Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Problem removing System Defragmenter malware


  • Please log in to reply
2 replies to this topic

#1 sarevok1

sarevok1

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:03:09 AM

Posted 16 December 2010 - 07:40 PM

Hey there,

I followed this guide with little to no success.

RKill ran as the guide said it would; black window that eventually closed, but this did not shut down the malware. I then attempted to open MBAM but got an error. I attempted to run MBAM a few more times until it finally ran. I followed the prompts, installed and ran a full scan, which found nothing at all.

Pulling my hair out at this point, any ideas?

This is the RKill log

This log file is located at C:\rkill.log.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.

Rkill was run on 12/17/2010 at 11:58:07.
Operating System: Microsoft Windows XP


Processes terminated by Rkill or while it was running:

C:\WINDOWS\system32\userinit.exe
C:\DOCUME~1\cam\LOCALS~1\Temp\sefiByUYtc.exe
C:\DOCUME~1\cam\LOCALS~1\Temp\95168734.exe
C:\WINDOWS\system32\imapi.exe


Rkill completed on 12/17/2010 at 11:58:09.

Edited by sarevok1, 16 December 2010 - 08:11 PM.


BC AdBot (Login to Remove)

 


#2 sarevok1

sarevok1
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:03:09 AM

Posted 16 December 2010 - 08:34 PM

Update,

I was doing my 3rd full scan with MBAM and the computer restarted. Upon rebooting it is not

Checking file system on C:

One of your disks needs to be checked for consistency. You may cancel the disc check...

Is this more sinister than I thought?

#3 AustrAlien

AustrAlien

    Inquisitor


  • Members
  • 6,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Cowra NSW Australia
  • Local time:06:09 PM

Posted 16 December 2010 - 09:34 PM

I was doing my 3rd full scan with MBAM and the computer restarted <<< The system failed and re-started, probably resulting in hard disk file system corruption and triggering a "Check Disk" or disk "Error Check" on restart.
Upon rebooting it is ...
Checking file system on C:
One of your disks needs to be checked for consistency. You may cancel the disc check...

Please do the following from within Windows, either booted normally or in Safe Mode:

Use the Windows Error checking utility (Check Disk), with the option to "Automatically fix file system errors".
  • Open "My Computer"
  • Right-click on the drive that you wish to check > Properties > Tools > and in the "Error checking" section, click on "Check now".
  • Place a tick in the upper box ONLY (beside "Automatically fix file system errors") > Start.
  • If the disk you have chosen is the system disk:
    • A message will notify you that a restart is necessary: Click OK, and close all windows.
    • Re-start the computer. The disk will be checked when the system boots.
      This test will take some time to run and at times may appear stalled but just let it run.
    • When the disk check is complete, the system will re-start automatically and load Windows.
    • If any errors were found, or repairs made, re-start the computer a second time.
  • If any errors were found, it may be prudent to repeat Check Disk.

Based on the facts that you have not had any success with the appropriate removal guide, you don't have much hair left, and looking at what was contained in the RKill log:

Processes terminated by Rkill or while it was running:
C:\WINDOWS\system32\userinit.exe
C:\DOCUME~1\cam\LOCALS~1\Temp\sefiByUYtc.exe
C:\DOCUME~1\cam\LOCALS~1\Temp\95168734.exe
C:\WINDOWS\system32\imapi.exe
Rkill completed on 12/17/2010 at 11:58:09.

which indicates that you have more serious malware issues than just simply System Defragmenter, I suggest that you follow the instructions in the
Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help

When you have done that, post your log in the "Virus, Trojan, Spyware, and Malware Removal Logs forum", NOT here, for assistance by the Malware Response Team experts.

Please let us know, here, if you have been able to successfully start your new topic.

Edited by AustrAlien, 16 December 2010 - 09:36 PM.

AustrAlien
Google is my friend. Make Google your friend too.

Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users