Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Cannot get Microsoft Security Essentials Alert process to stop w/rkill


  • Please log in to reply
9 replies to this topic

#1 cward85

cward85

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:03:35 PM

Posted 23 August 2010 - 11:20 PM

I have tried rkill.com, iexplorer.exe and mexplorer.exe (typing from memory) to stop the alert virus process--just pops back up after half a second of seeing the dos command prompt box pop up. Trying to get rid of it I safe mode with malware but not optimistic. Any help appreciated. Thanks

chris

Edited by hamluis, 24 August 2010 - 02:09 PM.
Moved from XP to Am I Infected forum ~ Hamluis.


BC AdBot (Login to Remove)

 


#2 pjpesanka

pjpesanka

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:06:35 PM

Posted 24 August 2010 - 01:06 PM

Try running it a few times in quick succession and hopefully you can get it to run before the malware catches up to it and terminates it.

#3 hamluis

hamluis

    Moderator


  • Moderator
  • 56,085 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:05:35 PM

Posted 24 August 2010 - 01:25 PM

It's none of my business (I was trying not to reply and ask)...but...why do you think of Microsoft Security Essentials as something that you want to stop...being alerted when there's a malware problem?

I'm sure that my twisted brain just doesn't understand properly...but...I would be trying to get some assistance in removing the malware, rather than stopping Windows from telling me there's malware.

What am I missing here?

From http://www.technibble.com/rkill-repair-tool-of-the-week/:

"So in summary rkill just kills processes, imports a reg file that restores HKEY_CLASSES_ROOT\exefile\shell\open\command, removes policies that disable regedit, taskmgr, hides your desktop icons, etc, and removes a key used by a malware protection process. Then it kills explorer so it will restart and enable some of the reg changes. Other than what is listed above, it does nothing else."

Louis

#4 hamluis

hamluis

    Moderator


  • Moderator
  • 56,085 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:05:35 PM

Posted 24 August 2010 - 01:34 PM

OK, OK...I get it now...there actually is something called Microsoft Security Essentials Alert out there....sorry for not realizing that.

Have you gone through the steps listed in the BC Removal Guide, Fake Microsoft Security Essentials Alert?

If you have and have been unsuccessful...I suggest that you follow the instructions in the above guide, which prepare you for posting a malware log in the appropriate BC forum.

3d line down from Step 16, "If you are still having trouble...".

Thanks :thumbsup:.

Louis

#5 AIK1891

AIK1891

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:06:35 PM

Posted 25 August 2010 - 04:48 PM

Try running it a few times in quick succession and hopefully you can get it to run before the malware catches up to it and terminates it.


I have also not been able to get it to work this time (I beat a similar malware in the Spring with same method) ... I am working on my parents' Vista machine, and it seems too many attempts at rapid clicking/opening of the rkill app causes 'blue screen' crash ... should I be clicking to open as many rkill windows as possible all at once? or clicking fast immediately after the malware shuts the previous attempt? ... also, in Safe Mode, Malwarebytes does not find it, and Norton finds 2 viruses but it says they need to be removed manually (Norton can't do so) and yet any attempts by me to manually move or delete them in in Safe Mode just gets an error message that can't be sent to destination folder or that I don't have permission for the action?

#6 TerryBr

TerryBr

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:05:35 PM

Posted 25 August 2010 - 11:34 PM

This is EXACTLY the problem I am having on my computer. The Microsoft Security Essential Alert came up on my wife, she "applied actions" then did the scan online and it came up with supposed solutions to my spyware. I did a websearch and found out that it was all a scam. The graphics that I found here on BleepingComputer were right on.

I followed the directions and tried rkill, and the other two programs to kill the process and all I get is the same "potential threat details" popping up and killing the rkill. I tried clicking on the rkill as fast as I could as suggested by another poster but its still there.

So any other suggestions for killing the fake MSEA before I can use the Malware removal tool?

#7 jswee

jswee

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:06:35 PM

Posted 05 September 2010 - 03:25 AM

I just had this happen to me. Rkill does work but you have to be persistent. Open rkill immediately when Windows starts, before the malware has a chance to do its thing. Don't stop at opening rkill just once either...keep opening it every few seconds or so, otherwise other malware processes will start up and you won't be able to run your anti-malware program. Once rkill's log shows that it hasn't terminated any processes(it shows a new log every time it is used), then you are probably good to go and run your anti-malware. I just recently had to do this, and it took several minutes of opening rkill every couple of seconds until all of the malware processes were successfully terminated.

#8 TerryBr

TerryBr

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:05:35 PM

Posted 05 September 2010 - 10:33 PM

I clicked to open rkill as fast as I could for several minutes with same result. Finally gave up and called a computer guy. He recommended:
-hitmanpro run it and delete all
-MalwareBytes run it and delete all

Did these two and it got rid the problem! Bought and installed Webroot instead of the free Avast I had been using.

#9 Taxol

Taxol

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:05:35 PM

Posted 16 September 2010 - 03:32 PM

I have tried rkill.com as like iexplorer.exe and other spellings, but it does not work, even with a million clicks.
A Minute after stoping the clicks, the malware closed my explorer.
But then I got it with "hitman pro" from NL, so i got my Desktop back.
After this Malwarebytes did the rest.

greetings from germany
Johannes

#10 blandfo

blandfo

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:06:35 PM

Posted 17 September 2010 - 03:17 PM

Is hitman pro a free dl? is that the next step i should take because i have not been able to beat the alert with any of the above mentioned techniques. Thanks




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users