Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 92790 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

GoogleChrome Virus Rybeleskz.exe *32 [Closed]


  • This topic is locked This topic is locked
4 replies to this topic

#1 GotGeetar

GotGeetar

    New Member

  • New Member
  • Pip
  • 3 posts

Posted 18 December 2014 - 01:51 AM

There is a process using the majority of my memory and CPU shown as Rybeleskz.exe *32. It is showing a description of Google Chrome, but we do not have Google Chrome installed in the computer. I have included the FRST.txt, Addition.txt and aswMBR.txt files from my scans.

 

thank you in advance for any assistance given.

 

Attached File  Addition.txt   36.24KB   94 downloadsAttached File  aswMBR.txt   3.4KB   120 downloadsAttached File  FRST.txt   38.17KB   172 downloads


    Advertisements

Register to Remove


#2 LiquidTension

LiquidTension

    SuperMember

  • Retired Classroom Teacher
  • 2,566 posts

Posted 18 December 2014 - 03:30 AM

Hello GotGeetar, welcome to WhatTheTech's Malware Removal forum!
 
My username is LiquidTension, but you can call me Adam. I will be assisting you with your malware-related problems.
If you would allow me to call you by your first name I would prefer that.  :)
 
======================================================
 
Please read through the points below to ensure this process moves as quickly and efficiently as possible.

  • Please ensure you read through my instructions thoroughly, and carry out each step in the order specified.
  • Please do not post logs using the CODEQUOTE or ATTACHMENT format. Logs should be posted directly in plain text. If you receive an error whilst posting, please break the log in half and use multiple posts.
  • Please do not run any tools or take any steps other than those I provide for you. Independent efforts may make matters worse, and will affect my ability in ascertaining the current situation and providing the best set of instructions for you.
  • Please backup important files before proceeding with my instructions. Malware removal can be unpredictable.  
  • If you come across any issues whilst following my instructions, please stop and inform me of the issue in as much detail as possible. Please do not hesitate to ask before proceeding.
  • Topics are locked if no response is made after 4 days. Please inform me if you require additional time to complete my instructions.
  • Ensure you are following this topic. Click etYzdbu.png at the top of the page. 
     

======================================================

 

Unfortunately, due to the nature of several infections present, I must issue the following warning. 

Please have a read, and let me know how you wish to proceed. 

 

 

goGMWSt.gifBACKDOOR WARNING

 
------------------------------
 
One or more of the identified infections is known to use a backdoor, that allows attackers to remotely control your computer, download/execute files and steal critical system, financial and personal information.
 
If your computer was used for online banking, has credit card information or other sensitive data, using a non-infected computer/device you should immediately change all account information (including those used for banking, Email, eBay, Paypal, online forums, etc).
 
Banking and credit card institutions should be notified of the possible security breach. Please read the following article for more information: How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
 
Whilst the identified infection(s) can be removed, there is no way to guarantee the trustworthiness of your computer unless you reformat your Hard Drive and reinstall your Operating System. This is due to the nature of the infection, which allows a remote attacker to make any number of modifications. Many experts in the security community believe that once infected with this type of malware, the best course of action is to reformat/reinstall. Please read the following articles for more information.

You now have the choice between cleaning the infection(s) present or reformatting your computer. Ultimately, the decision is personal, and what you're most comfortable please. Have a read of the articles linked, then let me know how you wish to proceed, and if you have any questions.


50QfLth.png

 

Would you like to help others with malware removal? Join our Classroom and learn how!


#3 GotGeetar

GotGeetar

    New Member

  • New Member
  • Pip
  • 3 posts

Posted 20 December 2014 - 05:11 PM

Hi Adam, My mane is Jeff. I appreciate the information concerning the "Backdoor" virus. Fortunately, this computer is not used for many critical things, although we have used it for various online transactions. I have a few questions to ask you before I decide to either clean or format.

 

  • If we do clean the computer as is, is there a way I can monitor the computer to see if anything comes up with the backdoor virus?
  • Is there any risk to other computer within the same network?
  • If I do format, and backup files from this computer, will there be any risk with the backed up files?
  • Is there a specific procedure with reformatting to ensure there is no risk of being re-infected?

Thank you for your assistance!!



#4 LiquidTension

LiquidTension

    SuperMember

  • Retired Classroom Teacher
  • 2,566 posts

Posted 20 December 2014 - 10:38 PM

Hi Jeff, 
 
You don't have a virus. A virus is a form of malware capable of autonomously spreading by infecting legitimate files, either by appending, prepending or cavity injecting malicious code into the file. You're infected with ZeroAccess and Zbot (amongst other malware); both of which are considered Backdoor Trojans, with ZeroAccess also being considered a user-mode rootkit. 
 
Zbot in particular targets banking information such as passwords and other login details. 
 

If we do clean the computer as is, is there a way I can monitor the computer to see if anything comes up with the backdoor virus?

You can monitor the computer for strange behaviour. Likewise, you can monitor your accounts, etc. 
But there's no actual indication. Furthermore, strange behaviour that you notice may not be attributed to malware at all.
 
Bottom line is - if you want to be certain your computer is clean, starting from scratch is the only way.  
 

Is there any risk to other computer within the same network?

Impossible to say for certain, but it's very unlikely. There would be risk if any form of worm was involved, but I see no evidence of this being the case. 
 
You may wish to reset your router to be on the safe side - I can provide instructions if you like. 
 

If I do format, and backup files from this computer, will there be any risk with the backed up files?

I can provide instructions on how to safely backup your data. 
 

Is there a specific procedure with reformatting to ensure there is no risk of being re-infected?

You have a recovery partition: 
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
 
Using this will restore your computer to how it was when the machine was first switched on. 
 
There are alternative methods, but this is the simplest, and will achieve the same result.


50QfLth.png

 

Would you like to help others with malware removal? Join our Classroom and learn how!


#5 LiquidTension

LiquidTension

    SuperMember

  • Retired Classroom Teacher
  • 2,566 posts

Posted 28 December 2014 - 01:54 PM

Due to inactivity this topic will be closed.
If you need help please start a new thread.

New members follow the instructions here http://forums.whatth...ed_t106388.html and start a new topic

50QfLth.png

 

Would you like to help others with malware removal? Join our Classroom and learn how!

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users