Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

RKill - What it does and What it Doesn't - A brief introduction to the program


  • Please log in to reply
981 replies to this topic

#976 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 48,436 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:04:13 PM

Posted 31 March 2017 - 05:30 AM

RKill and all Bleeping Computer's hosted programs for download are trustworthy, safe and malware-free. However, depending on the product, some anti-virus software and other security scanners may flag certain programs as a threat for a variety of reasons when that is not the case.

Most of the well known specialized tools we use against malware are written by experts/Security Colleagues at various security forums like Bleeping Computer, TechSupport, GeeksToGo, Emsisoft and other similar sites so they can be trusted...this includes any program hosted by BC for download. Unfortunately, many of these tools (or their embedded files) are falsely detected by various anti-virus programs from time to time. This in turn sometimes results in an inaccurate site rating/warning by browsers of potentially dangerous software when that is not the case.
.
.
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Microsoft MVP Reconnect 2016
Windows Insider MVP 2017
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

BC AdBot (Login to Remove)

 


#977 arturo2005

arturo2005

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:13 PM

Posted 01 April 2017 - 03:08 PM

 

Hi,  Two weeks ago I had to repair my operating system. I was getting a Blue screen error saying that there missing a boot file.  After I did the repair, I did a full scan using in Windows Defender in Safe Mode. It found the trojan:win32/vigorf.a which I deleted along with another Trojan which I can't remember the name. Today, I found the Trojan: Win32/Rundas.A in the file below. My question is did this Trojan come thru the download of this file rkill.com below and should I do a clean install of Windows 10?  I tried to delete the Windows.Old file  but I was getting messages that if certain files where deleted, Windows would not work correctly. So I didn't delete the file. Thanks for your help.  
 
Detected Item                                  Alert Level        Status                       Recommend action
Trojan: Win32/Rundas.A                 Severe             Succeeded                Remove
Category: Trojan
Description: This program is dangerous and executes commands from an attacker.
Recommended action: Remove this software immediately.
Items:
file;C:Windows.old\Users\Arthur\Downloads\Virus_Removal_Tool\Batch_Files\rkill.com 

 

When I posted my question about the Trojan: Win32/Rundas.A found in file above I should have clarified my question about this Malware it found. I guess the way I posed my question before, it sounded like I thought I download the Trojan in file that Windows Defender said it found it. I also believe that Rkill and all Bleeping Computer's programs are trustworthy,safe and malware-free and appreciate the tools and help they provide to people like myself.

      

That download was an old download and I was wondering if Trojans can find a vulnerability or flaw in an old download or program that has not been updated. This was an old download that I might have opened after I repaired Windows 10.  When these tools are falsely detected by antivirus programs and give inaccurate site/warning of potentially dangerous software how do they assign a name to the potential Trojan? How do I determine what is safe and what is false? This Trojan: Win32/Rundas.A  and the Trojan/Vigorf.a that was found in a previous scan but I'm not sure in what file, could they have been legitimate threats?

My computer sometimes has been arbitrarily restarting after being on for about 10 minutes so I'm concerned that I might still have a problem. That is why I ask if I should do a clean reinstall Windows 10 which wipe out that Old Windows file. Your advice in this matter is greatly appreciated. Thank you.

 



#978 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 48,436 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:04:13 PM

Posted 01 April 2017 - 06:23 PM

Each security vendor uses their own naming conventions to identify various types of malware so it's sometimes difficult to determine exactly what has been detected or the nature of the threat without knowing more information about the actually file(s) involved. Names with Generic or Patched are a very broad category. Some vendors also add a modifier or additional information after the name that further describes what type of malware it is.

Names are created for in-the-wild malware which has been released to infect computers, non-wild ("Zoo" viruses and worms) created by labs and anti-virus vendors to test their ability to detect new threats, proof-of-concept viruses created by ethical groups and zero-day malware...all of which can be renamed at any given time. Since there is no universal naming standards, all this leads to confusion by the end user.

To aid the fight against computer viruses and other types of malicious software, many security advisory organizations and developers of anti-virus software compile and publish lists of viruses. The compilation of a unified list of viruses is made difficult because of naming. When a new virus appears, the rush begins to identify and understand it as well as develop appropriate counter-measures to stop its propagation. Along the way, a name is attached to the virus. As the developers of anti-virus software compete partly based on how quickly they react to the new threat, they usually study and name the viruses independently. By the time the virus is identified, many names denote the same virus.

Another source of ambiguity in names is that sometimes a virus initially identified as a completely new virus is found to be a variation of an earlier known virus, in which cases, it is often renamed. ...

List of computer viruses: Naming

Anytime you come across a suspicious file or you want a second opinion, submit it to one of the online services that analyzes suspicious files.
.
.
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Microsoft MVP Reconnect 2016
Windows Insider MVP 2017
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#979 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 9,410 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:04:13 PM

Posted 14 April 2017 - 08:35 AM

https://www.bleepingcomputer.com/forums/t/644195/cant-identify-or-get-rid-ofthis-rootkitransomware/#entry4220189

 

Rkill 2.8.4 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2017 BleepingComputer.com
More Information about Rkill can be found at this link:
 http://www.bleepingcomputer.com/forums/topic308364.html
Program started at: 04/13/2017 09:31:40 PM in x64 mode.
Windows Version: Windows 10 Home
Checking for Windows services to stop:
 * No malware services found to stop.
Checking for processes to terminate:
 * No malware processes found to kill.
Checking Registry for malware related settings:
 * No issues found in the Registry.
Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
Performing miscellaneous checks:
 * Windows Defender Disabled
   [HKLM\SOFTWARE\Microsoft\Windows Defender]
   "DisableAntiSpyware" = dword:00000001
 * Windows Firewall Disabled
   [HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
   "EnableFirewall" = dword:00000000
Checking Windows Service Integrity:
 * agp440 [Missing Service]
 * DcpSvc [Missing Service]
 * gagp30kx [Missing Service]
 * IEEtwCollectorService [Missing Service]
 * IoQos [Missing Service]
 * nv_agp [Missing Service]
 * TimeBroker [Missing Service]
 * uagp35 [Missing Service]
 * uliagpkx [Missing Service]
 * WcsPlugInService [Missing Service]
 * wpcfltr [Missing Service]
 * WSService [Missing Service]
 * AJRouter => %SystemRoot%\system32\svchost.exe -k LocalServiceNetworkRestricted [Incorrect ImagePath]
 * RetailDemo => %SystemRoot%\System32\svchost.exe -k rdxgroup [Incorrect ImagePath]
 * WpnService => %systemroot%\system32\svchost.exe -k netsvcs [Incorrect ImagePath]
 * vmicrdv => %SystemRoot%\System32\icsvcext.dll [Incorrect ServiceDLL]
 * vmicvss => %SystemRoot%\System32\icsvcext.dll [Incorrect ServiceDLL]
Searching for Missing Digital Signatures:
 * No issues found.
Checking HOSTS File:
 * No issues found.
Program finished at: 04/13/2017 09:32:09 PM
Execution time: 0 hours(s), 0 minute(s), and 28 seconds(s)

 

 OP worry about these missing services. The computer seems clean.


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#980 Grinler

Grinler

    Lawrence Abrams

  • Topic Starter

  • Admin
  • 42,945 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:04:13 PM

Posted 14 April 2017 - 08:44 AM

It is clean. Can be ignored. Need to tweak it more for Windows 10 next week.

#981 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 9,410 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:04:13 PM

Posted 14 April 2017 - 01:50 PM

Thanks. :)


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#982 selohu

selohu

  • Members
  • 9 posts
  • OFFLINE
  •  

Posted 16 April 2017 - 07:23 AM

ok gracias






3 user(s) are reading this topic

0 members, 3 guests, 0 anonymous users