Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


Am i infected?

  • Please log in to reply
1 reply to this topic

#1 heyitsjaaake


  • Members
  • 2 posts
  • Local time:02:19 AM

Posted 24 December 2010 - 12:53 AM

hey everyone, i need a little help. The other day my computer started acting up and i got boxes saying various files were infected... skypepm.exe. ymsrg_tray.exe, wuauclt.exe. i would run combofix or another program of that sort but firefox will not let me view sites... some advice would be great!

BC AdBot (Login to Remove)


#2 quietman7


    Bleepin' Janitor

  • Global Moderator
  • 51,590 posts
  • Gender:Male
  • Location:Virginia, USA
  • Local time:04:19 AM

Posted 24 December 2010 - 08:48 AM

IMPORTANT!: No one should be using ComboFix unless specifically instructed to do so by a Malware Removal Expert who can interpret the logs. It is a powerful tool intended by its creator to be "used under the guidance and supervision of an expert. Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again. When issues arise due to complex malware infections, possible false detections, problems running ComboFix or with other security tools causing conflicts, experts are usually aware of them and can advise what should or should not be done while providing individual assistance. Those attempting to use ComboFix on their own do not have such information and are at risk when running the tool in an unsupervised environment. Please read the pinned topic ComboFix usage, Questions, Help? - Look here.

Please reboot in "safe mode with networking", then download Malwarebytes' Anti-Malware (v1.50.1) and RKill by Grinler, saving them to your desktop.RKill.exe Download Link
RKill.com Download Link
RKill.scr Download LinkRenamed versions if the above do not work:
iExplore.exe Download Link
eXplorer.exe Download Link <- this renamed copy may trigger an alert from MBAM...just ignore it.
WiNlOgOn.exe Download Link
uSeRiNiT.exe Download LinkRKill is available in several versions to include renamed versions in case one does not work, you can try another. As such, you may want to download and save more than one before proceeding.

Reboot normally, then proceed as follows:
  • Double-click on the Rkill desktop icon to run the tool.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • If it still does not work, repeat the process and attempt to use one of the remaining versions until the tool runs.
  • Note: You may have to make repeated attempts to use Rkill several times before it will run as some malware variants try to block it.
  • A log file will be created and saved to the root directory, C:\rkill.log
  • Copy and paste the contents of rkill.log in your next reply.
-- If you get an alert that Rkill is infected, ignore it. The alert is a fake warning given by the rogue software which attempts to terminate tools that try to remove it. If you see such a warning, leave the warning on the screen and then run Rkill again. By not closing the warning, this sometimes allows you to bypass the malware's attempt to protect itself so that Rkill can perform its routine.

Important: Do not reboot your computer until after performing a scan with Malwarebyes'. A scan must be completed immediately after running RKill.

Perform a Quick Scan in normal mode with Malwarebytes' Anti-Malware and follow these instructions. Check all items found for removal. Don't forgot to check for database definition updates through the program's interface (preferable method) before scanning and to reboot afterwards. Failure to reboot normally will prevent Malwarebytes' from removing all the malware. When done, click the Logs tab and copy/paste the contents of the new report in your next reply.

If you cannot use the Internet or download any required programs to the infected machine, try downloading them from another computer (family member, friend, library, etc) with an Internet connection. Save to a flash (usb, pen, thumb, jump) drive or CD, transfer to the infected machine, then install and run the program(s). If you cannot copy files to your usb drive, make sure it is not "Write Protected". Some flash drives have a switch on the side or on the back as shown here which could have accidentally been moved to write protect.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users