2. You should now see a window that shows all of your desktop icons, including the rkill.com program.
3. Double-click on the rkill.com in order to automatically attempt to stop any processes associated with the Rogue programs. Please be patient while the program looks for various malware programs and ends them. When it has finished, the black window will automatically close and you can continue with the next step.
If you get a message that rkill is an infection, do not be concerned. This message is just a fake warning given by the Horse when it terminates programs that may potentially remove it. If you run into these infections warnings that close Rkill, a trick is to leave the warning on the screen and then run Rkill again. By not closing the warning, this typically will allow you to bypass the malware trying to protect itself so that rkill can terminate the processes . So, please try running Rkill until malware is no longer running.
As a matter of a fact, if you get messages, it is a sign that the virus is agonizing with excrutiating pain, so you can just grin while it is suffering!:)))
Please, DO NOT REBOOT your computer or the processes will come back to haunt you!
Once on your desktop, we must still outwit the virus.
Right click on the MBAM icon and click on rename. Rename it kioskea.exe.
Install Malwarebyte and launch it. From the second tab, update it.
Pretty please, request a FULL system scan which should take more than hour. Once the scan is finish, delete all of item that were found.
It is very important that you let Malwarebyte run for as long as it takes, in some cases the creators of Malwarebyte suggest that you go do something like watch a rerun of "Gone with the Wind" or read Tolstoy's "War and Peace".
Once your computer is clean and working normally just to be on the safe side
*Turn off system restore and wait 30 seconds,
*Turn it back on and create a new restore point.
This way it gets rid of anything bad that might have gotten saved in a restore point and you have a clean restore point to use in the near future if needed.
Do not turn it off until your computer is clean and working normally because you might need to use it if something goes wrong during the clean-up process.
It is better to go back to an infected restore point if something goes wrong then to not be able to undo changes that were damaging.
(Malwarebyte may reboot your computer, don't be alarmed. Should it happened, relaunch Malwarebyte to complete the FULL scan)
Once all this is completed, I always suggest to delete Malwarebyte as some people have reported that it may interfere with other antivirus applications.
Please let us know about the results or I may throw a curse on your system which will cause to bark all the time.:)))
Hi Everyone, so I got this exact same problem but I have no idea what to do, what do you guys recommend me? I do not want to type my credit card info, but it actually made me believe I had a hardware problem, I just cant find out how it got infected... so please, how do I find my files? all the files in the C drive are there, but my documents etc appear blank...
I got the same problem.
I run rogue kill, malwarebyte and the kaspersky tool and remove the virus.
However, my desktop has not recovered yet and its black. What should I do to recover it? I tried to rename the explorer.exe but I was not allowed. Please help me guys
Search for the keys on the right pane.If you are getting no desktop or no view context menu,say me what else do you find there?
IF YOU ARE ABLE TO RIGHT CLICK ON THE DESKTOP
Right click >>> view >>> show desktop icons
If you are unable to right click on the desktop
go to run and type
User Configuration -> Administrative Templates -> Windows Components -> Windows Explorer. In the right hand pane, find "Remove Windows Explorer's default context menu", open its properties by double clicking it. If it's enabled or not configured, disable it
Now reboot the PC
If that doesnt work
Just say me the entries you find on the right pane of this key
The entries I find on the right pane are the default and the Bind directory to property set storage.
And I searched and found the smtmp folder. It contains folders 1, 2,4.
I am able to right click on the desktop and see 70% of the stuff I had there before. However, the background screen is still black and I "miss" some folders Moreover, when I click start I see only the computer folder (on the folders right side)
Steps 1 and 2 done.
Step 3 not cause the Public folder doesn't have a desktop folder...So I can't paste the stuff...
Desktop stil black...it contains all the folders that I can see through windows explorer HOWEVER I think (not sure) I am missing some files compaired to the pre-virus state...
Access denied - C:\WINDOWS\twain_32.dll
Access denied - C:\WINDOWS\twunk_16.exe
Access denied - C:\WINDOWS\twunk_32.exe
Access denied - C:\WINDOWS\winhelp.exe
Access denied - C:\WINDOWS\winhlp32.exe
Access denied - C:\WINDOWS\winsxs
Access denied - C:\WINDOWS\WMSysPr9.prx
Access denied - C:\WINDOWS\_default.pif
Not resetting system file - C:\$RECYCLE.BIN
Not resetting system file - C:\boot
Not resetting system file - C:\bootmgr
Not resetting system file - C:\hiberfil.sys
Not resetting system file - C:\IO.SYS
Not resetting system file - C:\MSDOS.SYS
Not resetting system file - C:\pagefile.sys
Not resetting system file - C:\System Volume Information
These are SOME of the LAST lines that I got after running the command...
I am not getting the smtmp folder...
I am getting other kinds of stuff. Please think that On the "recovered folders path" given by the software NO FILE SEEMS TO HAVE BEEN recovered from a place like C:\Users\user_name\AppData\Local\Temp\smtmp
I found several tmp documents coming from C:\Users\user_name\AppData\Local\Temp