Results 1 to 9 of 9

Thread: remove win32.Ructo.ik

  1. #1
    Junior Member
    Join Date
    Mar 2012
    Posts
    4

    Default remove win32.Ructo.ik

    Hallo guys,

    I have a problem with removing Win32.Ructo.ik;

    Everytime i run Spybotsd it find Win32.Ructo.ik in this file;

    HKEY_USERS\S-1-5-21-2851668583-1731694904-3080702851-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\TLDUpdates!=W=1

    SpybotSD delete/repair the file but when i reboot and scan again spybot find
    win32.ructo.ik again.

    Is it a dangerous file or is it nothing.

    PLease help.

    John.

    Edit: http://forums.spybot.info/showthread.php?t=288
    Last edited by tashi; 2012-03-20 at 17:38. Reason: Moved from the malware removal forum, link to FAQ provided :-)

  2. #2
    Member of Team Spybot tashi's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    30,955

    Default

    Hello JohnieT

    Quote Originally Posted by JohnieT View Post
    Everytime i run Spybotsd it find Win32.Ructo.ik in this file;

    HKEY_USERS\S-1-5-21-2851668583-1731694904-3080702851-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\TLDUpdates!=W=1

    SpybotSD delete/repair the file but when i reboot and scan again spybot find
    win32.ructo.ik again.

    Is it a dangerous file or is it nothing.
    Win32.Ructo.ik copies several malicious files to the system directory of the operating system and creates an autorun entry in order to get launched on every start up. When the computer is infected Win32.Ructo.ik tries to download other malware in order to harm the computer.
    http://forums.spybot.info/showthread.php?t=65389

    Have you tried running Spybot-S&D in safe mode?

    To rule out a possible false positive please give more details.

    • Operating System
    • Browser and Version
    • Open Spybot Search & Destroy > Help > About and let us know the version and date of last definitions.
    • Also copy paste the top of the Spybot log showing the actual detection.

    Best regards,
    Microsoft MVP Reconnect 2018-
    Windows Insider MVP 2016-2018
    Microsoft Consumer Security MVP 2006-2016

  3. #3
    Junior Member
    Join Date
    Mar 2012
    Posts
    4

    Default

    Thanks for your reaction,

    I have tried to run in safe mode and later in normal mode but it still return.
    Other returning problem is fraud.youtube.prx.

    OS; windows 7 32 bit
    IE 9
    spybotSD 1.4

    log
    --- Report generated: 2012-03-20 19:08 ---

    Fraud.Youtube.prx: Gebruikerinstellingen (Registerwijziging., fixed)
    HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyEnable!=W=1

    Fraud.Youtube.prx: Gebruikerinstellingen (Registerwijziging., fixed)
    HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyEnable!=W=1

    Win32.Ructo.ik: Gebruikerinstellingen (Registerwijziging., fixed)
    HKEY_USERS\S-1-5-21-2851668583-1731694904-3080702851-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\TLDUpdates!=W=1


