Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

RisinG.exe


  • Please log in to reply
3 replies to this topic

#1 sirsams

sirsams

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:04:54 AM

Posted 08 January 2009 - 05:47 PM

Hi everybody !

I'm infected too by the same f****** virus :thumbsup: :flowers:

I've been trying MBAM, but it didn't detect anything. TrendMicro Office Scan detected a virus, but he couldn't delete it, nor rename (probably cuz it's running...)

Be carefull !! It infects USB Keys, which can infect others computers on Windows XP or Vista! (in fact, my Ubuntu OS have no problem with it ;) ). It adds an autorun, and some folders ;

The autorun is :
[autorun]
open=SYSTEM\S-1-5-21-1482476501-1644491937-682003330-1013\USB.exe
icon=%SystemRoot%\system32\SHELL32.dll,4
action=Open folder to view files
shell\open=Open
shell\open\command=SYSTEM\S-1-5-21-1482476501-1644491937-682003330-1013\USB.exe
shell\open\default=1

It also contained some suspects folders ; Recycle, RECYCLER, CONFIG and (of course) SYSTEM.

It wasn't possible to supress it, because I hadn't permission to write these files !! So I had to erease them with Linux. I think the problem come from there.

Also, My TrendMicro OScan detected a virus called RisinG.exe.

Can somebody help us ? Plz :trumpet:

(PS : Excuse me for my (beginner's) english)

BC AdBot (Login to Remove)

 


#2 Pandy

Pandy

    Bleepin'


  • Members
  • 9,559 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:11:54 PM

Posted 08 January 2009 - 09:01 PM

Spilt from this topic... http://www.bleepingcomputer.com/forums/t/192646/sdsdexe-popups/ and moved to it's own. PM sent to sirsams. :thumbsup:

Do not anticipate trouble, or worry about what may never happen. Keep in the sunlight.

Hide not your talents. They for use were made. What's a sundial in the shade?

~ Benjamin Franklin

I am a Bleeping Computer fan! Are you?

Facebook

Follow us on Twitter


#3 sirsams

sirsams
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:04:54 AM

Posted 10 January 2009 - 10:28 AM

News !!

Apparition of a new file, in the folder : C:\Documents and Settings\User 1\RKHAA.exe

It opens sometimes in a cmd prompt (DOS) and stays open. When you shut it down, it say's the message "RKHAA.exe is running, if you shut it down, you may lose uunsaved inforation, are you sure you want to end now ? " (the typical message from Windows).

Help please !

#4 sirsams

sirsams
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:04:54 AM

Posted 11 January 2009 - 10:46 AM

Up please =) Nobody has any idea ?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users