Results 1 to 3 of 3

Thread: I am having difficulties removing "mailskinner.rtk" and Kaspersky does not detect it

  1. 2007-09-28, 23:26 #1
    fct2006
    fct2006 is offline
    Junior Member
    Join Date
    Sep 2007
    Posts
    2

    Exclamation I am having difficulties removing "mailskinner.rtk" and Kaspersky does not detect it

    Hi I've been struggling with a possible trojan called "mailskinner.rtk". I can't seem to remove it it. Spybot detects it, but does not remove it. When you scan your pc with spybot, spybot removes it; but when you restart your pc, the "mailskinner.rtk" is still there. My pc has Kaspersky Internet Security, and personally, I am pretty amazed on how Kaspersky has not detected it. Is there a way I could receive any guidance on how to remove this from my pc? I am an online student, and I am afraid of loosing my personal information to this program. Please advice. Thank you

    PS: Feel free to email me at Removed

    Thank you
    Last edited by tashi; 2007-09-29 at 00:18. Reason: Removed email address in post and as username. Removed post in the 'waiting room"
  2. 2007-09-29, 00:19 #2
    tashi
    tashi is offline
    Member of Team Spybot tashi's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    30,965

    Default

    Hello.

    Please see the stickied procedure for this forum: "BEFORE you POST"(READ this Procedure BEFORE Requesting Assistance)

    Edit. This may be a false positive, please see: http://forums.spybot.info/showthread.php?p=123144
    Last edited by tashi; 2007-09-29 at 00:58. Reason: Added information.
    Microsoft MVP Reconnect 2018-
    Windows Insider MVP 2016-2018
    Microsoft Consumer Security MVP 2006-2016
  3. 2007-09-29, 03:14 #3
    fct2006
    fct2006 is offline
    Junior Member
    Join Date
    Sep 2007
    Posts
    2

    Exclamation Spybot cannot remove mailskinner.rtk and Kaspers

    Tashi, here is the info provided by Combatfix.exe


    ((((((((((((((((((((((((( Files Created from 2007-08-28 to 2007-09-30 )))))))))))))))))))))))))))))))
    .

    2007-09-29 18:33 <DIR> d-------- C:\Program Files\Trend Micro
    2007-09-28 17:36 51,200 --a------ C:\WINDOWS\NirCmd.exe
    2007-09-28 14:28 <DIR> d-------- C:\WINDOWS\Google Toolbar
    2007-09-28 14:28 <DIR> d-------- C:\Program Files\Safer Networking
    2007-09-28 13:22 <DIR> d---s---- C:\WINDOWS\system32\%SystemDrive%
    2007-09-28 12:11 <DIR> d-------- C:\Documents and Settings\Yari\Application Data\Uniblue

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2007-09-29 21:07 82188320 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
    2007-09-29 21:02 10150688 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
    2007-09-29 18:44 954596 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx
    2007-09-29 18:44 1104032 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
    2007-09-29 18:37 --------- d-------- C:\Program Files\Google
    2007-09-29 18:27 --------- d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2007-09-28 17:37 --------- d-------- C:\Program Files\Kaspersky Lab
    2007-09-28 16:05 --------- d-------- C:\Program Files\Toshiba Games
    2007-09-28 14:56 --------- d--h----- C:\Program Files\InstallShield Installation Information
    2007-09-28 14:28 --------- d-------- C:\Documents and Settings\Yari\Application Data\uTorrent
    2007-09-28 12:41 --------- d-------- C:\Documents and Settings\Yari\Application Data\U3
    2007-08-30 08:06 --------- d-------- C:\Documents and Settings\Yari\Application Data\AdobeUM
    2007-08-25 09:58 --------- d-------- C:\Program Files\BitComet
    2007-08-03 00:46 --------- d-------- C:\Program Files\Ahead
    2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\cdm.dll
    2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\wuapi.dll
    2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\wuauclt.exe
    2007-07-30 19:19 43352 --a------ C:\WINDOWS\system32\wups2.dll
    2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\wucltui.dll
    2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\wuweb.dll
    2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\wuaueng.dll
    2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\wups.dll
    .

    -- Snapshot reset to current date --
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .

