Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


you saved my A$$ ! A hearty thanks to all !

  • Please log in to reply
1 reply to this topic

#1 bad man

bad man

  • Members
  • 2 posts
  • Local time:03:39 AM

Posted 27 March 2011 - 10:38 PM

I am a newbie and non Info Security person, so some of my queries may seem foolish. I am more of a security enthusiast - keep abreast of development and tech and learn to use them, not do the coding/analysis. Would love to learn the intricacies of security though.

Came to know about this site through google, after my half-day ordeal(could have been more if it were not for you !).. Here are the details :

I use win7 64 bit home. Got infected by a fake AV - Win 7...2011...(you made me forget its name so soon !!! :thumbup2: ) that came after merely downloading a zip attachment from a legit source(or so it seems). The fake AV was preventing me from using browsers and installing Malware Bytes (MBAM). So i used internet from virtual box.

1-I ran Rkill and got rid of the fake AV as suggested here.
2-Used net from win7 itself and got MBAM and found Trojan.Fakealert at 4 places \AppData\local.
Killed them all.

Free avira had detected "worm rorprian" but was unable to resolve my problem.

Rkill removes this file called InfDefaultInstall.exe every time i run it. Is this a component of the malware ?
Also, all the bad files kept reappearing in Rkill logs until MBAM got rid of the "runonce.exe". Does it reinstall c-r-a-p on boot ?

thanks and warm regards to all of you.

Edited by bad man, 27 March 2011 - 10:40 PM.

BC AdBot (Login to Remove)


#2 bad man

bad man
  • Topic Starter

  • Members
  • 2 posts
  • Local time:03:39 AM

Posted 27 March 2011 - 10:45 PM

One issue with the registration process :

I clicked the link sent to me and go into my already opened e-mail account instead of coming here. Please let me know why ?


0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users