Jump to content

Almirante Risa

Members
  • Content Count

    1
  • Joined

  • Last visited

About Almirante Risa

  • Rank
    Newbie
  1. Hi!!! I got infected with a virus named RtkBtMnt.exe By then, the only antivirus I was using was AVAST, which I installed on November. I detected the infection in April, let me tell you how. My computer is an extremely small Acer ASpire 1 AoA110, 1Gb Ram, 8Gb Hd, Windows XP, SP3, and by disabling some functions and the like, I have it running well, with Office 2007 and some features I use for my work, and still, get some 700 Mb free. One day, it slowed down toooooo much. And I chkd everything and my free disk space had dropped down to 30Mb. I ran Avast, and nothing. Then, I ran windows dosk cleaner tool, and disk defrag but nothing changed. I downloaded and ran CCleaner. It released 400 Mb of rubbish. After a couple of hours, the disk was full again. Ran again CCleaner and removed only 15Mb. I downloaded and ran WiseDiskCleaner, and it released 500 Mb of rubbish. After 3 hours, the disk was full again, so I ran both cleaners and My disk was at 1Gb free. I checked the files they couldnt delete and in a temp file, I found this program: RtkBtMnt.exe with a RealTek sign and logo. I keep the temp foulder open, and in a matter of minutes, it was being filled with language files such as Russian.bin, Chinese.bin, Spanish.bin, etc, and strange foulders that weighed from 5kb to 50Mb. I tried to delete the program, but it said it was being used by another person or program. I downloaded Unlocker and forced deletion. Nothing. I restarted in safe mode but I was unable to find it. I scan again with Avast but nth happened. I downloaded and ran MalwareBytes Anti Malware. It found and cleaned 3 viruses, and I said to myself this Avast sucks. But it didn't find this. After this sth changed, finally, I was able to delete it,Restarted and it was again there. I repeated, deleted it and found it in a RECYCLER foulder. Deleted it from there, and it went to Prefetch and so on. I downloaded and ran SuperAntiSpyware. It found 151 infections that Avast and MBAM missed. But not this one. I uninstalled Avast, and if I could, I would have kicked it really hard. Rubbish. MBAM, was corrupted everytime I ran the cleaners, and only detected 3, so I marked it as useless and discarded it too. I downloaded and ran RemoveIt Pro v4, which detected 13 more viruses including this and cleaned them all. Now, I notice that my computer keeps getting infected by this virus when I connect my Kingston memory stick. Remove it pro 4 free does not clean external disks, just C. I kept SAS, for it detects some things the other doesn't, and I find it is more complete, but it failing to detect this one. This is the detection scan performed by Remove it pro: !Infected rtkbtmnt.exe=;c:\docume~1\user\locals~1\temp\;win32.unknown.random.x;a1953a905b76837b637863012e8641a9;212992;Ok;Ok; !Infected rtkbtmnt.exe=;c:\documents and settings\user\local settings\temp\;sys32.rtkbtmnt;a1953a905b76837b637863012e8641a9;212992; Clsid c:\program files\common files\microsoft shared\windows live\windowslivelogin.dll[b7899c3e21b299d7a3c0da96cae340bd][408448] Clsid c:\program files\internet download manager\idmiecc.dll[edc8790e72a6f28e5967e2c30b987f6d][193968] Clsid c:\program files\java\jre6\bin\jp2ssv.dll[c9ede29f223a27873e187d9fb6045ea6][41760] Clsid c:\program files\mcafee\virusscan\scriptsn.dll[5b9fcb73f5a4a000c55aff08b639a07c][58688] Clsid c:\program files\superantispyware\saswinlo.dll[482e8f6fd557d5a0df7363f72df145fe][548352] Clsid C:\WINDOWS\system32\crypt32.dll[bdaaf79dd63f194434d31a74b9bb8b77][599040] Clsid C:\WINDOWS\system32\cryptnet.dll[c14350fc0d47d806699c4f907fc6785b][64512] Clsid C:\WINDOWS\system32\cscdll.dll[515a7fae2070c2b0242b2353443e2f11][101888] Clsid C:\WINDOWS\system32\igfxdev.dll[1180852dbfadafc375dbba1f6b23eee7][208896] Clsid C:\WINDOWS\system32\sclgntfy.dll[63ff9068e5bda0bc9ecd38fbbb216e24][20480] Clsid c:\windows\system32\stobject.dll[50512fc9b7878e3c2c147bc17326a7db][121856] Clsid c:\windows\system32\webcheck.dll[cc8915db4e33e8fb29ca0d2dbf75306e][236544] Clsid C:\WINDOWS\system32\wlnotify.dll[2cc34e8bb667eef78899546e12649196][92672] Clsid c:\windows\system32\wpdshserviceobj.dll[045e228f71c31901084b64be59093499][133632] Proc C:\DOCUME~1\user\LOCALS~1\Temp\RtkBtMnt.exe[a1953a905b76837b637863012e8641a9][212992] Proc c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[8cf3da0be6094c34d7c4a85493e60547][359248] Proc C:\Program Files\Executive Software\DiskeeperLite\DKService.exe[03fe5c3790a491829eec26a4ee1fc762][176128] Proc C:\Program Files\InCode Solutions\RemoveIT Pro v4 - SE\removeit.exe[f211320702d584d5ba0d968cb3c16368][554496] Proc C:\Program Files\Internet Download Manager\IDMan.exe[c87e05d4195ff53d1b1537f93cb45dc5][3220912] Proc C:\Program Files\Java\jre6\bin\jqs.exe[39133291cb607bdd87cfc565a4a1e7a5][153376] Proc C:\Program Files\LogMeIn Hamachi\hamachi-2.exe[1e8a0705f9925fad9b2d4f6fc05e1982][1107336] Proc C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe[898637aa2872a16540117ee4e8e0b6e0][1820040] Proc C:\Program Files\Microsoft Office\Office12\EXCEL.EXE[86075c2a59a89a4a9e7427525513afd6][18352488] Proc C:\Program Files\Skype\Phone\Skype.exe[70b6d0c45256b688b7dbc10e922fb402][26192168] Proc C:\Program Files\Skype\Plugin Manager\skypePM.exe[2ce8f1c52f490875592166316c512b6f][80256] Proc C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[da7680ef3018fef1a27268ad40e85dfa][2403568] Proc C:\Program Files\Unlocker\UnlockerAssistant.exe[c33ee8245897aef45b7f0c70fde0f78f][15872] Proc C:\Program Files\Windows Live\Contacts\wlcomm.exe[adc11749e6698fc30c603dfccc4f98f2][26464] Proc C:\Program Files\Windows Live\Messenger\msnmsgr.exe[b12fafb87a6cbd95089643803c2dea0b][3883856] Proc C:\Program Files\Windows Media Player\wmplayer.exe[d478331fee85e840f7d89edd06190dfc][64000] Proc C:\Program Files\Wise Disk Cleaner\WiseDiskCleaner.exe[43e7383057ec3779f99244b07eed6013][1078384] Proc C:\WINDOWS\Explorer.EXE[12896823fb95bfb3dc9b46bcaedc9923][1033728] Proc C:\WINDOWS\RTHDCPL.EXE[ca20c44501551c0c2c6a1decfc256bf5][19552872] Proc C:\WINDOWS\system32\ctfmon.exe[5f1d5f88303d4a4dbc8e5f97ba967cc3][15360] Proc C:\WINDOWS\system32\lsass.exe[bf2466b3e18e970d8a976fb95fc1ca85][13312] Proc C:\WINDOWS\system32\services.exe[65df52f5b8b6e9bbd183505225c37315][110592] Proc C:\WINDOWS\system32\spoolsv.exe[d8e14a61acc1d4a6cd0d38aebac7fa3b][57856] Proc C:\WINDOWS\system32\svchost.exe[27c6d03bcdb8cfeb96b716f3d8be3e18][14336] Proc C:\WINDOWS\system32\wscntfy.exe[f92e1076c42fcd6db3d72d8cfe9816d5][13824] RegRun c:\program files\internet download manager\idman.exe [c87e05d4195ff53d1b1537f93cb45dc5][3220912] RegRun c:\program files\logmein hamachi\hamachi-2-ui.exe [898637aa2872a16540117ee4e8e0b6e0][1820040] RegRun c:\program files\quicktime\qttask.exe [f34eb5d4f145ed5fe50033ca3a41ed24][413696] RegRun c:\program files\realtek\audio\drivers\azmixersel.exe[7cb6cfce5f7d16b87597b4b8e1c5c7ba][59936] RegRun c:\program files\superantispyware\superantispyware.exe[da7680ef3018fef1a27268ad40e85dfa][2403568] RegRun c:\program files\unlocker\unlockerassistant.exe[c33ee8245897aef45b7f0c70fde0f78f][15872] RegRun c:\program files\windows live\messenger\msnmsgr.exe [b12fafb87a6cbd95089643803c2dea0b][3883856] RegRun C:\WINDOWS\rthdcpl.exe[ca20c44501551c0c2c6a1decfc256bf5][19552872] RegRun c:\windows\system32\ctfmon.exe[5f1d5f88303d4a4dbc8e5f97ba967cc3][15360] Service c:\progra~1\common~1\mcafee\mcproxy\mcproxy.exe[8cf3da0be6094c34d7c4a85493e60547][359248] Service c:\program files\common files\microsoft shared\office12\odserv.exe[1f0e05dff4f5a833168e49be1256f002][441712] Service c:\program files\executive software\diskeeperlite\dkservice.exe[03fe5c3790a491829eec26a4ee1fc762][176128] Service c:\program files\java\jre6\bin\jqs.exe [39133291cb607bdd87cfc565a4a1e7a5][153376] Service c:\program files\logmein hamachi\hamachi-2.exe [1e8a0705f9925fad9b2d4f6fc05e1982][1107336] Service c:\program files\windows media player\wmpnetwk.exe[f74e3d9a7fa9556c3bbb14d4e5e63d3b][913408] Service c:\program files\winpcap\rpcapd.exe [a780d3eaa74582ea1deb6bd9c7a3d9c9][117264] Service c:\windows\microsoft.net\framework\v2.0.50727\aspnet_state.exe[0e5e4957549056e2bf2c49f4f6b601ad][34312] Service c:\windows\microsoft.net\framework\v2.0.50727\mscorsvw.exe[d87acaed61e417bba546ced5e7e36d9c][69632] Service c:\windows\microsoft.net\framework\v3.0\windows communication foundation\infocard.exe[c01ac32dc5c03076cfb852cb5da5229c][881664] Service c:\windows\microsoft.net\framework\v3.0\windows communication foundation\smsvchost.exe[d34612c5d02d026535b3095d620626ae][132096] Service c:\windows\microsoft.net\framework\v3.0\wpf\presentationfontcache.exe[8ba7c024070f2b7fdd98ed8a4ba41789][46104] Service c:\windows\system32\alg.exe[8c515081584a38aa007909cd02020b3d][44544] Service c:\windows\system32\cisvc.exe[1cfe720eb8d93a7158a4ebc3ab178bde][5632] Service c:\windows\system32\clipsrv.exe[34cbe729f38138217f9c80212a2a0c82][33280] Service c:\windows\system32\dllhost.exe [0a9ba6af531afe7fa5e4fb973852d863][5120] Service c:\windows\system32\dmadmin.exe [e46050330bd42f33609117f861e32d3c][224768] Service c:\windows\system32\imapi.exe[30deaf54a9755bb8546168cfe8a6b5e1][150528] Service c:\windows\system32\locator.exe[aaed593f84afa419bbae8572af87cf6a][75264] Service c:\windows\system32\lsass.exe[bf2466b3e18e970d8a976fb95fc1ca85][13312] Service c:\windows\system32\mnmsrvc.exe[d18f1f0c101d06a1c1adf26eed16fcdd][32768] Service c:\windows\system32\msdtc.exe[a137f1470499a205abbb9aafb3b6f2b1][6144] Service c:\windows\system32\msiexec.exe [5879d691e842574a20fe63817cb76df9][78848] Service c:\windows\system32\netdde.exe[b857ba82860d7ff85ae29b095645563b][111104] Service c:\windows\system32\rsvp.exe[471b3f9741d762abe75e9deea4787e47][132608] Service c:\windows\system32\scardsvr.exe[86d007e7a654b9a71d1d7d856b104353][95744] Service c:\windows\system32\services.exe[65df52f5b8b6e9bbd183505225c37315][110592] Service c:\windows\system32\sessmgr.exe[3c37bf86641bda977c3bf8a840f3b7fa][141312] Service c:\windows\system32\smlogsvc.exe[c7abbc59b43274b1109df6b24d617051][89600] Service c:\windows\system32\spoolsv.exe[d8e14a61acc1d4a6cd0d38aebac7fa3b][57856] Service c:\windows\system32\svchost.exe [27c6d03bcdb8cfeb96b716f3d8be3e18][14336] Service c:\windows\system32\ups.exe[05365fb38fca1e98f7a566aaaf5d1815][18432] Service c:\windows\system32\vssvc.exe[7a9db3a67c333bf0bd42e42b8596854b][289792] Service c:\windows\system32\wbem\wmiapsrv.exe[e0673f1106e62a68d2257e376079f821][126464] System.ini c:\windows\system32\svchost.exe [27c6d03bcdb8cfeb96b716f3d8be3e18][14336] I'd like SAS to remove this Virus and its installers in my F: disk so as to get rid of it completely, and not have it reinstalled everytime I connect my memory stick. Please, help me!!! Thankyou! Sergio
×
×
  • Create New...