Jump to content

Recommended Posts

Last week my laptop got infected with Vista internet security 2011 virus. I had MacAfee which did not catch it. I found on Bleeping computers to download and use the various versions of rkill exe. The virus did not allow me to download and save to my disk. So downloaded elsewhere, copied to a cd and tried to run the rkill. The virus did not allow any version of rkill to run. So i went into laptop through Safemode and ran rkill. It did not find any process. Then i ran Malwarebytes in safemode itself. It found couple of issues and fixed. But when i restarted the Vista internet security 2011 virus was still there. Then after another restart the virus went off. I got concerned whether its really gone or not. So i tried all scans available - Malwarebytes, Kaspersky online scanner, Microsoft online scanner. None of the scan reported anything. But strangely i see the following in my McAfee Accesproctectionlog file. Please let me understand why iexplore, explore and rkill are still in my computer and why are they trying to run from temp folder? Why McAfee is stopping them? I believe Kaspersky online scanner was running during the times mentioned below. I can post the entire log if needed.

25-03-2011 11:18:25 Would be blocked by Access Protection rule (rule is currently not enforced) TOSHIBA-PC\TOSHIBA C:\Users\TOSHIBA\AppData\Local\Temp\RarSFX5\h\explorer.exe C:\Users\TOSHIBA\AppData\Local\Temp\RarSFX5\procs\explorer.exe Common Standard Protection:Prevent common programs from running files from the Temp folder Action blocked : Execute

25-03-2011 11:18:25 Would be blocked by Access Protection rule (rule is currently not enforced) TOSHIBA-PC\TOSHIBA C:\Users\TOSHIBA\Desktop\iExplore.exe C:\Users\TOSHIBA\AppData\Local\Temp\RarSFX5\h\iexplore.exe Common Standard Protection:Prevent common programs from running files from the Temp folder Action blocked : Execute

25-03-2011 11:18:31 Would be blocked by Access Protection rule (rule is currently not enforced) TOSHIBA-PC\TOSHIBA C:\Users\TOSHIBA\Desktop\iExplore.exe C:\Users\TOSHIBA\AppData\Local\Temp\RarSFX5\rkill.bat Common Standard Protection:Prevent common programs from running files from the Temp folder Action blocked : Execute

Link to post
Share on other sites

Hello Raghu! Welcome to Malwarebytes' Anti-Malware Forums!

My name is Borislav and I will be glad to help you solve your problems with malware. Before we begin, please note the following:

  • The process of cleaning your system may take some time, so please be patient.
  • Follow my instructions step by step if there is a problem somewhere, stop and tell me.
  • Stay with the topic until I tell you that your system is clean. Missing symptoms does not mean that everything is okay.
  • Instructions that I give are for your system only!
  • If you don't know or can't understand something please ask.
  • Do not install or uninstall any software or hardware, while work on.
  • Keep me informed about any changes.
  • Post all of your log files, don't attach them.

Download DDS and save it to your desktop from here, here or here

Double click dds to run the tool.

  • When done, DDS will open two (2) logs:
    1. DDS.txt
    2. Attach.txt

    [*]Save both reports to your desktop. Post them back to your topic.

Link to post
Share on other sites

  • 2 weeks later...

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.