Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


Rkill.com and MBAM will not eliminate my malware

  • Please log in to reply
2 replies to this topic

#1 Arkitekt4040


  • Members
  • 2 posts
  • Local time:02:08 PM

Posted 04 May 2011 - 12:29 PM

Hello all, and thank you in advance for helping me out. I had a virus/malware problem a few days ago that looked like a typical "Security Essentials" or "Security Tools" malware/virus. I am running Windows XP, build 2600.xpsp_sp3_gdr.101209-1647:service pack 3. I started in safe mode, and I ran RKILL.com and then followed it up with MBAM. It found multiple infected files (roughly 20) and I restarted, updated MBAM (the virus wouldn't let me update it prior to the first scrub) and rescanned. I found a couple more infected files(maybe 5 tops). I then restarted again, rescanned and MBAM found nothing. I thought I had beat this virus, but I was very, very wrong. I started getting re-directs from Google when searching online. I also found that my computer has been running incredibly slow since I first went toe to toe with this virus. So, today I started windows in safe mode and tried to run RKILL.com. I instantly had a window pop-up that was the "open with" dialog box. The program it was trying to run was iexplorer.exe. Every time I tried to close out of the pop-up "open with" window, a new one popped up. Sometimes it would be for iexplorer.exe and sometimes it would be for explorer.exe. If I clicked the windows closed as fast as I possibly could eventually RKILL.com ran. BUT, before it finishes I get an line in the MS-DOS cmd.exe file that reads:
"sed.exe: can't read c:\DOCUME~1\MATTNE~1\LOCALS~1\Temp\rks1.log: No such file or directory"

I also get a windows pop-up that says:
"Windows cannot find "notepad.exe". Make sure you typed the name correctly, and then try again. To search for the file........" With that, I cannot view the RKILL.com log.

I tried to run MBAM from safe mode and I am getting the pop-up "open with" window again, this time with MBAM.exe as the referenced file.
Any time I try to run any application but MBAM and RKILL I get this:
"C:\WINDOWS\System32\rundll32.exe Application not found"
Any help you can provide would be greatly appreciated. If this has already been covered else where, mae culpa, and please point me in the right direction. I am not as computer savvy as I used to be, but I hope I will be able to walk myself through this problem with a little help from you guys. Thank you again for your time on this.

Edit: Moved topic from XP to the more appropriate forum. ~ Animal

BC AdBot (Login to Remove)


#2 Arkitekt4040

  • Topic Starter

  • Members
  • 2 posts
  • Local time:02:08 PM

Posted 06 May 2011 - 09:42 AM

Just checking in to see if anyone had any advice to offer on this. I still cannot get rkill.com to work. I have renamed it to iexplorer.exe, eXplorer.exe, etc. But everytime it gets started it says "rks1.log: no such file or directory." I went to the specified directory and renamed a file called rke1.log to rks1.log and it looks like that helped. But, it still wont run, it is telling me that windows cannot locate notepad.exe. Where is the default location of notepad.exe. Or, where is rkill looking for it? I understand how busy you all are, and thanks for doing what you do. Any help at all would be appreciated.

Edited by Arkitekt4040, 06 May 2011 - 10:20 AM.

#3 cds568


  • Members
  • 65 posts
  • Gender:Male
  • Location:Connecticut
  • Local time:04:08 PM

Posted 06 May 2011 - 12:39 PM

I have a similar situation. I am trying to get rid of Anti-Virus 2011. I ran a sub-name of Rkill. good. Ran Malwarebytes, updated it and then started scanning. It found I think 11-13 infections before I discovered someone unplugged AC. Laptop died. When I try to go back and run any .exe (Rkill, MBM) it opens the popup that prompts which app you would like to open it with. I have done this in safe mode and normal boot up. I would just reformat at this point, but it was my daughter's laptop and still have not located the recovery disk yet.

Any help out there??

Edited by cds568, 06 May 2011 - 12:40 PM.

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users