Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Your system is infected


  • Please log in to reply
5 replies to this topic

#1 wilric

wilric

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:11:29 AM

Posted 19 October 2010 - 07:37 PM

Thanks for the info. This i a great place. Firday I got rid of the security tool infction. Today we received the message "Your system is infected" I tried using the kill program 30- 40 imes and it kpt sayingthe SVChost was killed. when I tried to intall Malwarebytes it seemed to instal. I updated the files and then tried to run it. It disappeared after about 4 seconds. I assume it was taken over by the Virus. I have started Symantic and maybe that will find it. Any thoughts?

Richard

BC AdBot (Login to Remove)

 


#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,391 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:02:29 PM

Posted 19 October 2010 - 09:04 PM

Some types of malware will target Malwarebytes Anti-Malware and other security tools to keep them from running properly. Other types of malware may delete the main mbam.exe executable file during installation or when attempting to perform a scan which results in various errors. If that's the case, please refer to the suggestions provided in For those having trouble running Malwarebytes Anti-Malware for using RKill by Grinler or downloading a renamed version of mbam.exe. Do not reboot after running Rkill. Immediately after running this tool, you need to perform your scan with Malwarebytes Anti-Malware.

Note: You may have to make repeated attempts to use Rkill several times before it will run as some malware variants try to block it.

If you get an alert that Rkill is infected, ignore it. The alert is a fake warning given by the rogue software which attempts to terminate tools that try to remove it. If you see such a warning, leave the warning on the screen and then run Rkill again. By not closing the warning, this sometimes allows you to bypass the malware's attempt to protect itself so that Rkill can perform its routine.

.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#3 wilric

wilric
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:11:29 AM

Posted 20 October 2010 - 10:39 AM

Some types of malware will target Malwarebytes Anti-Malware and other security tools to keep them from running properly. Other types of malware may delete the main mbam.exe executable file during installation or when attempting to perform a scan which results in various errors. If that's the case, please refer to the suggestions provided in For those having trouble running Malwarebytes Anti-Malware for using RKill by Grinler or downloading a renamed version of mbam.exe. Do not reboot after running Rkill. Immediately after running this tool, you need to perform your scan with Malwarebytes Anti-Malware.

Note: You may have to make repeated attempts to use Rkill several times before it will run as some malware variants try to block it.

If you get an alert that Rkill is infected, ignore it. The alert is a fake warning given by the rogue software which attempts to terminate tools that try to remove it. If you see such a warning, leave the warning on the screen and then run Rkill again. By not closing the warning, this sometimes allows you to bypass the malware's attempt to protect itself so that Rkill can perform its routine.



I ran Rkill lots of times, I also downloaded the iexplorer copy of the rkill and ran that one. I copied the rbam.exe to the desktop as explorer.exe and then used that to install it right after running the rkill many times. Every time i follow those procedures Malwarebyte runs for approx 4 seconds before disappearing from the screen, When I checked the Taskmanager it showed no application running and nothing was running in the process as well. the Processor usage was at 10-15%
Last night I ran Symantec and it found nothing.

#4 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,391 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:02:29 PM

Posted 20 October 2010 - 11:18 AM

Try doing a different scan first.

Please download and scan with SUPERAntiSpyware Free
-- If you already use SUPERAntispyware, make sure you are using the most current version as it is frequently updated.
  • Double-click SUPERAntiSypware.exe and use the default settings for installation.
  • Follow these instructions: How to use SUPERAntiSpyware to scan and remove malware from your computer Guide.
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.
-- If you have a problem downloading, installing or getting SAS to run, try downloading and using the SUPERAntiSpyware Portable Scanner (listed under Popular Links) instead. Save the randomly named file (i.e. SAS_1710895.COM) to a usb drive or CD and transfer to the infected computer. Then double-click on it to launch and scan. The file is randomly named to help keep malware from blocking the scanner.

When done with that scan, see if MBAM will work then.

Edited by quietman7, 20 October 2010 - 11:18 AM.

.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#5 wilric

wilric
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:11:29 AM

Posted 21 October 2010 - 04:34 PM

Try doing a different scan first.

Please download and scan with SUPERAntiSpyware Free
-- If you already use SUPERAntispyware, make sure you are using the most current version as it is frequently updated.

  • Double-click SUPERAntiSypware.exe and use the default settings for installation.
  • Follow these instructions: How to use SUPERAntiSpyware to scan and remove malware from your computer Guide.
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.
-- If you have a problem downloading, installing or getting SAS to run, try downloading and using the SUPERAntiSpyware Portable Scanner (listed under Popular Links) instead. Save the randomly named file (i.e. SAS_1710895.COM) to a usb drive or CD and transfer to the infected computer. Then double-click on it to launch and scan. The file is randomly named to help keep malware from blocking the scanner.

When done with that scan, see if MBAM will work then.


I tried that and the computer froze up while it was updating its file. I have to turn computer off and it wouldn't reboot, it kept going back to the (F8 options ) screen, it would trie and reboot then cycled back to the F8 screen.

#6 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,391 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:02:29 PM

Posted 21 October 2010 - 05:30 PM

If the machine froze while SAS was updating, then it didn't have a chance to do scan or remove anything so it appears the malware infection took a turn for the worst.

What operating system are you using?
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users