Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Defragmenter Virus not removed by malware


  • Please log in to reply
1 reply to this topic

#1 urukai

urukai

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:05:53 PM

Posted 11 January 2011 - 01:35 PM

Dear all,

I have a defragmenter virus running on my computer (windows XP) that blocked acess to all drives, folders and programs.

I followed this guide: http://www.bleepingcomputer.com/virus-removal/remove-system-defragmenter

But only managed to copy rkill to desktop after running windows on safe mode. After that, on normal mode, I tried all rkills but only the one named explorer.exe worked. It cancelled the virus and I had acess to folders and programs.

Since I had malware already installed I updated it and ran it. It found 4 infected files that I ordered to be cleaned at the end.
When I restarted the computer the defragmenter virus showed up again.

So, since I am all out of ideas I attach the rkill log:

This log file is located at C:\rkill.log.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.

Rkill was run on 11-01-2011 at 17:33:40.
Operating System: Microsoft Windows XP


Processes terminated by Rkill or while it was running:

C:\Programas\Google\Update\GoogleUpdate.exe
C:\PROGRA~1\NETWOR~1\COMMON~1\naPrdMgr.exe
C:\Programas\Google\Update\GoogleUpdate.exe
C:\WINDOWS\system32\msfeedssync.exe
C:\Documents and Settings\All Users\Application Data\RGtEQWtIaJSbR.exe
C:\Documents and Settings\All Users\Application Data\2jJndlcT.exe
C:\Programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Documents and Settings\aef\Ambiente de trabalho\eXplorer.exe


Rkill completed on 11-01-2011 at 17:33:48.


Thank you very much in advance, for all the help you may give me.
Best Regards.
Pedro

BC AdBot (Login to Remove)

 


#2 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 37,011 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:06:53 PM

Posted 12 January 2011 - 07:26 PM

Hello,

Please follow the instructions in ==>This Guide<==. If you cannot complete a step, skip it and continue.

Once the proper logs are created, then make a NEW TOPIC and post it ==>HERE<== Please include a description of your computer issues and what you have done to resolve them.

If you can produce at least some of the logs, then please create the new topic and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the topic and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.

Orange Blossom :cherry:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users