Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


Computer tends to freeze. Scanners seem to be blocked. RarSFX0 seems very suspicious. Help on malware removal please?

  • Please log in to reply
No replies to this topic

#1 Acro


  • Members
  • 3 posts
  • Local time:08:36 PM

Posted 26 February 2012 - 10:43 AM

I noticed that my computer is running kinda slow lately. It tends to freeze sometimes, but will continue running after about 20 seconds. When I scan though, the scanners always seem to get blocked (this applies to Malwarebytes and SUPERAntiSpyware, not Avast!). Whenever I scan with MBAM or SAS, the scan grinds to a hold after a while, and I'm forced to cancel the scan. (usually through manually killing the process, as it usually crashes and won't respond). Avast scan doesn't get blocked, but finds no threats.

I tried something that a friend told me a while ago. I ran TDSSKiller, and it found nothing. Then I ran Rkill, and that's when I noticed something. There's a file/folder in my AppData directory called RarSFX0. When I ran Rkill, a command prompt screen popped up, with that RarSFX0 directory as title, looking as if it were running iexplore.exe. Simultaneously, my Avast! AutoSandbox gave me multiple pop-ups, each one saying that it had terminated a program that was running from that RarSFX0 folder. Names included iexplore.exe and iexplore.com. It had blocked my Rkill too but I told Avast to let Rkill run normally. I disabled the AutoSandbox for a minute to let Rkill run, then re-enabled it. Rkill terminated 2 Akamai NetSession processes and Avast!, along with one other process but I can't find the Rkill log anymore. I googled RarSFX0. Apperently it's a temporary file/directory that appears when using WinRAR. I removed WinRAR over a year ago though, so malware seems like the only possibility.

Any advice on how to remove this infection?

Additional info:
System: HP Pavillion dv7 Notebook
OS: Windows Vista Home Premium 32-bit

BC AdBot (Login to Remove)


0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users