Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Security Tool Removal rkill.com


  • Please log in to reply
3 replies to this topic

#1 pcamateur!

pcamateur!

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:09:09 PM

Posted 07 February 2010 - 08:15 AM

Hi All, My first post so please be nice to me

My daughters computer (Windows 7) has been infected by the Security Tool Malware. I have been trying to follow the instructions on this site posted by Grinler which include the downloading of rkill.com to stop the malware processes

I am getting the black box coming up but this is immediately closing and I'm wondering if Security Tool may have been amended to be able to do this or whether I should just wait. I can't validate if rkill.com is running using the task manager as that is closed by the malware as well as soon as it is opened.

Trying my best but struggling, any help appreciated

BC AdBot (Login to Remove)

 


#2 Arctic

Arctic

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:05:09 PM

Posted 07 February 2010 - 10:14 AM

Just to be clear first and foremost. I'm not a regular technician on this forum, but i have dealt with Security tool before.

If you have a secondary computer to download programs through put them on a flash drive and transfer them

First you should download rkill from a known good source.
While downloading just to be safe, you may want to rename the files from something other than rkill.

http://download.bleepingcomputer.com/grinler/rkill.com
http://download.bleepingcomputer.com/grinler/rkill.exe
http://download.bleepingcomputer.com/grinler/rkill.pif
http://download.bleepingcomputer.com/grinler/rkill.scr
You will also want to download malewarebytes from a known good source
I would just use http://www.malwarebytes.org/


When running rkill on windows 7 or vista you will need to right click and use the "run as administrator" option.


Try running rkill a few times, the dos box should pop up saying it is terminating known malware processes.
If the exe does not work, try the com version, but make sure to run as Administartor

Once rkill successfully runs, a notepad file should open up with what it stopped.


Now, don't restart the computer.

Remove malewarebytes if its installed, and reinstall it.
Update to the latest definitions.
To be on the safe side i would suggest running a full system scan.
Any entires it finds, remove them.
At this time your computer should be rid of Security tool kit.

If your internet is not working, navigate to Internet explorer -> Internet Options-> Connections tab -> Lan Settings-> uncheck use a proxy server

Hope this helps, and i'll try to check back here to see if its resolved.
Mods: didn't mean to step on anyone's toes, if it is not alright that i posted instructions. Tell me and i will willingly remove them.

Edited by Arctic, 07 February 2010 - 10:16 AM.

I can only help.. If i know what the problem is.

we never have time to do things right, but we always have time to do them again

LAWL

#3 pcamateur!

pcamateur!
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:09:09 PM

Posted 07 February 2010 - 11:07 AM

Just to update I have solved this problem.

I tried using techniques described here and elsewhere on the web to get a shot at closing the Malware in task manager eg using safe mode, msconfig etc Eventually stubborn persistence and I suspect luck gave me access to task manager for a few seconds and I closeded the .exe process consisting of a string of numbers which I'd been advised to do elsewhere (these are not constant. This then allowed me to regain use of the computer (but don't shut down or restart!) and I then downloaded malwarebytes to scan and delete the rogue objects

Cautiously looking good at the moment. Phew!!

#4 pcamateur!

pcamateur!
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:09:09 PM

Posted 07 February 2010 - 11:10 AM

Arctic replied whilst I was typing. Thanks very much

Your advice is consistent with the approach I used. Hopefully this will be of use to others with this nasty problem.

Thanks again




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users