Aces High Bulletin Board
General Forums => Hardware and Software => Topic started by: lulu on July 27, 2012, 02:41:06 AM
-
Under my firewall there is a service or a program named: rbegspnr
I tried to delete it but nothing to do. Internet searching gave nothing. Also searching on my pc gave nothing.
Any suggest on what it is and how to delete it?
Ty
:salute
-
did you try removing it from having access to the internet? did you try terminating it and see what happens? go into safe mode, see if it's there. not sure what it is for or if it is ok. but I would turn off modem till more info comes in.
semp
-
As you said, Internet searching can't find such name, which sounds alerting. There's a couple of simple checks you can do to evaluate its validity:
Since your firewall can see it, it also might give you information about its whereabouts. A path to Windows' folders or registry should be displayed somehow, maybe with a right-click or hover-on. If it's a file it may be hidden, so change your folder settings to show "hidden files" and "protected system files". If you can find it, a right click should give you "properties" under which the "version" tab should give you information about the program. Notice that not all files have version information, only executables.
If you can find the path, the folder where rbegspnr lies may also give you a clue what it does or which program or service it is related to. Many suspiciously named programs have appeared to be part of, say, printer utilities and such. Usually their names can be found and explained with Google, though.
And of course, when in doubt, run several malware scanning programs. I'd start with Malwarebytes' Anti-Malware (http://www.malwarebytes.org/) followed with the Eset Online Scanner (http://www.eset.com/home/products/online-scanner/). Super Anti Spyware (http://www.superantispyware.com/) is despite its name a reliable tool, too. And ComboFix (http://www.bleepingcomputer.com/combofix/how-to-use-combofix) is also good, even without sending the results to professionals.
Hope this little advice helps.
-
check out "slim computer" it has a good shredder that will get rid of it, it will also find it and give you the location...hopefully it has not done any damage to your windows system folder.
-
"did you try removing it from having access to the internet? "
Yes. At re-boot it still have firewall permission.
"did you try terminating it and see what happens?"
Yes. When reboot it is there.
"A path to Windows' folders or registry should be displayed somehow, maybe with a right-click or hover-on. If it's a file it may be hidden, so change your folder settings to show "hidden files"
I did, nothing as result.
I will work on it,
TY Guys
-
"Did you run the malware scans?"
You didn't say you did, nor did you say you didn't. And if you did, you didn't tell us what was found if anything.
-
I tried to connect and download yours suggested anti-malware programs but ... opera browser says that it's impossible to connect to their server. :huh aaaAAAARRRRGH !
Suggests?
:salute
-
Hmmm... Seems there's something preventing you to go to sites that could help you get rid of a malware. For me the links work perfectly. And they are all international sites, in English, so it can't be a limitation due to your whereabouts.
Try booting to "Safe mode with networking" to see if the links worked from there.
If that fails, try downloading AntiMalware on a stick with another computer, boot your computer into "safe mode with networking" to get the latest updates after you've installed the program and run a full scan. If you get a message the updates can't be downloaded, just run the scan, remove what it can find, download the updates and scan again. The same advice goes for ComboFix.
-
I noted these problem after tried and deinstalled comodo antivurs ...
I got antimalwere. It founds some malware and deleted it but connections problem still persists.
I can see iobit website.
I installed comodo internet security with dragon and when ( do you guess? ) i use dragon browsere with
'Enable malware domain filtering (Comodo Secure DNS)' option on then i can see the antivirus websites.
Suggests?
TY
:salute
P.S.
I will do this in the middle: "Try booting to "Safe mode with networking" to see if the links worked from there."
-
download software onto memory stick from another pc.
My pc got stuffed the other month after download a soundpack its still not right, i partioned my drive ages ago and just use one for playing game.
I think when your firewall has been messed with the best advice i was offered was to reformat your drive its the only way to be sure.
