Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Mailskinner.rtk -please Help!


  • This topic is locked This topic is locked
6 replies to this topic

#1 ghostowl

ghostowl

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:02:56 PM

Posted 29 September 2007 - 08:44 AM

Hello! I am a brand new gal on these boards.

I have: Windows XP Pro Service Pack 2, Kaspersky 6.0.2.621, Spybot, Adaware Personal, Spyware Guard and SpywareBlaster. All of these programs have the latest updates. I use Firefox 2.0.0.7 as my usual browser, but I also have IE 7.0.5730.11.

While running Spybot in safemode, MailSkinner.rtk came up. I used the "fix this problem" button and turned off system restore. I ran Kaspersky in safe mode, which came up clean. I restarted my computer, ran spybot in safe mode again, and mailskinner.rtk came up again. How do I remove this?

I am a complete novice at this - I only know how to do what I've just listed above. Could someone please help me?

Edited by ghostowl, 29 September 2007 - 08:51 AM.


BC AdBot (Login to Remove)

 


#2 buddy215

buddy215

  • Moderator
  • 13,200 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:01:56 PM

Posted 29 September 2007 - 09:37 AM

Most likely a false positive. See the discussion in link below.
http://forum.kaspersky.com/lofiversion/index.php/t49084.html

If you would like to double check, use the program below.
Install Super Antispyware. Run it in safe mode. Allow it to quarantine whatever it finds.
http://www.superantispyware.com/
“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#3 ghostowl

ghostowl
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:02:56 PM

Posted 29 September 2007 - 11:48 AM

I ran the superantispyware in safe mode, and it came up with nothing. I ran spybot again, and there it was. :thumbsup:

#4 buddy215

buddy215

  • Moderator
  • 13,200 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:01:56 PM

Posted 29 September 2007 - 11:59 AM

Did you read the info in the link I posted? It is a false positive. That means Spybot is misidentifying a file.
“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#5 ghostowl

ghostowl
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:02:56 PM

Posted 29 September 2007 - 12:31 PM

I actually read that thread before I posted here, but towards the end it seemed like the posters felt that it was dangerous and I wasn't sure. Should I be okay? Thank you so much for your help.

#6 buddy215

buddy215

  • Moderator
  • 13,200 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:01:56 PM

Posted 29 September 2007 - 01:41 PM

Yes, you would not want mailskinner on your computer.
Look in your program files for---
c:\program files\mailskinner\mailskinner.exe

If it is not there, you can consider it a false positive. Note that the comments in the link I provided you are recent--like yesterday.
Here is a list of files, compliments of Sophos, that you can also look for. Mailskinner installs a toolbar in your browser and alters browser settings.
When MailSkinner is installed the following files are created:

<Windows>\pack.epk
<Windows>\installer\54061.msi
<Windows>\temp\msksetup.log
<Windows>\msskinner
<System>\nvs2.inf

<Program Files>\MailSkinner\MailSkinner.exe
<Program Files>\MailSkinner\OLSkinner.dll
<Program Files>\MailSkinner\uninst.exe
<Program Files>\MailSkinner\anim_0.gif
<Program Files>\MailSkinner\anim_help.gif
<Program Files>\MailSkinner\banner.jpg
<Program Files>\MailSkinner\emo.bmp
<Program Files>\MailSkinner\SOFTWARE LICENSE.rtf
<Program Files>\MailSkinner\icon1.ico
<Program Files>\MailSkinner\OESkinner.dll

To run MailSkinner on startup the following registry entry is created:

HKCU\Software\Microsoft\Windows\CurrentVersion\Run
MailSkinner
<Program Files>\MailSkinner\MailSkinner.exe

Registry entries are created under:

HKLM\SOFTWARE\MailSkinner
HKCU\Software\MailSkinner
HKCU\Software\epk_extr
“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#7 TMacK

TMacK

  • Members
  • 4,672 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:B.C. Canada
  • Local time:11:56 AM

Posted 29 September 2007 - 03:48 PM

Hi ghostowl,

Now that you have a HJT log posted in the HijackThis Logs and Malware Removal forum, you shouldn't make any changes to your system.
Doing so, could change the results of the posted log, making it difficult to properly clean your system.

At this point, the HJT Team should be the only members that you take advice from, until they have verified your log as clean.

This topic will now be closed, since you have an open log posted.
If you have any questions, feel free to send me a PM.
Chaos reigns within.
Reflect, repent, and reboot.
Order shall return.

aaaaaaaa a~Suzie Wagner




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users