Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Infected with rdriv.sys [RESOLVED]


  • This topic is locked This topic is locked

#16
Excal

Excal

    Malware Slayer Extraordinaire!

  • Retired Staff
  • 12,739 posts
lol, sorry about that. Guess we will skip activescan.

Download rkfiles http://skads.org/special/rkfiles.zip and unzip the contents to a new folder on your desktop


Go to My Computer->Tools->Folder Options->View tab and make sure that Show hidden files and folders is enabled. Also make sure that the System Files and Folders are showing/visible also.

REBOOT TO SAFE MODE. This tool MUST be run in safe mode!

Once in safe mode, double click rkfiles.bat file to run it. It will scan for a while, so please be patient. Wait until the DOS window closes. The log file will be C:\log.txt

Reboot back to normal mode and post the contents of log.txt in your next post.
  • 0

Advertisements


#17
llevison

llevison

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts
Hi

Here is the result from running the rkfiles.

Thank you.

LLevison
+++++++++++++++

C:\Documents and Settings\ll\Desktop

PLEASE NOTE THAT ALL FILES FOUND BY THIS METHOD ARE NOT BAD FILES, THERE MIGHT BE LEGIT FILES LISTED AND PLEASE BE CAREFUL WHILE FIXING. IF YOU ARE UNSURE OF WHAT IT IS LEAVE THEM ALONE.
Files Found in system Folder............
------------------------
C:\WINDOWS\system32\dfrg.msc: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQAAAAAwGpEc213

Files Found in all users startup Folder............
------------------------
Files Found in all users windows Folder............
------------------------
C:\WINDOWS\RMAgentOutput.dll: UPX!
C:\WINDOWS\tsc.exe: UPX!
C:\WINDOWS\vsapi32.dll: UPX!t4
Finished
bye
  • 0

#18
Excal

Excal

    Malware Slayer Extraordinaire!

  • Retired Staff
  • 12,739 posts
Open Pocket Killbox and Copy & Paste the entries below into the "Full Path of File to Delete"

C:\WINDOWS\RMAgentOutput.dll

As you Paste each entry into Killbox,place a tick by any of these Selections available

"Delete on Reboot"
"Unregister .dll before Deleting"


Click the Red Circle with the White X in the Middle to Delete!


Hows the computer running?

Can you try this online scan:

Kaspersky


Thanks,

:tazz:

Excal
  • 0

#19
llevison

llevison

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts
Hi Excal

I've used KillBox to remove the .dll.
The computer - I think it's running better, but I haven't been using it much. For the past couple of days I've had access to another computer, so I've been using that one. But mine seems to be running faster.

Here is the log from Kapersky.

What do we do next? Thank you.

LLevison

++++++++++++++++++++++

-------------------------------------------------------------------------------
KASPERSKY ON-LINE SCANNER REPORT
Saturday, August 13, 2005 16:33:24
Operating System: Microsoft Windows XP Home Edition, Service Pack 1 (Build 2600)
Kaspersky On-line Scanner version: 5.0.67.0
Kaspersky Anti-Virus database last update: 13/08/2005
Kaspersky Anti-Virus database records: 134997
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: standard
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\
E:\

Scan Statistics:
Total number of scanned objects: 76090
Number of viruses found: 6
Number of infected objects: 19
Number of suspicious objects: 0
Duration of the scan process: 7246 sec

