Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

AV Security Suite Question - In regards to RKILL


  • Please log in to reply
4 replies to this topic

#1 Ian Hunter

Ian Hunter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:10:07 PM

Posted 02 September 2010 - 12:32 PM

Hello everyone. Last night while I was online a new trojan caught hold of my computer; The AV Security Suite Trojan. I went to the following link to rid the trojan from the computer: http://www.bleepingcomputer.com/virus-remo...-security-suite. I've been stuck at step #9 for a few hours now.

#9 says:

"9.Once it is downloaded, double-click on the rkill.com in order to automatically attempt to stop any processes associated with AV Security Suite and other Rogue programs. Please be patient while the program looks for various malware programs and ends them. When it has finished, the black window will automatically close and you can continue with the next step. If you get a message that rkill is an infection, do not be concerned. This message is just a fake warning given by AV Security Suite when it terminates programs that may potentially remove it. If you run into these infections warnings that close Rkill, a trick is to leave the warning on the screen and then run Rkill again. By not closing the warning, this typically will allow you to bypass the malware trying to protect itself so that rkill can terminate AV Security Suite . So, please try running Rkill until the malware is no longer running. You will then be able to proceed with the rest of the guide. If you continue having problems running rkill.com, you can download iExplore.exe or eXplorer.exe, which are renamed copies of rkill.com, and try them instead."

I was able to download Rkill to my desktop. I also downloaded "iExplore.exe" and eXplorer.exe.

When I run the program, the following happens:

1. I double click Rkill.
2. A black MS Dos prompt opens (Rkill Program). It runs for a few seconds before closing. I barely have a chance to read what the prompt says.
3. Following this, notepad opens with the following rkill.log:

"This log file is located at C:\rkill.log.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.
Ran as PC User on 09/02/2010 at 13:29:10.


Processes terminated by Rkill or while it was running:


C:\Users\PC User\Desktop\rkill.com


Rkill completed on 09/02/2010 at 13:29:12."

-----
So now I'm starting to think maybe Rkill isn't working. Or maybe it is, and it's just a very quick running program? I've run MBAM three times afterward and havent found any viruses. When I back out of safe mode and go back to the normal computer using mode, the virus is still there...

I've been in Safe Mode with Networking while doing the above tasks..

What should I do from this point?

Thank everyone!

Ian Hunter

Edited by hamluis, 02 September 2010 - 02:50 PM.
Moved from Vista to Am I Infected forum ~ Hamluis.


BC AdBot (Login to Remove)

 


#2 Ian Hunter

Ian Hunter
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:10:07 PM

Posted 02 September 2010 - 12:39 PM

I am version 6.0 for Windows Vista. I'm not sure if you need to know this or not..but it couldn't hurt posting this.

#3 Ian Hunter

Ian Hunter
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:10:07 PM

Posted 02 September 2010 - 05:28 PM

I went ahead and tried removing the trojan with MBAM. The computer looks clean however now I noticed when it starts up, MBAM is being blocked for some reason. Could this be a virus attempting to disable MBAM? Or could this be something else?

#4 Ian Hunter

Ian Hunter
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:10:07 PM

Posted 03 September 2010 - 08:10 PM

Anyone?

#5 DaChew

DaChew

    Visiting Alien


  • Members
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:10:07 PM

Posted 03 September 2010 - 08:17 PM

http://www.bleepingcomputer.com/forums/topic308364.html

Try one of the other options for Rkill
Chewy

No. Try not. Do... or do not. There is no try.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users