Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Security Tool


  • Please log in to reply
6 replies to this topic

#1 horslvr

horslvr

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:10:03 PM

Posted 26 November 2010 - 01:15 PM

so I'm trying to remove "security tool" without running to the Geek Squad. I have infected my lap top (I new I kept my desktop for a reason)
I've booted in safe mode and followed the instuctions for rkill all the way to double clicking rkill.com
Then it says the program is terminated. I get a message pop up in notepad saying services stopped:
Processes terminated by rkill or while it was running.
I downloaded: .com .exe and eXplorer.exe..................nothing helps
"sigh"
any suggestions would be apprecieated
thanks
Horslvr
PS I hope I didn't post this in the wrong place I don't usually post on threads

Edited by Andrew, 26 November 2010 - 01:27 PM.
Mod Edit: Moved From Introductions; Clarified issue in title - AA


BC AdBot (Login to Remove)

 


#2 AustrAlien

AustrAlien

    Inquisitor


  • Members
  • 6,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Cowra NSW Australia
  • Local time:01:03 PM

Posted 26 November 2010 - 02:57 PM

I've booted in safe mode and followed the instuctions for rkill all the way to double clicking rkill.com
Then it says the program is terminated. I get a message pop up in notepad saying services stopped:
Processes terminated by rkill or while it was running.

That's just fine: That is what is supposed to happen.
RKill - What it does and What it Doesn't - A brief introduction to the program

Carry on following the guide carefully:
Remove Security Tool and SecurityTool (Uninstall Guide)

The log is automatically saved and can be viewed by clicking the Logs tab in MBAM. Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.

Please post the log and let us know how the system is running now.

Edited by AustrAlien, 26 November 2010 - 03:02 PM.

AustrAlien
Google is my friend. Make Google your friend too.

Posted Image

#3 horslvr

horslvr
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:10:03 PM

Posted 27 November 2010 - 11:59 AM

Thanks for your reply, AustrAlien. Unless I'm missing something rkill is not running at all. Here's what happens
I follow the steps
Double click rkill.com
I receive the black box saying be patient terminating malware processes, but the box only shows for a second when it is replaced by...
Notepad opens saying:
This log file is located at c:\rkill.log.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you are ready.
ran as localadmin on 11/27/2010 at 11:47

Services Stopped:
Process terminated by rkill or while it was running:

On top of this message in Note Pad a window opens saying Windows is running in safe mode. etc etc etc
To proceed to work in safe mode, click yes. if you prefer to use System Restore to restor your computer toa previous state, click no.
I'm not a tech, and something that seems simple is so frustrating. I hate to think of paying someone $50 for someing I shouls be able to do "sigh"

I just don't know what to do :-(
thanks
Val

#4 AustrAlien

AustrAlien

    Inquisitor


  • Members
  • 6,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Cowra NSW Australia
  • Local time:01:03 PM

Posted 27 November 2010 - 06:12 PM

You can do this!

By the sound of that, rkill is running just fine. Post the log if you wish, along with the MBAM log.


On top of this message in Note Pad a window opens saying Windows is running in safe mode. etc etc etc
To proceed to work in safe mode, click yes. if you prefer to use System Restore to restor your computer toa previous state, click no.

It seems you might be getting in very early with your running of rkill, before you have actually chosen to use Safe Mode.

Try this: Allow a little more time before running rkill. Boot up Windows, choosing to start in Safe Mode, and allow Safe Mode to load fully and you should see the "window opens saying Windows is running in safe mode. etc etc etc
To proceed to work in safe mode, click yes."

Click on "Yes". Then run rkill ... and continue with the instructions.

rkill may or may not find any running malware processes to shut down. Don't worry about it if it doesn't. Simply continue on with the instructions, and post the log(s).

And please, let us know if you have any problems.


PS I hope I didn't post this in the wrong place I don't usually post on threads

More practise is what you need, so just keep on keeping on ... and we will get there: You are doing just fine! Keep it up.

Edited by AustrAlien, 27 November 2010 - 06:20 PM.

AustrAlien
Google is my friend. Make Google your friend too.

Posted Image

#5 horslvr

horslvr
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:10:03 PM

Posted 27 November 2010 - 07:10 PM

thanks again for holding my hand. I'll work on this again tomorrow. This is out of my comfort zone I'm a user and have some great IT guys that keep me going at work. It will be a great victory for me to clean out my own computer :-)
This may be a silly question, but you said to copy the results. I'm on a desktop and it's my laptop that's infected. Is it ok to be on the internet in safe mode? Or do I need to copy and past onto a flash drive and transfer to the desktop. I understand safe mode doesn't open all the crap that you normally open, but does it leave me vunerable. thanks again Val

#6 AustrAlien

AustrAlien

    Inquisitor


  • Members
  • 6,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Cowra NSW Australia
  • Local time:01:03 PM

Posted 27 November 2010 - 07:27 PM

"copy and past onto a flash drive and transfer to the desktop"
That is one good way to do the job.

"Is it ok to be on the internet in safe mode?" "does it leave me vulnerable?"
Safe Mode with networking will allow you to access the internet. It is OK to use in a limited capacity to access known safe sites, and hopefully the BC forums are pretty safe. Yes, it does tend to leave you vulnerable, in that your anti-virus and any other security programs may not be fully functional.

BUT ... let's hope that the infection is cleaned right up and you can load Windows normally and post the logs then!
Don't forget to let us know how the computer is running.

Edited by AustrAlien, 27 November 2010 - 07:28 PM.

AustrAlien
Google is my friend. Make Google your friend too.

Posted Image

#7 horslvr

horslvr
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:10:03 PM

Posted 30 November 2010 - 02:13 PM

I am defeated by this bleeping computer. You couldn't pay me enough to keep these going.
Anyway, thanks for trying, but rkill won't run. I only get the message in note pad that the process was stopped and "that's all folks".
I let the computer completely boot up
I risked downloading rkill from safe mode
I even let the note pad message sit there for a few hours
I'm taking the bleeping thing to Staples "sigh" :-(




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users