    --- Spybot - Search & Destroy version: 1.4 (build: 20050523) ---

    2005-05-31 blindman.exe (1.0.0.1)
    2005-05-31 SpybotSD.exe (1.4.0.3)
    2005-05-31 TeaTimer.exe (1.4.0.2)
    2012-03-19 unins000.exe (51.41.0.0)
    2005-05-31 Update.exe (1.4.0.0)
    2005-05-31 advcheck.dll (1.0.2.0)
    2005-05-31 aports.dll (2.1.0.0)
    2005-05-31 borlndmm.dll (7.0.4.453)
    2005-05-31 delphimm.dll (7.0.4.453)
    2005-05-31 SDHelper.dll (1.4.0.0)
    2005-05-31 Tools.dll (2.0.0.2)
    2005-05-31 UnzDll.dll (1.73.1.1)
    2005-05-31 ZipDll.dll (1.73.2.0)
    2012-01-16 Includes\Adware.sbi (*)
    2012-03-13 Includes\AdwareC.sbi (*)
    2010-08-13 Includes\Cookies.sbi (*)
    2010-12-14 Includes\Dialer.sbi (*)
    2011-11-29 Includes\DialerC.sbi (*)
    2012-01-31 Includes\HeavyDuty.sbi (*)
    2011-03-29 Includes\Hijackers.sbi (*)
    2011-10-04 Includes\HijackersC.sbi (*)
    2010-09-15 Includes\iPhone.sbi (*)
    2012-03-13 Includes\Keyloggers.sbi (*)
    2012-03-13 Includes\KeyloggersC.sbi (*)
    2012-01-10 Includes\Malware.sbi (*)
    2012-03-13 Includes\MalwareC.sbi (*)
    2011-02-24 Includes\PUPS.sbi (*)
    2012-02-28 Includes\PUPSC.sbi (*)
    2010-01-25 Includes\Revision.sbi (*)
    2011-02-24 Includes\Security.sbi (*)
    2011-12-13 Includes\SecurityC.sbi (*)
    2008-06-03 Includes\Spybots.sbi (*)
    2008-06-03 Includes\SpybotsC.sbi (*)
    2012-01-17 Includes\Spyware.sbi (*)
    2012-02-28 Includes\SpywareC.sbi (*)
    2010-03-08 Includes\Tracks.uti
    2011-09-28 Includes\Trojans.sbi (*)
    2012-03-06 Includes\TrojansC-02.sbi (*)
    2012-03-12 Includes\TrojansC-03.sbi (*)
    2012-03-13 Includes\TrojansC-04.sbi (*)
    2012-03-05 Includes\TrojansC-05.sbi (*)
    2012-03-09 Includes\TrojansC.sbi (*)
    2007-06-06 Plugins\TCPIPAddress.dll

    I hope to hear from you.

    John.

  4. #4
    Member of Team Spybot tashi's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    30,955

    Default

    Hello JohnieT,

    I left notice asking a detective to look at the detection, that would be tonight/morning depending on time zones.
    Microsoft MVP Reconnect 2018-
    Windows Insider MVP 2016-2018
    Microsoft Consumer Security MVP 2006-2016

  5. #5
    Junior Member
    Join Date
    Mar 2012
    Posts
    4

    Default

    Thanks dude,

    Hope to hear from you.

    John.

  6. #6
    Senior Member Yodama's Avatar
    Join Date
    Oct 2005
    Location
    Buchenheim
    Posts
    1,110

    Default

    Hello JohnieT,

    what Spybot S&D 1.4 is finding on your computer are symphtoms of possible infections but it is not necessarily the malware named here since these detection rules are made for Spybot S&D 1.6.2 and older versions interprete this differently.

    Uninstall Spybot S&D 1.4 and install Spybot S&D 1.6.2.
    After that fully update Spybot S&D 1.6.2 do a scan, right click the scan result and save a full report. You can send this full report to detections@spybot.info for analysis, if you do this it is best to include a link to this thread within your email.
    born in the shadow to die in the shadow, that is the fate of the shinobi

    Spybot S&D Downloads

    Please help us improve Spybot and download our distributed testing client.

  7. #7
    Member of Team Spybot tashi's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    30,955

    Default

    Thank you Yodama,

    I miss read that version #
    Microsoft MVP Reconnect 2018-
    Windows Insider MVP 2016-2018
    Microsoft Consumer Security MVP 2006-2016

  8. #8
    Junior Member
    Join Date
    Mar 2012
    Posts
    4

    Default

    Hi,

    I did a scan with Spybot 1.6 and no problems found!



    Thanks for the help.

    John.

  9. #9
    Member of Team Spybot tashi's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    30,955

    Default

    Thank you for letting us know.
    Microsoft MVP Reconnect 2018-
    Windows Insider MVP 2016-2018
    Microsoft Consumer Security MVP 2006-2016

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •