We’d like to remind Forumites to please avoid political debate on the Forum.

This is to keep it a safe and useful space for MoneySaving discussions. Threads that are – or become – political in nature may be removed in line with the Forum’s rules. Thank you for your understanding.

📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!

comp infected please help

Hi,i keep getting a security warnning saying application cannot be executed.the file klwtblfs.exe is infected.Do yo want to activate your antivirus now? then pop up saying windows security alert- other pop ups attention spyware alert -comp is infected by spyware-34 another one attack from 116.124.252.47,port 55040 attack port 25453
threat Win32/Nuqel.E do you want to block this attack
Then windows/internet explorer keeps opening on its own plus it will not let me open sybot,ccleaner malwarebytes etc and i have tried to download Avira but cannot open it.
Is their anything i can do please, i need to get into my ebay/paypal accounts but frightened of using passwords etc
thank you
«134567

Comments

  • Reluctant_spender
    Reluctant_spender Posts: 2,785 Forumite
    Part of the Furniture Combo Breaker
    edited 16 February 2010 at 2:31PM
    Try this first and the malwarebytes;

    Please download Rkill by Grinler and save it to your desktop.

    Link 2
    Link 3
    Link 4

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista, right-click on it and Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.
    • A log file will be created and saved to the root directory, C:\rkill.log
    • Copy and paste the contents of rkill.log in your next reply.

    Note: If you get an alert that Rkill is infected, ignore it. The alert is just a fake warning given by the rogue software which tries to terminate programs that try to remove it. If you see such a warning, leave the warning on the screen and then run Rkill again. By not closing the warning, this sometimes allows you to bypass the malware's attempt to protect itself so that Rkill can perform its routine.

    Now try performing a Quick Scan in normal mode with Malwarebytes Anti-Malware and check all items found for removal. Don't forgot to check for database definition updates through the program's interface (preferable method) before scanning and to reboot afterwards. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. When done, click the Logs tab and copy/paste the contents of the new report in your next reply.
  • melmar_2
    melmar_2 Posts: 209 Forumite
    Hi Reluctant_spender, thank you for your help but i cant open the links it keep coming up problem loading page then when i click try again this is what i get [url "http download bleeping computer grin ler rkill - did not match any documents
    Sorry im not very tech minded and not sure what you mean with root directory would you mind advising me some more please,
    very much appreciate it getting in a bit of a panic here
  • andy2004
    andy2004 Posts: 1,309 Forumite
    edited 16 February 2010 at 2:35PM
    reboot in safe mode
    then if u have malwarebytes installed run it
    if not can u access your mail via outlook express, I could send you malwarebytes 1.44 via email if can, with a few other tools like autoruns which may also help

    Autoruns can be used to stop things from loading at boot time. just remove the tick from the item you want to stop loading, when you reboot it will not be loaded by the system, useful is the item is in the runatboot sections.

    If you have backed up your system before this attack, you could boot from a cd and restore that image

    Root folder would be the C:\

    in the links the other person some reason added some rubbish here are the links fixed

    http//download.bleepingcomputer.com/grinler/rkill.com
    http//download.bleepingcomputer.com/grinler/rkill.scr
    http//download.bleepingcomputer.com/grinler/rkill.pif
    http//download.bleepingcomputer.com/grinler/rkill.exe

    copy and paste them into IE
  • melmar wrote: »
    Hi Reluctant_spender, thank you for your help but i cant open the links it keep coming up problem loading page then when i click try again this is what i get [url "http download bleeping computer grin ler rkill - did not match any documents
    Sorry im not very tech minded and not sure what you mean with root directory would you mind advising me some more please,
    very much appreciate it getting in a bit of a panic here


    Sorry my bad - cleaned up my post. Try again
  • links work for me and are straight downloads.

    Not sure what you mean by the rubbish comment?
  • andy2004
    andy2004 Posts: 1,309 Forumite
    meant the extra text making the links unusable before you fixed the links
  • fiddiwebb
    fiddiwebb Posts: 1,806 Forumite
    in the links the other person some reason added some rubbish here are the links fixed

    Gosh....and it's only tuesday yet :rotfl:
  • That's a long time in malware!!
  • melmar_2
    melmar_2 Posts: 209 Forumite
    Hi,i have ran malaware quick scan and spybot,ccleaner(in safe made) then tried to go back into normal setting still same problems ran malaware full scan in safe mode but is still showing No malicious items detected on everything.
    Can somebody please advise on what i can try next, do i try the links recommended in previous posts in safe mode as i cant download anything in normal setting and see if that can show something.
    thank you
  • melmar_2
    melmar_2 Posts: 209 Forumite
    Malwarebytes' Anti-Malware 1.44
    Database version: 3510
    Windows 5.1.2600 Service Pack 3 (Safe Mode)
    Internet Explorer 8.0.6001.18702

    16/02/2010 17:07:59
    mbam-log-2010-02-16 (17-07-59).txt

    Scan type: Full Scan (C:\|D:\|F:\|)
    Objects scanned: 221597
    Time elapsed: 32 minute(s), 57 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)
This discussion has been closed.
Meet your Ambassadors

🚀 Getting Started

Hi new member!

Our Getting Started Guide will help you get the most out of the Forum

Categories

  • All Categories
  • 352.1K Banking & Borrowing
  • 253.5K Reduce Debt & Boost Income
  • 454.2K Spending & Discounts
  • 245.1K Work, Benefits & Business
  • 600.7K Mortgages, Homes & Bills
  • 177.4K Life & Family
  • 258.9K Travel & Transport
  • 1.5M Hobbies & Leisure
  • 16.2K Discuss & Feedback
  • 37.6K Read-Only Boards

Is this how you want to be seen?

We see you are using a default avatar. It takes only a few seconds to pick a picture.