? Windows Vista? Home Basic 6.0.6002.2.1252.1.1033.18.2037.946 [GMT -5:00]
.
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\3348849720:3348849720.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRe... Read more

Read other 23 answers
RELEVANCY SCORE 59.6

Hello - posting to this forum for the first time - great info on this site. Unfortunately, my laptop has been infected with a virus, and the steps I have taken in an attempt to remediate the problem have proven fruitless.

OS = Windows Vista

Issues: Windows Security Essentials showing a fake alert; unable to open Internet Explorer or searches being redirected to spam sites; unable to run System Restore; unable to run Disk Check.

Attempted solutions: Download and run rkill; I'm unable to run rkill - I've tried running all rkill variations downloaded from this site (right-click and run as System Administrator), and it appears to run for a second, but then the file icon changes (has ??). When I try to re-run, a popup indicates I don't have permissions because I'm not a System Administrator). I am also unable to delete the rkill.exe files I downloaded. Additionally, I'm unable to run MBAM (runs for about 10 seconds, then quits); when I try to re-run, a popup indicates I don't have permissions because I'm not the System Administrator.

I am sometimes able to use Internet Explorer briefly when I am in Safe Mode with Networking.

Any assistance is appreciated.

A:Infected Laptop - Windows Vista; Unable to run rkill and MBAM

With the information you have provided I believe you will need help from the malware removal team. Please make sure that you read the information about getting started first.Then start a new thread HERE and include or required logs.Including a link to this thread will be helpful. Good luck and be patient. Help is on the way!

Read other 4 answers
RELEVANCY SCORE 59.2

Windows XP user here.The fact that ZA tray icon stopped responding last night was a red flag for me so I went to safe mode-networking and ran MBAM, then Combofix. Rkill found userinit.exeMBAM found "Dont.steal.our.software" in an old, never-used Sorenson Squeeze directory.Combofix spat out the logs pasted below.What really freaked me out is after I changed my major passwords, I try to get on my email today and the new password doesn't work. I had to reset it by phone. Now it is possible I mistyped my new password, but you never know.Email IP logs show normal activity. Also, security log shows:Failure Audit, Event ID 615, IPSEC services failed to get a complete list of network interfaces...System event viewer log shows a lot of "DHCP Event ID 1000... lost its lease to the IP address" etc etc. Please check my Combofix log? I am feeling especially paranoid right now.----------------------------ComboFix 11-09-23.03 - NAME 09/23/2011 4:49:37.10.6 - x86 NETWORKMicrosoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3326.2967 [GMT -7:00]Running from: C:\Documents and Settings\NAME\Desktop\ComboFix.exeAV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}AV: ThreatFire *Enabled/Updated* {67B2B9A1-25C8-4057-962D-807958FFC9E3}FW: ZoneAlarm Firewall *Enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))... Read more

A:ZoneAlarm disabled for 45 days, noticed lag, ran Rkill, MBAM, Combofix. Check log please?

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything. We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here. To help Bleeping Computer better assist you please perform the following steps:*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/420185 <<< CLICK THIS LINK If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.*************************************************** If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lo... Read more

Read other 2 answers
RELEVANCY SCORE 54

Hi, I am afflicted with the AV Security Suite problem. I have been followng the instructions here: http://www.bleepingcomputer.com/virus-remo...-security-suite Now when I run rkill, I get a message from windows that says: Windows cannot open this file: File pev.rkexe To open this file, Windows needs to know what program you want to use to open it. ....What do you want to do?1) Use the web service to find the correct programor 2) Select a prgram from a list of installed programs.Any Ideas? Many thanksScott**Update** I just tried running it as adminstrator - I have vista, (I found this trick reading other posts). It ran without the error above and was real quick, now trying the Malwarebytes steps.

A:Trouble running rkill.exe

Please post the scan log when completed and tell me how it's running now.The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.