-
OK... Did you install Comodo before or after your problems started? I mean, you said in the beginning that you found this "rbegspnr" in your firewall, but didn't mention what firewall you were using.
Google gives plenty of answers how to totally uninstall Comodo. I think the Comodo help forum (http://forums.comodo.com/install-setup-configuration-help-cis/uninstaller-tool-for-comodo-products-t71897.0.htmll) is one of the most reliable sources of how-to, and there's an unofficial uninstall tool available from the link. Try that and check if you can see the antivirus websites.
If not, go to Control Panel, Internet Options, Advanced tab and Reset. Or use this Microsoft FixIt (http://go.microsoft.com/?linkid=9646978) to do it. If it isn't in your language, download it from here (http://support.microsoft.com/kb/923737) after changing language.
All this advice is to make you a little more computer savvy to help you not to get into this kind of situation again. Plus there's always a chance that the fix is something obvious you just can't see. The most secure and maybe even the easiest/fastest way is what Zack said: Reformat and reinstall. Of course, remember to save your files to another disk or stick before reformatting.
-
I have 2 pc. One for gaming only, a desktop.
One for work, it's an Acer One 512 Mbyte memory and 8 Gbyte hd only with an xp sp2 on.
Both have problems but I think they are differents.
On Acer One i have not problem since 2008, when i bought it, without running antivirus (!) except for Advanced System Care and Iobit secure 360, just to mantain few thing ordered. 3 Days ago, i remove iobit 360 and i installed comodo (<- in my region it means W.C. ...) after that i spot a new process under xp firewall, named rbegspnr (!).
It is impossible to delete it.
At the same time my Opera browser started to be not able to connect with major antimalware or antivurus websites.
Malwarebytes found some comficker and i deleted it and other stuff but nothing change.
I read a post on a forum and i did this:
cmd -> net stop dnscache --> disable restore point then i run a program called D.exe downloaded from symantech.
After reboot, i asked to Opera to connect to antivirus websites, it has some difficults but it established the damned connection. Other times it had no problems.
Now i'm checking if the rbegspnr 'process' is still there.
Ty guys. If you have others suggestions, welcome.
:salute
-
I would be able to help you however it would mean we need to talk via Skype or on the old fashion telly. PM me and ill give you my contact information and we will see if we cant get this fixed for you.
:airplane:~<DeadStickMac
-
TY deadstickmac,
But the 'rbegspnr' is no longer into my firewalled 'process'. It seems to be ROOSTED :rock
Now, i start to work on the other pc.
Tanks Biz, malawarebytes put me on the good road indicating comficker infection - but symantec tool erase truly it?
My donut seems a bit more saved now.
TY all
:salute
-
Nice to hear you found and got rid of something you wouldn't have wanted to be in your computer had you known about it.
Malwarebytes' Anti-Malware is a good tool, indeed. As you noticed, Symantec's tool could find leftovers of what it found and deleted. That's not unusual, nor is that necessary a failure: Most of the time it'd be enough to kill and disable the baddies. Just as most legitimate programs leave crap after them, so might even the best malware fighting tools do. That's why it's important to use several tools. One can kill a malacious process, another is good in the cleanup. It is possible that the remnants might reactivate through some contaminated website you might visit, so a thorough cleaning with a variety of tools is a must.
-
During this 3 days, i upgrade skype and after disable skype update services.
Now this service is no more on xp list of services.
Be carefull.
I'm looking for something with manual scan.
I don't like that services run in background because my netbook has poor resources.
Malawarebytes seems good for that. Tx
:salute
-
If you suspect you're having viruses on your computer but don't want to install programs that will have a process running thereafter, online scanners are quite good. I already mentioned Eset Online Scanner (http://go.eset.com/us/online-scanner/run/).
Others I have used: - F-Secure Online Scanner (http://www.f-secure.com/en/web/labs_global/removal/online-scanner/) is quite thorough, finding even rootkits.
