Main Forum > General Computer Support

Can't delete .exe (virus) and can't kill process

<< < (3/7) > >>

Boggin:
Re-check those two boxes then run AdwCleaner http://www.bleepingcomputer.com/download/adwcleaner/

Runthis.exe isn't something I recognise but if it's adware then AdwCleaner will remove it.

Click on Scan and when that has completed, it may list programs in the lower pane.

While it can pick up legit programs as adware, any it lists in the lower pane can be unchecked for retention.

Click on Logfile and that will open a report of what it has found and will remove when you close the report and click on Cleaning.

Can you copy & paste that report ?

Boggin:
I'm getting a bit of a problem getting AdwCleaner to run on my laptop - let me know if you also have problems.

Cencio:

--- Quote from: Rick on June 15, 2015, 09:36:52 am ---
--- Quote from: Cencio on June 15, 2015, 08:05:58 am ---
--- Quote from: Boggin on June 15, 2015, 07:32:17 am ---That doesn't sound like an infection but possibly adware.

If you uninstall something having unchecked the items in msconfig, it leaves orphaned files so those entries will remain.

In some cases you need to reboot to effect a removal, which rebooting from Safe Mode would have effected.

Can you post a snip of the msconfig so I can have a look at the questionable items ?

--- End quote ---


They are the first two, the ones called 62300eccecc

--- End quote ---

well boggin;

sounds like a job for sysinternals to remove one by one...
download this file; Thursday, June 11, 2015  5:21 AM       680600 autoruns.exe
from http://live.sysinternals.com/

You need be able find all instances of runthis.exe
delete it from your system and search any external devices, Iphone etc...

install sysinternals and delete the questionable files loaded;

--- End quote ---

Once I delete them I close the program I reopen it to see if they are gone but no. They just come back again and again
I'm now going to try with AdwCleaner

There is the LogFile:

--- Quote ---# AdwCleaner v4.206 - Creato file registro eventi 15/06/2015 in 19:09:36
# Aggiornato 01/06/2015 da Xplode
# Database : 2015-06-14.1 [Server]
# Sistema operativo : Windows 7 Ultimate Service Pack 1 (x64)
# Nome utente : Nico - NICO
# In esecuzione da : C:\Users\Administrator\Desktop\Programmi\Altri programmi\AdwCleaner.exe
# Opzione : Analisi

***** [ Servizi ] *****


***** [ File / Cartelle ] *****

Cartella Trovato : C:\Program Files (x86)\Free Video Converter
Cartella Trovato : C:\ProgramData\Babylon
Cartella Trovato : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free Video Converter
Cartella Trovato : C:\Users\Administrator\AppData\Local\Babylon
Cartella Trovato : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfmhcpmkbdkbgbmkjoiopeeegenkdikp
Cartella Trovato : C:\Users\Administrator\AppData\Roaming\Babylon
File Trovato : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_lfmhcpmkbdkbgbmkjoiopeeegenkdikp_0.localstorage
File Trovato : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_lfmhcpmkbdkbgbmkjoiopeeegenkdikp_0.localstorage-journal
File Trovato : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_niapdbllcanepiiimjjndipklodoedlc_0.localstorage
File Trovato : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_niapdbllcanepiiimjjndipklodoedlc_0.localstorage-journal
File Trovato : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_st.chatango.com_0.localstorage
File Trovato : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_st.chatango.com_0.localstorage-journal
File Trovato : C:\Users\Administrator\AppData\Roaming\Adobe AIFF Format CS5 Prefs

***** [ Attività pianificate ] *****

Attività Trovato : paretologic registration3
Attività Trovato : paretologic update version3
Attività Trovato : ParetoLogic Update Version3 Startup Task
Attività Trovato : RegCure Pro

***** [ Collegamenti ] *****


***** [ Registry ] *****

Chiave Trovato : HKCU\Software\62300faa2bb16b197cdd2a7772441cc8
Chiave Trovato : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Chiave Trovato : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Chiave Trovato : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Chiave Trovato : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Chiave Trovato : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Chiave Trovato : HKLM\SOFTWARE\Classes\Prod.cap
Chiave Trovato : HKLM\SOFTWARE\Classes\TypeLib\{157B1AA6-3E5C-404A-9118-C1D91F537040}
Chiave Trovato : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{AD11DADE-C597-45D9-D8C5-1D2EB0B89613}
Chiave Trovato : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CA1838EF-A497-194E-3850-37A62CEE398B}
Chiave Trovato : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Chiave Trovato : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Chiave Trovato : HKU\.DEFAULT\Software\PennyBee
Dati Trovato : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - *.local

***** [ Browser web ] *****

-\\ Internet Explorer v9.0.8112.16448


-\\ Mozilla Firefox v38.0.5 (x86 it)


-\\ Google Chrome v43.0.2357.81


*************************

AdwCleaner[R1].txt - [3594 byte] - [15/06/2015 19:09:36]

########## EOF - C:\AdwCleaner\AdwCleaner[R1].txt - [3652 byte] ##########
--- End quote ---

What do I have to do? I check everything has to do with the RUNTHIS.exe and try to delete it? I'm pretty sure I'll get a BSOD if I try to delete it tho

Boggin:
I was wanting you to post the Lofile so I could have a look at what AdwCleaner had found - but glad it runs okay on yours.

Cencio:

--- Quote from: Boggin on June 15, 2015, 10:10:00 am ---I was wanting you to post the Lofile so I could have a look at what AdwCleaner had found - but glad it runs okay on yours.

--- End quote ---

Log in the post above. Sorry, I edited the post instead of making a new one

EDIT: yes, I tried to fix that, and I had a BSOD, once again.

Navigation

[0] Message Index

[#] Next page

[*] Previous page

Go to full version