Read other 1 answers
RELEVANCY SCORE 53.2

I am pretty sure I have the antivirus suite malaware on my computer at work.It is exactly like the virus on this link provided by your website:http://www.bleepingcomputer.com/virus-remo...antivirus-suiteThe main problem I am having is that it is on my computer at work and we have an office administrator. He is extremely unhelpful and usually makes the problem worse while getting you in trouble with higher ups as well, so I would like to fix it without letting him know. In the past he has just rebooted the entire computer and reinstalled everything which really doesn't seem necessary.Anyway, i think the problem is I am unable to start my computer in any sort of safe mode because I am not the administrator. I download the rkill, iExplore, and eXplorer on to a USB Flash Drive and tried using each one but a black screen just pops up and it says be patient but nothing happens. I waited for over 30min and still nothing. I read some forums and it said that the rkill should only take a min or two. I tried each one numerous times. I also noticed on a forum that there were 4 different rkills so I can get that one as well.Prior to using rkill I did use the Malwarebytes' Anti-Malware and some sort of other program possible 'wall defender". Do I need to uninstall them prior to running rkill?Do you have any recommendations or need any more information?Thanks so much I really appreciate the help.

A:Trouble using rkill for antivirus suite

I am a bit confused. I don't even know what a Combofix log is.
A popped up continually comes up that says "Window Security Alert: Windows report that computer is infected. Antivirus software helps your computer against viruses and other security threats. Click here for the scan for your computer. Your system might be at risk now." Website such as porno.com, viagra.com and adult.com continually pop up as well.

I put in the link on my last post because it seemed to be most similar to my problem.
At the bottom of my post it says "This post has been edited by Orange Blossom: Yesterday, 06:07 PM
Reason for edit: Move to AII as no logs posted. ~ OBDo"

Sorry if I am computer illiterate but I could you explain to me in layman terms what I should do next so you guys can assist me.

Thanks so much

Read other 1 answers
RELEVANCY SCORE 49.6

Hello there, few days ago I got a key logger on my machine no idea how it got there but oh well, anyway I scanned with AVG 8 free and Advanced System Care, fixed all the problems that were found and I thought I had removed but I was wrong, so 2 days later it hit me again and this time it wasn't kidding, since then I scanned my PC with Spybot SnD, Hijackthis, MBAM, Ad-Aware and used ATF. Gonna attach the logs since they get mixed up and it's all gibberish. If you need more info I'd be happy to provide it.
 

A:Key logger trouble. Hijackthis and MBAM logs.

Bump
 

Read other 2 answers
RELEVANCY SCORE 49.2

From previous topic: http://www.bleepingcomputer.com/forums/topic278118-15.htmlI've attempted to remove an infection with mixed results using MBAM and SAS. I still have trouble accessing scan programs and was told to continue the work in this forum.I completed the DDS portion of the prep guide, but came up with an error when using rootrepeal: FOPS - DeviceIoControl Error! error code = 0xc0000024 Extended info (0x000000e0)DDS log:DDS (Ver_09-12-01.01) - NTFSx86 Run by Georgia at 15:02:59.05 on Mon 12/14/2009Internet Explorer: 7.0.6000.16945Microsoft? Windows Vista? Home Premium 6.0.6000.0.1252.1.1033.18.1013.463 [GMT -6:00]AV: COMODO Antivirus *On-access scanning enabled* (Updated) {043803A5-4F86-4ef7-AFC5-F6E02A79969B}AV: avast! antivirus 4.8.1368 [VPS 091214-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}SP: COMODO Defense+ *enabled* (Updated) {043803A4-4F86-4ef7-AFC5-F6E02A79969B}SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}SP: SUPERAntiSpyware *enabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}SP: avast! antivirus 4.8.1368 [VPS 091214-0] *enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}FW: COMODO Firewall *enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}============== Running Processes ===============C:\Windows\system32\wininit.exeC:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\syst... Read more

A:Infected, cannot remove with SAS or MBAM, Trouble with all scan programs

I've since been able to stop the BSOD and random reboots by disabling COMODO antivirus and windows defender, but I still get the rootrepeal error. I'm not even sure if I'm still infected, or if this is even the right forum, I was simply told to post here by Boopme after s/he helped me try to remove an infection. I might just need help getting my security programs in order. I've also not been able to update to SP1 for some reason. I noticed a log of like a hundred failure to download SP1 in windows update.

