Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

RiskWare.Tool.CK found by Malwarebytes' - (Log included)


  • This topic is locked This topic is locked
3 replies to this topic

#1 Rezinus

Rezinus

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:10:33 AM

Posted 22 March 2011 - 11:39 AM

I just ran a Malwarebytes' Anti-Malware complete scan and found an infected file.
The log says the file was quarantined and removed successfully however the file remains in Quarantine.

I need assistance on what to do from here so my PC is free of any infections.
OS: Windows XP SP3



Malwarebytes' log:

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6131

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

3/22/2011 9:18:29 AM
mbam-log-2011-03-22 (09-18-29).txt

Scan type: Full scan (C:\|)
Objects scanned: 167086
Time elapsed: 21 minute(s), 42 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\system volume information\_restore{124def7d-e19b-46c5-bd0a-52ed2c1d323d}\RP126\A0025966.exe (RiskWare.Tool.CK) -> Quarantined and deleted successfully.




All help is GREATLY appreciated.

BC AdBot (Login to Remove)

 


#2 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:01:33 PM

Posted 22 March 2011 - 12:38 PM

Hello Rezinus ,

Posted Image

Are all your othwer scans coming up clean? This is easy to resolve if this is indeed the only problem. :thumbup2:

Click Start Menu > Run > type (or copy and paste)

%SystemRoot%\System32\restore\rstrui.exe

Press OK. Choose Create a Restore Point then click Next. Name it ( something you'll remember) and click Create, when the confirmation screen shows the restore point has been created click Close.

Next go to Start Menu > Run > type

cleanmgr

Click OK, Disk Cleanup will open and start calculating the amount of space that can be freed, Once thats finished it will open the Disk Cleanup options screen, click the More Options tab then click Clean up on the system restore area and choose Yes at the confirmation window which will remove all the restore points except the one we just created.

To close Disk Cleanup and remove the Temporary Internet Files detected in the initial scan click OK then choose Yes on the confirmation window.

Scans should now come up quiet. :)

Let me know how you come out. :)

tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#3 Rezinus

Rezinus
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:10:33 AM

Posted 04 April 2011 - 01:10 PM

Worked great!

Thanks teacup61.

#4 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:01:33 PM

Posted 07 April 2011 - 03:24 PM

Most welcome. :thumbup2:

Since this issue appears resolved ... this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users