Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

What is rarsfx0\installer.exe & $rsnopy8.lnk


  • Please log in to reply
3 replies to this topic

#1 Nelthak

Nelthak

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:07:54 AM

Posted 12 November 2017 - 06:26 PM

Hello,

 

Twice now I have had a program attempt to connect to the internet C:\users\[name]\appdata\local\temp\rarsfx0\installer.exe. I have opened the file location but as soon as I've blocked it via the firewall the temp folders files change. Unfortunately I hadn't thought to get a screenshot before these changes and that file disappears. No new software added and I don't have WinRar.

 

Unrelated to the above program...When doing a file cleanup with Bitdefender I found two curious files that were deleted from the recycle bin (recycle bin was empty prior to cleanup and I have hidden files showing) c:\$recycle.bin\s-1-5-21[more numbers]\$rsnopy8.lnk.

 

I have searched online and can't find any answers for the $rsnopy8.lnk and have found very little on rarsfx0\installer.exe. I'm running Malwarebytes Pro and Bitdefender can anyone help explain what either of these might be? Thanks


Edited by hamluis, 12 November 2017 - 07:07 PM.
Moved from Win 7 to Am I Infected - Hamluis.


BC AdBot (Login to Remove)

 


m

#2 Nelthak

Nelthak
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:07:54 AM

Posted Today, 03:46 AM

Hello agian,

 

I think I need help!

Both Bitdefender & Malwarbytes now wont run their rootkit scans. I tried using Chameleon and it wont run either and tells me Malwarebytes is not installed and it cant download it. Also now when I do searches in firefox I get a weird search suggestions- words have strange boxes after them and searches in Regedit cause BSOD!

 

 



#3 buddy215

buddy215

  • BC Advisor
  • 12,269 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:03:24 PM

Posted Today, 06:28 AM

Use CCleaner to remove Temporary files, program caches, cookies, logs, etc. Use the Default settings. No need to use the

Registry Cleaning Tool...risky. Pay close attention while installing and UNcheck offers of Google Chrome and Avast.

After install, open CCleaner and run by clicking on the Run Cleaner button in the bottom right corner.

CCleaner - PC Optimization and Cleaning - Free Download

 

If you are unable to run a scan using MBAM:

Follow the instructions in the thread below. Make sure to download the MBAR linked in it. Let me know if you're not able to launch it and run a scan.
https://forums.malwarebytes.com/topic/198907-requested-resource-is-in-use-error-unable-to-start-malwarebytes/

 

Download AdwCleaner by Xplode onto your desktop. (compatible with Windows 7, 8 and 10)

  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Scan button.
  • When the scan has finished click on Clean button.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss

A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”


#4 Nelthak

Nelthak
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:07:54 AM

Posted Today, 03:14 PM

Hi buddy215,

Used CCleaner on default settings. Ran scan with MBAR (I ran a scan yesterday with this tool and was still unable to get both MB and Bitdefender to run rootkit scan) got the same results as yesterday 'Probable Rootkit Detected' Registry value "AppInit_Dlls" found. I clicked no to remove it and ran the tool...yesterday I clicked yes! Scan finished and No Malware found.

 

Here are the results of the adwcleaner

Just now ran all these scans (Monday Dec 18 6:40am 2017) so not sure why the date is behind -guessing it is US time!?!

 

# AdwCleaner 7.0.5.0 - Logfile created on Sun Dec 17 19:57:40 2017
# Updated on 2017/29/11 by Malwarebytes
# Database: 12-15-2017.1
# Running on Windows 7 Professional (X64)
# Mode: scan
# Support: https://www.malwarebytes.com/support

***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

No malicious folders found.

***** [ Files ] *****

No malicious files found.

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

No malicious registry entries found.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries.

*************************



########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt ##########






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users