Heeelp please!

[lulu]

Under my firewall there is a service or a program named:  rbegspnr

I tried to delete it but nothing to do. Internet searching gave nothing. Also searching on my pc gave nothing.

Any suggest on what it is and how to delete it?

Ty


 

[guncrasher]

did you try removing it from having access to the internet?  did you try terminating it and see what happens?  go into safe mode, see if it's there.  not sure what it is for or if it is ok.  but I would turn off modem till more info comes in. 


semp

[Bizman]

As you said, Internet searching can't find such name, which sounds alerting. There's a couple of simple checks you can do to evaluate its validity:

Since your firewall can see it, it also might give you information about its whereabouts. A path to Windows' folders or registry should be displayed somehow, maybe with a right-click or hover-on. If it's a file it may be hidden, so change your folder settings to show "hidden files" and "protected system files". If you can find it, a right click should give you "properties" under which the "version" tab should give you information about the program. Notice that not all files have version information, only executables.

If you can find the path, the folder where rbegspnr lies may also give you a clue what it does or which program or service it is related to. Many suspiciously named programs have appeared to be part of, say, printer utilities and such. Usually their names can be found and explained with Google, though.

And of course, when in doubt, run several malware scanning programs. I'd start with Malwarebytes' Anti-Malware followed with the Eset Online Scanner. Super Anti Spyware is despite its name a reliable tool, too. And ComboFix is also good, even without sending the results to professionals.

Hope this little advice helps.

[ink]

check out "slim computer" it has a good shredder that will get rid of it, it will also find it and give you the location...hopefully it has not done any damage to your windows system folder.

[lulu]

"did you try removing it from having access to the internet? "

Yes. At re-boot it still have  firewall permission.

"did you try terminating it and see what happens?"

Yes. When reboot it is there.

"A path to Windows' folders or registry should be displayed somehow, maybe with a right-click or hover-on. If it's a file it may be hidden, so change your folder settings to show "hidden files"

I did, nothing as result.


I will work on it,
TY Guys

[Bizman]

"Did you run the malware scans?"

You didn't say you did, nor did you say you didn't. And if you did, you didn't tell us what was found if anything.

[lulu]

I tried to connect and download yours suggested anti-malware programs but ... opera browser says that it's impossible to connect to their server.      aaaAAAARRRRGH !

Suggests?

 

[Bizman]

Hmmm... Seems there's something preventing you to go to sites that could help you get rid of a malware. For me the links work perfectly. And they are all international sites, in English, so it can't be a limitation due to your whereabouts.

Try booting to "Safe mode with networking" to see if the links worked from there.

If that fails, try downloading AntiMalware on a stick with another computer, boot your computer into "safe mode with networking" to get the latest updates after you've installed the program and run a full scan. If you get a message the updates can't be downloaded, just run the scan, remove what it can find, download the updates and scan again. The same advice goes for ComboFix.

[lulu]

I noted these problem after tried and deinstalled comodo antivurs ...

I got antimalwere. It founds some malware and deleted it but connections problem still persists.
I can see iobit website.
I installed comodo internet security with dragon and when ( do you guess? ) i use dragon browsere with
'Enable malware domain filtering (Comodo Secure DNS)' option on then i can see the antivirus websites.

Suggests?

TY

 


P.S.

I will do this in the middle: "Try booting to "Safe mode with networking" to see if the links worked from there."

[zack1234]

download software onto memory stick from another pc.

My pc got stuffed the other month after download a soundpack its still not right, i partioned my drive ages ago and just use one for playing game.

I think when your firewall has been messed with the best advice i was offered was to reformat your drive its the only way to be sure.

[Bizman]

OK... Did you install Comodo before or after your problems started? I mean, you said in the beginning that you found this "rbegspnr" in your firewall, but didn't mention what firewall you were using.

Google gives plenty of answers how to totally uninstall Comodo. I think the Comodo help forum is one of the most reliable sources of how-to, and there's an unofficial uninstall tool available from the link. Try that and check if you can see the antivirus websites.

If not, go to Control Panel, Internet Options, Advanced tab and Reset. Or use this Microsoft FixIt to do it. If it isn't in your language, download it from here after changing language.

All this advice is to make you a little more computer savvy to help you not to get into this kind of situation again. Plus there's always a chance that the fix is something obvious you just can't see. The most secure and maybe even the easiest/fastest way is what Zack said: Reformat and reinstall. Of course, remember to save your files to another disk or stick before reformatting.

[lulu]

I have 2 pc. One for gaming only, a desktop.

One for work, it's an Acer One 512 Mbyte memory and 8 Gbyte hd only with an xp sp2 on.
Both have problems but I think they are differents.

On Acer One i have not problem since 2008, when i bought it, without running antivirus (!) except for Advanced System Care and Iobit secure 360, just to mantain few thing ordered. 3 Days ago, i remove iobit 360 and i installed comodo (<- in my region it means W.C. ...) after that i spot a new process under xp firewall, named rbegspnr (!).
It is impossible to delete it.

At the same time my Opera browser started to be not able to connect with major antimalware or antivurus websites.

Malwarebytes found some comficker and i deleted it and other stuff but nothing change.

I read a post on a forum and i did this:

cmd -> net stop dnscache --> disable restore point then i run a program called D.exe downloaded from symantech.

After reboot, i asked to Opera to connect to antivirus websites, it has some difficults but it established the damned connection. Other times it had no problems.

Now i'm checking if the rbegspnr 'process' is still there.

Ty guys. If you have others suggestions, welcome.


 

[deadstikmac]

I would be able to help you however it would mean we need to talk via Skype or on the old fashion telly. PM me and ill give you my contact information and we will see if we cant get this fixed for you.

 ~<DeadStickMac

[lulu]

TY deadstickmac,

But the 'rbegspnr' is no longer into my firewalled 'process'. It seems to be ROOSTED   

Now, i start to work on the other pc.

Tanks Biz, malawarebytes put me on the good road indicating comficker infection - but symantec tool erase truly it?

My donut seems a bit more saved now.

TY all

 

[Bizman]

Nice to hear you found and got rid of something you wouldn't have wanted to be in your computer had you known about it.

Malwarebytes' Anti-Malware is a good tool, indeed. As you noticed, Symantec's tool could find leftovers of what it found and deleted. That's not unusual, nor is that necessary a failure: Most of the time it'd be enough to kill and disable the baddies. Just as most legitimate programs leave crap after them, so might even the best malware fighting tools do. That's why it's important to use several tools. One can kill a malacious process, another is good in the cleanup. It is possible that the remnants might reactivate through some contaminated website you might visit, so a thorough cleaning with a variety of tools is a must.