- Panda (http://www.pandasecurity.com/homeusers/solutions/activescan/) used to find many sorts of malware. Haven't tested the Cloud version yet, but it might be worth trying as an add-on
- TrendMicro HouseCall (http://housecall.trendmicro.com/) is also an old acquintance
There are/has been others, but these are still available and working.
For other malware than viruses, the AntiMalware is my #1 these days, but the SuperAntiSpyware (http://www.superantispyware.com/index.html) is also good. It has a portable version, which can be run from a memory stick. It also has some special "Repairs" button, which includes many tools to restore settings after some malware has altered them. Also the good old Spybot-Search and Destroy (http://www.safer-networking.org/index2.html) seems to have caught up again. When installing it, be cautious with the all-time tools it offers. TeaTimer can be a nuisance. And don't forget the very special ComboFix (http://www.bleepingcomputer.com/combofix/how-to-use-combofix), which has saved my bacon numerous times when nothing else is allowed to run.
And then, there's the plethora of live CD's (http://www.livecdlist.com/purpose/windows-antivirus), another listing here (http://www.techmixer.com/free-bootable-antivirus-rescue-cds-download-list/), from Avira, AVG, BitDefender, F-Secure, Kaspersky Labs, Norton, Panda, Trinity (several brands), you name it. Since they're mostly Linux based, each version can't necessarily use your network card for updating. In that case, there might be an alternative updating method or, you can use another brand.
Happy hunting!
-
dont use comodo again, it's really bad at removing viruses that are already in your computer. and the firewall that it has for what i read is very good, however you need to now how to install it or you basically have nothing. in other words use windows security essentials, simpler and easier to use.
semp
-
TY ALL VERY MUCH AGAIN :airplane:
:salute
-
Don't try to end this thread, not everyone has yet shared his wisdom :bolt:
-
lulu one word of advise. you still have viruses.
semp
-
I tried to connect and download yours suggested anti-malware programs but ... opera browser says that it's impossible to connect to their server. :huh aaaAAAARRRRGH !
Suggests?
:salute
I have seen malware that changes a system's "web proxy" setting, which can then redirect browser(s) to the malware site. Check the Windows setting from within Internet Explorer, and also the web proxy setting within any other browsers you have installed.
-
I have seen malware that changes a system's "web proxy" setting, which can then redirect browser(s) to the malware site. Check the Windows setting from within Internet Explorer, and also the web proxy setting within any other browsers you have installed.
Yup, good point. Plus I have seen malware that does the redirecting in a more sophisticated way, hidden in the registry values or other group policy settings. Here's one link to a policy restoring tool (http://wiki.pcworld.com/index.php/MMVP_Castner%27s_%22FixPolicies%22_vs_Dial-a-Fix%27s_%22Policies), downloadable here (http://downloads.malwareremoval.com/BillCastner/FixPolicies.exe).
-
Yup, good point. Plus I have seen malware that does the redirecting in a more sophisticated way, hidden in the registry values or other group policy settings. Here's one link to a policy restoring tool (http://wiki.pcworld.com/index.php/MMVP_Castner%27s_%22FixPolicies%22_vs_Dial-a-Fix%27s_%22Policies), downloadable here (http://downloads.malwareremoval.com/BillCastner/FixPolicies.exe).
Yuk! That's just *nasty*, hiding junk like that in the registry.
-
4 pendrive were sources of infection.
This was very helpful to delete infection on my netbook:
http://www.symantec.com/security_response/writeup.jsp?docid=2009-011316-0247-99
(Before runnning D.exe, i also stopped dnscache from xp command prompt (Start->run->cmd->net stop dnscache))
And i used this patch too:
http://technet.microsoft.com/en-us/security/bulletin/ms08-067
After i installed Avast to try it, and Malawarebytes on a sd card.
I noted that when the infection is on your hd icons change in folder icon and xp firewall allows a process named as i posted before.
Until now this virus is pretty dead.
:salute