Infected Object Name - Virus Name
C:\System Volume Information\_restore{C7DDC5E1-A6C6-443B-AE4B-FEEAEF64E4B9}\RP137\A0047419.sys Infected: Rootkit.Win32.Agent.p
C:\System Volume Information\_restore{C7DDC5E1-A6C6-443B-AE4B-FEEAEF64E4B9}\RP137\A0047432.sys Infected: Rootkit.Win32.Agent.p
C:\System Volume Information\_restore{C7DDC5E1-A6C6-443B-AE4B-FEEAEF64E4B9}\RP138\A0047471.exe Infected: Trojan-Proxy.Win32.Ranky.bu
C:\System Volume Information\_restore{C7DDC5E1-A6C6-443B-AE4B-FEEAEF64E4B9}\RP138\A0047536.sys Infected: Rootkit.Win32.Agent.p
C:\System Volume Information\_restore{C7DDC5E1-A6C6-443B-AE4B-FEEAEF64E4B9}\RP138\A0047540.exe Infected: Trojan-Proxy.Win32.Ranky.bu
C:\System Volume Information\_restore{C7DDC5E1-A6C6-443B-AE4B-FEEAEF64E4B9}\RP138\A0048650.sys Infected: Rootkit.Win32.Agent.p
C:\System Volume Information\_restore{C7DDC5E1-A6C6-443B-AE4B-FEEAEF64E4B9}\RP138\A0048666.sys Infected: Rootkit.Win32.Agent.p
C:\System Volume Information\_restore{C7DDC5E1-A6C6-443B-AE4B-FEEAEF64E4B9}\RP138\A0048680.exe Infected: Trojan-Clicker.Win32.Small.hh
C:\System Volume Information\_restore{C7DDC5E1-A6C6-443B-AE4B-FEEAEF64E4B9}\RP138\A0048685.sys Infected: Rootkit.Win32.Agent.p
C:\System Volume Information\_restore{C7DDC5E1-A6C6-443B-AE4B-FEEAEF64E4B9}\RP138\A0049213.exe Infected: Trojan-Clicker.Win32.Small.hh
C:\System Volume Information\_restore{C7DDC5E1-A6C6-443B-AE4B-FEEAEF64E4B9}\RP140\A0051411.sys Infected: Rootkit.Win32.Agent.p
C:\System Volume Information\_restore{C7DDC5E1-A6C6-443B-AE4B-FEEAEF64E4B9}\RP140\A0051424.exe Infected: Trojan-Clicker.Win32.Small.hh
C:\System Volume Information\_restore{C7DDC5E1-A6C6-443B-AE4B-FEEAEF64E4B9}\RP140\A0051441.exe Infected: Backdoor.Win32.Agent.mo
C:\System Volume Information\_restore{C7DDC5E1-A6C6-443B-AE4B-FEEAEF64E4B9}\RP144\A0055791.exe Infected: Backdoor.Win32.Rbot.gen
C:\System Volume Information\_restore{C7DDC5E1-A6C6-443B-AE4B-FEEAEF64E4B9}\RP144\A0055991.exe Infected: Trojan-Clicker.Win32.Small.hh
C:\System Volume Information\_restore{C7DDC5E1-A6C6-443B-AE4B-FEEAEF64E4B9}\RP149\A0057313.exe Infected: Trojan-Proxy.Win32.Ranky.bu
C:\System Volume Information\_restore{C7DDC5E1-A6C6-443B-AE4B-FEEAEF64E4B9}\RP150\A0057361.exe Infected: Trojan-Proxy.Win32.Agent.fy
C:\System Volume Information\_restore{C7DDC5E1-A6C6-443B-AE4B-FEEAEF64E4B9}\RP150\A0057388.exe Infected: Trojan-Clicker.Win32.Small.hh
C:\System Volume Information\_restore{C7DDC5E1-A6C6-443B-AE4B-FEEAEF64E4B9}\RP150\A0057415.exe Infected: Trojan-Clicker.Win32.Small.hh

Scan process completed.
  • 0

#20
Excal

Excal

    Malware Slayer Extraordinaire!

  • Retired Staff
  • 12,739 posts
All those found are in system restore and as soon as you set new points they will be gone...see below on instructions

Great job, it appears your computer is clean :tazz:

Ensure you rehide your “hidden files and folders” back to the way they were.

Now that your system is Malware Free, it is important to reset your system Restore. Click Here to learn how to.

Might I suggest the following Free Spyware programs, if you don't already have them, for added security, you can download them at the following links. These programs work great for detection:

Ad-aware SE
Spybot S&D
Microsoft Anti-Spyware


If you are unhappy with your current antivirus and want to replace it or if you dont already have one, I suggest one of these free programs:
*Note - do not use more than one anti-virus program as it will more than likely cause conflict.

AVG
Avast
AntiVir


The following free programs are great for prevention:

SpywareBlaster 3.4
Spywareguard
IE/Spyad

A Firewall is a must! Here are 3 good free versions:
(do not have more than one firewall running on your system)

Sygate
Kerio
ZoneLabs

There are other options other than Internet Explorer for a browser, which some say have better security. Two of them are:

Firefox
Opera

If you decide to keep Internet Explorer, This site is a great source for tightening up security on It's settings.

Make sure that you keep your Operating System and IE updated with the latest Critical Security Updates from Microsoft...they usually come out once a month, on the 2nd Tuesday of each month.

Included in those updates is Windows XP Service Pack 2. Click Here
Since you're junkware free, the time to get it is NOW. Service Pack 2 is a MAJOR upgrade for XP. It adds numerous security and software patches, as well as new features and functionality. You will also be adding another layer of protection against future threats.

Be sure and give the Temp folders a cleaning out now and then as well, Make sure after you clean your Temp files to empty out your Recycle bin as well.
For ease use the following program:

Cleanup
Run "Cleanup" and when it has finished, Reboot

To help prevent future spyware installations/infections, please read the Anti-Spyware Tutorial and use the tools provided. Also read How I got Infected
  • 0

#21
llevison

llevison

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts
Hi Excal

Thanks so much! Already have SP2 on USB stick waiting to be installed, as well as a firewall. Adaware I installed last week, and might switch to AVG. I only ever use Opera -- until I hit a website that insists on IE.

Thanks very, very much. No new weird files either. Can't wait to get back to work!

LLevison
  • 0

#22
Excal

Excal

    Malware Slayer Extraordinaire!

  • Retired Staff
  • 12,739 posts
Your welcome!

Good luck and safe surfing ;)

:tazz:

Excal
  • 0

#23
Excal

Excal

    Malware Slayer Extraordinaire!

  • Retired Staff
  • 12,739 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :tazz:

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP