Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected by "Personal Security" rkill not deploying


  • Please log in to reply
2 replies to this topic

#1 HarveyT

HarveyT

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Ruidoso, New Mexico USA
  • Local time:08:11 PM

Posted 19 April 2010 - 12:31 AM

Update: 4-19-2010, 09:33am
I was unable to complete the steps from the regular user profile. However, I accessed the Administrator profile and WAS able to complete all of the steps! The rescue is complete and looking good. :-)
Many, many thanks to all of you for the great tips that made this revival possible. :thumbsup:
Harvey T. - KEDU Radio
<>
I have been through all of the steps to uninstall "Personal Security.' So farm rkill, iEplore and Explore.exe will not continute to deploy. The DOS/Black Screen lasts only seconds. I cannot deploy Malwarebytes. Suggestions?
Thanks
Harvey T.

Edited by HarveyT, 19 April 2010 - 10:34 AM.


BC AdBot (Login to Remove)

 


#2 Jack Regan

Jack Regan

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:03:11 AM

Posted 19 April 2010 - 12:46 PM

Update: 4-19-2010, 09:33am
I was unable to complete the steps from the regular user profile. However, I accessed the Administrator profile and WAS able to complete all of the steps! The rescue is complete and looking good. :-)
Many, many thanks to all of you for the great tips that made this revival possible. :thumbsup:
Harvey T. - KEDU Radio
<>
I have been through all of the steps to uninstall "Personal Security.' So farm rkill, iEplore and Explore.exe will not continute to deploy. The DOS/Black Screen lasts only seconds. I cannot deploy Malwarebytes. Suggestions?
Thanks
Harvey T.



Hi,

I assume you're starting up in safe mode?

If you start up in safe mode and you have a copy of rkill on a USB stick, then you should be able to open and use it to stop the malware running. Then you can run Malwarebytes.

Once you've finished with the scan, open Search from the desktop (make sure it's expanded to look for hidden files and look for any signs of Personal Security or anything else you knos's infected you.

They're normally hidden at the best of times, but sometimes they turn up. Needless to say if there is anything, send it to the recycle bin.

Once you've done that, go to the explorer, click on the Safety tab, then delete browsing history - tick ALL the boxes, then delete.

Do the same thing again with the Tools tab - sounds stupid but temps hang in there sometimes! Once that's done, turn off System Restore.

Then empty the Recycle Bin. Then download a copy of Rkill to the desktop, and another to a folder you can access from the desktop (as a backup in case any latent malware tries to delete the first).

Then restart in normal mode, click on rkill ASAP just to be sure, then run a full scan with your regular antivirus suite (must have its own antimalware bult in to be sure).

If it comes up clean, then I'd recommend going to recovery/reinstall (not restore) just to be sure.
if you're running an HP and you haven't done a recent backup to an external drive, then try a basic recovery which will allow you to save your stuff. Then go into Destructive Recovery and return to basic factory settings - means you have to reinstall everything added after that, but it's the only way to be sure the computer is clean.
If you've missed any of these, there's a fair chance you still have some form of malware lurking in your computer.

Hope smething there is of help.

#3 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,573 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:11 PM

Posted 19 April 2010 - 04:29 PM

Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.

    Posted Image
  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Make sure the Sections option is checked (in the right hand panel). Leave all other options unchecked!
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and re-enable all active protection when done.
-- If you encounter any problems, try running GMER in Safe Mode.
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users