    *Note* empty entries & legit default entries are not shown

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-11-28 00:52]
    "THotkey"="C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe" [2006-01-05 17:02]
    "SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2005-12-16 03:34]
    "LtMoh"="C:\Program Files\ltmoh\Ltmoh.exe" [2004-08-18 06:37]
    "AGRSMMSG"="AGRSMMSG.exe" [2005-10-15 09:29 C:\WINDOWS\agrsmmsg.exe]
    "NDSTray.exe"="NDSTray.exe" []
    "TPSMain"="TPSMain.exe" [2005-06-01 00:00 C:\WINDOWS\system32\TPSMain.exe]
    "dla"="C:\WINDOWS\system32\dla\DLACTRLW.exe" [2005-10-06 08:20]
    "Pinger"="c:\toshiba\ivp\ism\pinger.exe" [2005-03-17 20:37]
    "IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-05 15:37]
    "IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-11-28 14:41]
    "kis"="C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe" [2006-03-24 22:09]
    "CFSServ.exe"="CFSServ.exe" []
    "NeroCheck"="C:\WINDOWS\system32\\NeroCheck.exe" [2001-07-09 03:50]
    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06]
    "Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 22:46]
    "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2005-12-16 03:32]
    "igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-11-28 00:55]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 07:00]
    "EasyLinkAdvisor"="C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" [2006-04-02 19:07]
    "msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 12:54]
    "Uniblue RegistryBooster 2"="C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe" []
    "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46]

    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
    RAMASST.lnk - C:\WINDOWS\system32\RAMASST.exe [2006-02-15 11:31:42]

    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
    RAMASST.lnk - C:\WINDOWS\system32\RAMASST.exe [2006-02-15 11:31:42]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
    "InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "appinit_dlls"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL,C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
    path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
    backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^hp psc 1000 series.lnk]
    path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\hp psc 1000 series.lnk
    backup=C:\WINDOWS\pss\hp psc 1000 series.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^hpoddt01.exe.lnk]
    path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\hpoddt01.exe.lnk
    backup=C:\WINDOWS\pss\hpoddt01.exe.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
    path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
    backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Yari^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
    path=C:\Documents and Settings\Yari\Start Menu\Programs\Startup\LimeWire On Startup.lnk
    backup=C:\WINDOWS\pss\LimeWire On Startup.lnkStartup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Yari^Start Menu^Programs^Startup^Microsoft Office OneNote 2003 Quick Launch.lnk]
    path=C:\Documents and Settings\Yari\Start Menu\Programs\Startup\Microsoft Office OneNote 2003 Quick Launch.lnk
    backup=C:\WINDOWS\pss\Microsoft Office OneNote 2003 Quick Launch.lnkStartup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Yari^Start Menu^Programs^Startup^Stardock ObjectDock.lnk]
    path=C:\Documents and Settings\Yari\Start Menu\Programs\Startup\Stardock ObjectDock.lnk
    backup=C:\WINDOWS\pss\Stardock ObjectDock.lnkStartup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Yari^Start Menu^Programs^Startup^Y'z ToolBar.lnk]
    path=C:\Documents and Settings\Yari\Start Menu\Programs\Startup\Y'z ToolBar.lnk
    backup=C:\WINDOWS\pss\Y'z ToolBar.lnkStartup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
    "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
    C:\Program Files\Ahead\InCD\InCD.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    "C:\Program Files\iTunes\iTunesHelper.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSKDetectorExe]
    C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
    "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]
    C:\WINDOWS\system32\NeroCheck.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PadTouch]
    C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector]
    C:\Program Files\Picasa2\PicasaMediaDetector.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    "C:\Program Files\QuickTime\qttask.exe" -atboottime

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmoothView]
    C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
    "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TOSCDSPD]
    C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Tvs]
    C:\Program Files\Toshiba\Tvs\TvsTray.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "Bonjour Service"=2 (0x2)
    "Apple Mobile Device"=2 (0x2)

    R0 BsStor;InCD Storage Helper Driver;C:\WINDOWS\system32\DRIVERS\bsstor.sys
    R0 KR10N;KR10N;C:\WINDOWS\system32\drivers\KR10N.sys
    R2 BsUDF;InCD UDF Driver;C:\WINDOWS\system32\drivers\BsUDF.sys
    S3 IO_Memory;IO_Memory;\??\c:\sysprep\Drivers\ioport.sys
    S3 LMImirr;LMImirr;C:\WINDOWS\system32\DRIVERS\LMImirr.sys
    S3 SVRPEDRV;SVRPEDRV;\??\C:\SYSPREP\PEDrv.sys
    S3 TcUsb;TC USB Kernel Driver;C:\WINDOWS\system32\Drivers\tcusb.sys
    S3 tosrfec;Bluetooth ACPI from TOSHIBA;C:\WINDOWS\system32\DRIVERS\tosrfec.sys


    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
    AutoRun\command- E:\LaunchU3.exe -a

    .
    Contents of the 'Scheduled Tasks' folder
    "2007-07-23 13:42:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
    - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
    "2007-04-29 00:27:07 C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1169681202.job"
    - C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe
    .
    **************************************************************************

    catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-09-29 21:06:40
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...





    Thanks for the help

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    Completion time: 2007-09-29 21:09:06
    C:\ComboFix2.txt ... 2007-09-29 17:41
    .
    --- E O F ---
    Last edited by tashi; 2007-09-29 at 06:11. Reason: Two topics merged
« Previous Thread | Next Thread »

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules