-
Looks like this program is illegal
c:\program files\winternals\recovery manager
It also looks like this is a company computer
Last edited by ken545; 2012-01-19 at 13:00.
-
This is my personal PC at home. I use it sometimes to work from home via VPN. As for c:\program files\winternals\recovery manager, this was installed a long time ago, maybe years. I don't remember ever using it though. Why is it illegal?
-
Well, I could be wrong but it looks like its some sort of key generator.
Please download Malwarebytes from Here or Here
- Double-click mbam-setup.exe and follow the prompts to install the program.
- At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
- If an update is found, it will download and install the latest version.
- Once the program has loaded, select Perform quick scan, then click Scan.
- When the scan is complete, click OK, then Show Results to view the results.
- Be sure that everything is checked, and click Remove Selected .
- When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
- Note: If you receive a notice that some of the items couldn't be removed, that they have been added to the delete on reboot list, please reboot.
Post the report please
-
Ok, here is the log. Re-booted system.
Malwarebytes Anti-Malware (Trial) 1.60.0.1800
www.malwarebytes.org
Database version: v2012.01.19.03
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Admiral Turron :: antec [administrator]
Protection: Enabled
1/19/2012 2:27:25 PM
mbam-log-2012-01-19 (14-27-25).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 195142
Time elapsed: 8 minute(s), 15 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 1
C:\WINDOWS\system32\drivers\acpi.sys (Virus.RLoader) -> Quarantined and deleted successfully.
(end)
-
-
Yes, my computer is running faster. The results of the online scan...
C:\Documents and Settings\All Users\Application Data\rrexvahnjbxu\spoof.avi Win32/Agent.SWD trojan
-
Go ahead and delete this
C:\Documents and Settings\All Users\Application Data\rrexvahnjbxu
Give me an update as to how all is working ?
-
All is working well and I have deleted the directory. Should I now delete all the things I downloaded to my desktop? I will also turn on my anti-virus software "PC Tools Spyware Doctor with AntiVirus" if it is okay.
-
Now to remove most of the tools that we have used in fixing your machine:- Make sure you have an Internet Connection.
- Download OTC to your desktop and run it
- A list of tool components used in the cleanup of malware will be downloaded.
- If your Firewall or Real Time protection attempts to block OTC to reach the Internet, please allow the application to do so.
- Click Yes to begin the cleanup process and remove these components, including this application.
- You will be asked to reboot the machine to finish the cleanup process. If you are asked to reboot the machine choose Yes.
Malwarebytes is the free version and yours to keep and will not be removed
Safe Surfn
Ken
-
Hi,
I have removed all of the tools from my PC. But when I run a full scan with my anti-virus software it still finds a high risk threat called "Rootkit TDSS.v2".
Do you think it is a problem with my anti-virus software? My PC is running fine.
Tags for this Thread
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules