Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

RKill Not Working in Safe Networking Mode


  • Please log in to reply
2 replies to this topic

#1 MallPrincess

MallPrincess

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:05:20 PM

Posted 21 January 2010 - 08:15 PM

I've read all the directions for using Rkill and mbam to eradicate the AntiVirus Live virus. I tried all four file types for Rkill and the result is the same; the black dialog box comes up but only for a second and then it is killed by a Windows Dialog box confirming that I want to continue running in Safe Mode. I tried logging in under Administrator, a user account, in Safe Mode, in Safe Network Mode and NOTHING works. I see where the two temporary files are being opened, but they are deleted when the window is aborted. Can anyone think of anything else I can try to get Rkill to work? I already tried going directly to the mbam step, but the rogue processes are still running and it won't execute Mbam. thank you in advance

Edited by MallPrincess, 21 January 2010 - 08:29 PM.


BC AdBot (Login to Remove)

 


#2 stargazersilent

stargazersilent

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:07:20 PM

Posted 21 January 2010 - 09:06 PM

I have/had a very similar trojan (and possibly the same one as you, in combination with others).

RKill will close and refresh Windows Explorer, which is probably why you are receiving the dialogue asking if you want to continue in Safe Mode, as if you are starting up again. It sounds like RKill may be working, to me.

I had a similar problem, where my malware was blocking MBAM. I don't know if you've tried this, but... What I did to make it work was: I created a random folder on my desktop (I called it "fixin" - Ha), copied everything out of the directory MBAM created when it installed, and pasted that copy in my new folder. Then I renamed MBAM something random (I called it "SOS"). After I completed those steps, I ran RKill, then MBAM, and it worked.

If it doesn't work, since you're not deleting your original copy of MBAM, all you're out is that you have a junk folder to delete, eh?

(I caution you with the above advice that while I might think I'm pretty good at fixing my own computer, I am by no means an expert.)

#3 MallPrincess

MallPrincess
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:05:20 PM

Posted 22 January 2010 - 12:23 AM

I would try this, but MBam doesn't even install, so I have nothing to move to the folder. I get the AntiVirus Live fake dialog box that something is wrong with MBAM and it won't even launch...what exactly did you move to the new folder?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users