Read other 17 answers
RELEVANCY SCORE 47.6

It says it may be due to being in safe mode there maybe some thing that needs to be changed.

I noticed earlier when I went into tools-options-connections- that the box was not checked to begin with (was expecting it to be checked since that was the first step in process listed to get rid of Securityshield)....so I just closed the window back up.

I had to use another computer to download rkill .......when iexplore did not work.....I chose another one....it too was terminated and so I am not sure where to go from here.

A:Using Rkill to help get rid of Security Shield and rkill is automatically being terminated

You can try some of the renamed options here.If none of those work, try installing MBAM as the next step in the guide asks.Typically, you remove the malicious processes with RKill so that you can install an AV.So if you're able to get MBAM up and running, you should have a good shot of getting it removed via the rest of the guide.

Read other 15 answers
RELEVANCY SCORE 46.8

Hi all,

I have a laptop which is infected with security shield 2012. I'm following the removal instructions, but have a couple of issues.

1. the proxy check box is not checked in explorer or firefox (my main browser).

2. when I run rkill, I get an error message which states:

"windows has encountered a critical problem and will restart automatically in one minute, please save your work now."

The system then reboots - therefore restarting the malware that rkill stopped.

I'm running win 7 ultimate on the laptop.
This error occurs with both the 32bit and 64bit rkill and with the rkill named iexplorer as well.
Any assistance would be greatly appreciated.

A:Security Shield and rkill - rkill causes reboot

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything. We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here. To help Bleeping Computer better assist you please perform the following steps:*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/465442 <<< CLICK THIS LINK If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.*************************************************** If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lo... Read more

Read other 2 answers
RELEVANCY SCORE 33.6

I am able to run rkill in safemode (vista business) but cannot run in normal startup. got the message- problem retrieving enviroment variable: appdata doesn't exist.
also, unhide returns same.
got suggestions?

A:rkill won't run

There are three download options listed here at Bleeping Computer.  These have different names to get around the problem you are experiencing.
 
What sort of problem are you experiencing that has prompted you to run RKill?

Read other 13 answers
RELEVANCY SCORE 33.6
Q: rkill

Trying to run the rkill process, but keep getting the pop-up message that "Elf_1.12.exe is infected. How can I get rkill to run?Edit: Moved topic from Windows NT/2000/2003/2008 to the more appropriate forum. ~ Animal

A:rkill

did you try booting into safe mode then running rkill?

Read other 2 answers
RELEVANCY SCORE 33.6

I'm locked in safe mode an have been trying to run Rkill but keep getting terminated buy Rkills or while running as a message. should I keep rerunning it till it takes?

A:? about rkill

It can take several runs for it to stop the malware .. use it in safe mode.RKill....Download and Run RKillPlease download RKill by Grinler from one of the 4 links below and save it to your desktop.

Link 1
Link 2
Link 3
Link 4

Before we begin, you should disable your anti-malware softwares you have installed so they do not interfere RKill running as some anti-malware softwares detect RKill as malicious. Please refer to this page if you are not sure how.
Double-click on Rkill on your desktop to run it. (If you are using Windows Vista, please right-click on it and select Run As Administrator)
A black screen will appear and then disappear. Please do not worry, that is normal. This means that the tool has been successfully executed.
If nothing happens or if the tool does not run, please let me know in your next replyDo not reboot your computer after running rkill as the malware programs will start again. Or if rebooting is required run it again.If you continue having problems running rkill.com, you can download iExplore.exe or eXplorer.exe, which are renamed copies of rkill.com, and try them instead.Next run Superantisypware (SAS): Download and scan with SUPERAntiSpyware Free for Home UsersDouble-click SUPERAntiSpyware.exe and use the default settings for installation.An icon will be created on your desktop. Double-click that icon to launch the program.If asked to update the program definitions, click "Yes". If not, update the definitions before sc... Read more

Read other 1 answers
RELEVANCY SCORE 33.6
Q: Rkill

Good morning,

My question is this: Should I download Rkill just to have it available (along with my McAfee & Malwarebytes software), or only do so if I should acquire an infection which McAfee and/or Malwarebytes are having a problem with eliminating? Also, if I DO download one of the versions of Rkill...is there a recommended preference as to whether I install it on my hard drive (and WHERE on the hard drive), or a USB flash drive?

Thanks very much for your time and any information. (I'm running WIN XP Professional)

A:Rkill

You can download it and keep it on a flash drive.

Read other 4 answers
RELEVANCY SCORE 33.6
Q: RKill

.

http://www.technibble.com/rkill-repair-tool-of-the-week/#more-4583

Rkill is a small, freeware and portable tool designed to terminate active malware processes allowing you to use other removal tools. Rkill is made by a Microsoft MVP “Lawrence Abrams” and is available in 4 different extensions. An .EXE, .COM, .SCR and a .PIF file.
The reason why Rkill comes in 4 different versions is because some malware will block .EXE files in an attempt to prevent you from running other malware removal tools, so this gets around that problem.Click to expand...

.
 

A:RKill

I'll try it.Seems to be promising.
 

Read other 1 answers
RELEVANCY SCORE 33.6
Q: RKill

How can I get an icon for RKill to be placed on my task bar?  I downloaded it...but I don't know how to get the icon there.Edit: Moved topic from Windows 8 to the more appropriate forum.~ Animal

A:RKill

right click on the icon in the folder view> pin to task bar.

Read other 7 answers
RELEVANCY SCORE 33.6
Q: Rkill

I have a recurring virus,Gencrypt Trojan,something like that,that began with downloading Rkill,from CNET.
I uninstalled Rkill,but still had the problem.then.a year later,I went braindead,and downloaded Rkill again
hoping to find the root kit.
Sorry for being stupid,but now I have the same problem,again.

Can anyone recommend a simple process to remove this virus,or a rootkit program that will kill it???

Sorry to be a bone head.........JIM

A:Rkill

Hello and welcme,let's run these... Is this XP or another system?>>>> Download this file and doubleclick on it to run it. Allow the information to be merged with the registry.RKill....Download and Run RKillPlease download RKill by Grinler from one of the 4 links below and save it to your desktop.

Link 1
Link 2
Link 3
Link 4

Before we begin, you should disable your anti-malware softwares you have installed so they do not interfere RKill running as some anti-malware softwares detect RKill as malicious. Please refer to this page if you are not sure how.
Double-click on Rkill on your desktop to run it. (If you are using Windows Vista, please right-click on it and select Run As Administrator)
A black screen will appear and then disappear. Please do not worry, that is normal. This means that the tool has been successfully executed.
If nothing happens or if the tool does not run, please let me know in your next replyDo not reboot your computer after running rkill as the malware programs will start again. Or if rebooting is required run it again.If you continue having problems running rkill.com, you can download iExplore.exe or eXplorer.exe, which are renamed copies of rkill.com, and try them instead.Next run MBAM (MalwareBytes):Please download Malwarebytes Anti-Malware and save it to your desktop.Download Link 1Download Link 2MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs... Read more

Read other 1 answers
RELEVANCY SCORE 33.6

I just read RKill - What it does and What it Doesn't - A brief introduction to the program. I want to run it, but not because i am infected because i just want to see if it finds anything? From what i have read it seems like that is perfectly fine however i also read in a forum absolutly never to run ANYTHING without asking first .

A:Should i run Rkill?

While I am not the Writer\Developer of Rkill.I will say with a little reservation that running Rkill should not harm your system. However, there is always a slight risk as with any program for unknown\unexpected side-affects.

Read other 4 answers