Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


Did a scan with Rkill, found a few things.

  • Please log in to reply
1 reply to this topic

#1 dog6611


  • Members
  • 21 posts
  • Local time:07:22 AM

Posted 13 March 2016 - 11:33 AM

I have included the log from Rkill below



Rkill 2.8.3 by Lawrence Abrams (Grinler)

Copyright 2008-2016 BleepingComputer.com
More Information about Rkill can be found at this link:
Program started at: 03/13/2016 12:20:31 PM in x64 mode.
Windows Version: Windows 8.1 
Checking for Windows services to stop:
 * No malware services found to stop.
Checking for processes to terminate:
 * C:\Windows\system32\valWBFPolicyService.exe (PID: 2460) [WD-HEUR]
 * C:\Users\Soggyz\AppData\Local\Apps\2.0\9GC279Q9.P5T\YTJ7ETAM.PA8\curs..tion_9e9e83ddf3ed3ead_0005.0001_fb8944c2684f5b6c\CurseClient.exe (PID: 5252) [UP-HEUR]
 * C:\Users\Soggyz\AppData\Local\Temp\ocr93D0.tmp\bin\rubyw.exe (PID: 4972) [UP-HEUR]
 * C:\Users\Soggyz\AppData\Local\Temp\ocrB870.tmp\bin\rubyw.exe (PID: 6792) [UP-HEUR]
4 proccesses terminated!
Checking Registry for malware related settings:
 * No issues found in the Registry.
Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
Performing miscellaneous checks:
 * Windows Defender Disabled
   [HKLM\SOFTWARE\Microsoft\Windows Defender]
   "DisableAntiSpyware" = dword:00000001
Checking Windows Service Integrity: 
 * No issues found.
Searching for Missing Digital Signatures: 
 * No issues found.
Checking HOSTS File: 
 * HOSTS file entries found:        krejs.com www.007guard.com 007guard.com 008i.com www.008k.com 008k.com www.00hq.com 00hq.com 010402.com www.032439.com 032439.com www.0scan.com 0scan.com 1000gratisproben.com www.1000gratisproben.com 1001namen.com www.1001namen.com 100888290cs.com www.100888290cs.com www.100sexlinks.com
  20 out of 15498 HOSTS entries shown.
  Please review HOSTS file for further entries.
Program finished at: 03/13/2016 12:22:08 PM
Execution time: 0 hours(s), 1 minute(s), and 36 seconds(s)



I am mainly worried about the ruby programs that were running.  Is there something I can to make sure it is not there anymore.  I ran scans with Kaspersky and Malwarebytes but they did not detect anything.  

Help would be greatly appreciated,


BC AdBot (Login to Remove)



#2 buddy215


  • BC Advisor
  • 12,763 posts
  • Gender:Male
  • Location:West Tennessee
  • Local time:07:22 AM

Posted 13 March 2016 - 03:33 PM

See info at PIA_VPN (Private Internet Access – Virtual Private Network) - Look 'n' Stop Plugin | Wilders Security Forums

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss

A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users