BleepingComputer.com: New "System Fix" out there?

Jump to content

Forum Rules

When posting your problem, do not run and post a ComboFix log. ComboFix is a tool that should only be run under the supervision of someone who has been trained in its use. Using it on your own can cause problems with your computer. Any posts containing CF Logs will be ignored.

To receive help, you should instead provide a detailed description of your problem, detailed word-for-word error messages that you are receiving, screenshots of strange behaviour, and your operating system. This information is much more useful to our helpers than a ComboFix log.

If you have not received help after three days, please post a link to your topic HERE.
Page 1 of 1
  • You cannot start a new topic
  • You cannot reply to this topic

New "System Fix" out there? All Rkill processes terminated

#1 User is offline   denutza 

  • New Member
  • Pip
  • Find Topics
  • Group: Members
  • Posts: 6
  • Joined: 17-November 11

Posted 17 November 2011 - 12:55 PM

"System Fix" popped up on my computer. I ran Malwarebytes which actually deleted the main file to System Fix (I no longer get the System Fix popup(s) that tries to tell me how infected my computer is).

However I know something is still wrong because:

a) real-time antivirus still warns me its blocking something from modifying host.

B) all rkill downloads get terminated and deleted, regardless if I run it from USB stick/hard drive/ desktop (tried all 6 filenames I believe).
If I run them from DVD drive, it just terminates them since it cannot delete it. I even changed the filenames myself with zero luck. Also tried running them from cmd prompt and it deletes them just the same.

c) system restore doesnt work. tried many different dates.

Also I did run TDSSkiller in safe mode, but it didnt find anything wrong.

I believe one of the filenames responsible was OKFawEgyTV.exe as I saw it on my taskbar when the infection first started.

thx!

#2 User is offline   denutza 

  • New Member
  • Pip
  • Find Topics
  • Group: Members
  • Posts: 6
  • Joined: 17-November 11

Posted 20 November 2011 - 01:21 PM

For anyone searching this problem that might be wondering how I got RKill to run: I think MBAM already eliminated the actual system fix malware at this point.

Downloaded a free program called Process Explorer, there is a process called atieclxx.exe that is protected under task manager, however Process Explorer shows a child process by same name...Terminate it, then run Rkill. After this I was running MBAM when about 30 minutes later, Microsoft Security Essentials Real Time found 2 viruses and I eliminated them.

#3 User is offline   Orange Blossom 

  • OBleepin Investigator
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Moderator
  • Posts: 29,827
  • Joined: 14-July 06
  • Gender:Not Telling
  • Location:Bloomington, IN

Posted 20 November 2011 - 01:37 PM

Hello,

RKill does not remove malware. It stops malware and sometimes other processes from running so you can run malware removal tools. For more information, please read this topic: http://www.bleepingcomputer.com/forums/topic308364.html

Orange Blossom :cherry:

This post has been edited by Orange Blossom: 20 November 2011 - 01:38 PM

Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom
An ounce of prevention is worth a pound of cure
SuperAntiSpyware, SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript

Share this topic:


Page 1 of 1
  • You cannot start a new topic
  • You cannot reply to this topic

1 User(s) are reading this topic
0 members, 1 guests, 0 anonymous users