remove win32.Ructo.ik [Archive] - Safer-Networking Forums

View Full Version : remove win32.Ructo.ik

JohnieT

2012-03-20, 16:04

Hallo guys,

I have a problem with removing Win32.Ructo.ik;

Everytime i run Spybotsd it find Win32.Ructo.ik in this file;

HKEY_USERS\S-1-5-21-2851668583-1731694904-3080702851-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\TLDUpdates!=W=1

SpybotSD delete/repair the file but when i reboot and scan again spybot find
win32.ructo.ik again.

Is it a dangerous file or is it nothing.

PLease help.

John.

Edit: http://forums.spybot.info/showthread.php?t=288

tashi

2012-03-20, 17:00

Hello JohnieT :welcome:

Everytime i run Spybotsd it find Win32.Ructo.ik in this file;

HKEY_USERS\S-1-5-21-2851668583-1731694904-3080702851-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\TLDUpdates!=W=1

SpybotSD delete/repair the file but when i reboot and scan again spybot find
win32.ructo.ik again.

Is it a dangerous file or is it nothing.

Win32.Ructo.ik copies several malicious files to the system directory of the operating system and creates an autorun entry in order to get launched on every start up. When the computer is infected Win32.Ructo.ik tries to download other malware in order to harm the computer.http://forums.spybot.info/showthread.php?t=65389

Have you tried running Spybot-S&D in safe mode? :)

To rule out a possible false positive please give more details.

Operating System
Browser and Version
Open Spybot Search & Destroy > Help > About and let us know the version and date of last definitions.
Also copy paste the top of the Spybot log showing the actual detection.

Best regards,

JohnieT

2012-03-20, 19:19

Thanks for your reaction,

I have tried to run in safe mode and later in normal mode but it still return.
Other returning problem is fraud.youtube.prx.

OS; windows 7 32 bit
IE 9
spybotSD 1.4

log
--- Report generated: 2012-03-20 19:08 ---

Fraud.Youtube.prx: Gebruikerinstellingen (Registerwijziging., fixed)
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyEnable!=W=1

Fraud.Youtube.prx: Gebruikerinstellingen (Registerwijziging., fixed)
HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyEnable!=W=1

Win32.Ructo.ik: Gebruikerinstellingen (Registerwijziging., fixed)
HKEY_USERS\S-1-5-21-2851668583-1731694904-3080702851-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\TLDUpdates!=W=1

--- Spybot - Search & Destroy version: 1.4 (build: 20050523) ---

2005-05-31 blindman.exe (1.0.0.1)
2005-05-31 SpybotSD.exe (1.4.0.3)
2005-05-31 TeaTimer.exe (1.4.0.2)
2012-03-19 unins000.exe (51.41.0.0)
2005-05-31 Update.exe (1.4.0.0)
2005-05-31 advcheck.dll (1.0.2.0)
2005-05-31 aports.dll (2.1.0.0)
2005-05-31 borlndmm.dll (7.0.4.453)
2005-05-31 delphimm.dll (7.0.4.453)
2005-05-31 SDHelper.dll (1.4.0.0)
2005-05-31 Tools.dll (2.0.0.2)
2005-05-31 UnzDll.dll (1.73.1.1)
2005-05-31 ZipDll.dll (1.73.2.0)
2012-01-16 Includes\Adware.sbi (*)
2012-03-13 Includes\AdwareC.sbi (*)
2010-08-13 Includes\Cookies.sbi (*)
2010-12-14 Includes\Dialer.sbi (*)
2011-11-29 Includes\DialerC.sbi (*)
2012-01-31 Includes\HeavyDuty.sbi (*)
2011-03-29 Includes\Hijackers.sbi (*)
2011-10-04 Includes\HijackersC.sbi (*)
2010-09-15 Includes\iPhone.sbi (*)
2012-03-13 Includes\Keyloggers.sbi (*)
2012-03-13 Includes\KeyloggersC.sbi (*)
2012-01-10 Includes\Malware.sbi (*)
2012-03-13 Includes\MalwareC.sbi (*)
2011-02-24 Includes\PUPS.sbi (*)
2012-02-28 Includes\PUPSC.sbi (*)
2010-01-25 Includes\Revision.sbi (*)
2011-02-24 Includes\Security.sbi (*)
2011-12-13 Includes\SecurityC.sbi (*)
2008-06-03 Includes\Spybots.sbi (*)
2008-06-03 Includes\SpybotsC.sbi (*)
2012-01-17 Includes\Spyware.sbi (*)
2012-02-28 Includes\SpywareC.sbi (*)
2010-03-08 Includes\Tracks.uti
2011-09-28 Includes\Trojans.sbi (*)
2012-03-06 Includes\TrojansC-02.sbi (*)
2012-03-12 Includes\TrojansC-03.sbi (*)
2012-03-13 Includes\TrojansC-04.sbi (*)
2012-03-05 Includes\TrojansC-05.sbi (*)
2012-03-09 Includes\TrojansC.sbi (*)
2007-06-06 Plugins\TCPIPAddress.dll

I hope to hear from you.

John.

tashi

2012-03-20, 21:08

Hello JohnieT,

I left notice asking a detective to look at the detection, that would be tonight/morning depending on time zones. :)

JohnieT

2012-03-20, 22:40

Thanks dude,

Hope to hear from you.

John.

Yodama

2012-03-21, 07:32

Hello JohnieT,

what Spybot S&D 1.4 is finding on your computer are symphtoms of possible infections but it is not necessarily the malware named here since these detection rules are made for Spybot S&D 1.6.2 and older versions interprete this differently.

Uninstall Spybot S&D 1.4 and install Spybot S&D 1.6.2.
After that fully update Spybot S&D 1.6.2 do a scan, right click the scan result and save a full report. You can send this full report to detections@spybot.info for analysis, if you do this it is best to include a link to this thread within your email.

tashi

2012-03-21, 14:27

Thank you Yodama,

I miss read that version # :oops:

JohnieT

2012-03-21, 17:20

Hi,

I did a scan with Spybot 1.6 and no problems found!

:thanks:

Thanks for the help.

John.

tashi

2012-03-21, 18:10

Thank you for letting us know. :bigthumb: