Virus? CA0A4982C26.EXE plus many mrt.exe
mj8888
-
Malekal_morte- Messages postés 184348 Date d'inscription Statut Modérateur, Contributeur sécurité Dernière intervention -
Malekal_morte- Messages postés 184348 Date d'inscription Statut Modérateur, Contributeur sécurité Dernière intervention -
hey everyone,
I started to suspect my computer was infected as I couldnt use the \'ê\' correctly and it did \'^^\' each time I typed only once the keybord. I looked up on google and it said it was a virus. I opened C: and found another problem:
lots of long folders named with 20 or more charactors and within them is nothing but \"mrt.exe\" file. I know the mrt.exe is supposed to have something to do with the Malicious Software Removal but theses files are located right into C:\\ and not in C:\\Windows\\System32. and there are like 10 of them. when I open the folder it says \"You dont have the right to open this folder\" so I have to click \"Continue\" to open it and find the Mrt.exe file. all MRT.exe have different size but they are mor or less 45Mo. I googled it and found only a link which I quoted in this email because he described it quite good.
then last problem, I checked msconfig and I found a CA0A4982C26.EXE in C:\sooi832.bin which I googled and found a lick to UnHackMe. I run it but nothing was found.
I stopped allowing this CA0A4982C26.EXE at the start of windows and now I can do ô or ê correctly again. and my computer seems to be faster. but all the files (both CA0A4982C26.EXE and all the MRT.exe are still on my computer and I dont know if just deleting them is the right thing to do..)
I think I really need help.
I started to suspect my computer was infected as I couldnt use the \'ê\' correctly and it did \'^^\' each time I typed only once the keybord. I looked up on google and it said it was a virus. I opened C: and found another problem:
lots of long folders named with 20 or more charactors and within them is nothing but \"mrt.exe\" file. I know the mrt.exe is supposed to have something to do with the Malicious Software Removal but theses files are located right into C:\\ and not in C:\\Windows\\System32. and there are like 10 of them. when I open the folder it says \"You dont have the right to open this folder\" so I have to click \"Continue\" to open it and find the Mrt.exe file. all MRT.exe have different size but they are mor or less 45Mo. I googled it and found only a link which I quoted in this email because he described it quite good.
then last problem, I checked msconfig and I found a CA0A4982C26.EXE in C:\sooi832.bin which I googled and found a lick to UnHackMe. I run it but nothing was found.
I stopped allowing this CA0A4982C26.EXE at the start of windows and now I can do ô or ê correctly again. and my computer seems to be faster. but all the files (both CA0A4982C26.EXE and all the MRT.exe are still on my computer and I dont know if just deleting them is the right thing to do..)
I think I really need help.
A voir également:
- Virus? CA0A4982C26.EXE plus many mrt.exe
- Many cam - Télécharger - TV & Vidéo
- .Exe - Télécharger - Divers Utilitaires
- Virus mcafee - Accueil - Piratage
- Svchost exe - Guide
- Winrar exe - Télécharger - Compression & Décompression
4 réponses
hello
/ \ ATTENTION FOLLOW THESE INSTRUCTIONS TO THE LETTER / \
__________________________________________________________
> This software is for use as prescribed by a qualified and trained helper to the tool. "
>>>>>>> Do not use outside of this case: dangerous <<<<<<<<
================================================== ===<
Above all, think of the recording to rename Combofix to "tone prenom.exe" before it is saved on your hard drive
Download here: http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Combofix
If you are using AVG, it is imperative to uninstall it before use Combofix as it can cause damage by interacting with the tool that can lead to total system reinstallation.
Simply disabling the resident is not sufficient.
Download the AVG uninstaller on this link: https://www.avg.com/fr-fr/avg-remover
Choose the appropriate version (32 or 64 bit) / \
_________________________________________________________
>> Close the windows of all programs.
>> Temporarily disabled and only time to use ComboFix,
>> The real-time protection of your Antivirus and Antispyware ,
>> That may hinder the search process significantly and cleaning of the tool.
__________________________________________________________
if you have XP => double click
if you have Vista or Windows 7 => right click "run as ...."
of ComboFix renamed
!!!!! Do not touch anything during the operation of ComboFix (mouse / keyboard .....)!!!!!
Remember to turn the care of your antivirus and your antispyware, before you reconnect to the Internet.
Back on the forum, and copy and paste the entire contents of C: \ Combofix.txt in your next message.
/ \ ATTENTION FOLLOW THESE INSTRUCTIONS TO THE LETTER / \
__________________________________________________________
> This software is for use as prescribed by a qualified and trained helper to the tool. "
>>>>>>> Do not use outside of this case: dangerous <<<<<<<<
================================================== ===<
Above all, think of the recording to rename Combofix to "tone prenom.exe" before it is saved on your hard drive
Download here: http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Combofix
If you are using AVG, it is imperative to uninstall it before use Combofix as it can cause damage by interacting with the tool that can lead to total system reinstallation.
Simply disabling the resident is not sufficient.
Download the AVG uninstaller on this link: https://www.avg.com/fr-fr/avg-remover
Choose the appropriate version (32 or 64 bit) / \
_________________________________________________________
>> Close the windows of all programs.
>> Temporarily disabled and only time to use ComboFix,
>> The real-time protection of your Antivirus and Antispyware ,
>> That may hinder the search process significantly and cleaning of the tool.
__________________________________________________________
if you have XP => double click
if you have Vista or Windows 7 => right click "run as ...."
of ComboFix renamed
!!!!! Do not touch anything during the operation of ComboFix (mouse / keyboard .....)!!!!!
Remember to turn the care of your antivirus and your antispyware, before you reconnect to the Internet.
Back on the forum, and copy and paste the entire contents of C: \ Combofix.txt in your next message.
I started to suspect my computer was infected as I couldnt use the \'ê\'
This is probably the effect of to the malware Ramnit.
Same topic there : https://forums.commentcamarche.net/forum/affich-23805762-touche-accent-circonflexe-trema-virus
SHUT THE F*C*K UP, WE HAVE OTHER SONGS TOO !!
This is probably the effect of to the malware Ramnit.
Same topic there : https://forums.commentcamarche.net/forum/affich-23805762-touche-accent-circonflexe-trema-virus
SHUT THE F*C*K UP, WE HAVE OTHER SONGS TOO !!
none of them.
Ramnit infects every executables files, so HijackThis or Combofix are useless.
You have to use Dr.Web CureIt https://free.drweb.com/cureit/ - the best way is from a LiveCD, it's more efficient.
But Ramnit is a big s*it - the most case, you have to format and reinstall Windows, don't keep any executable, you can reinfect the system with them.
Ramnit infects every executables files, so HijackThis or Combofix are useless.
You have to use Dr.Web CureIt https://free.drweb.com/cureit/ - the best way is from a LiveCD, it's more efficient.
But Ramnit is a big s*it - the most case, you have to format and reinstall Windows, don't keep any executable, you can reinfect the system with them.
