Computer infected with winrscmde

[mhuband]

How do I get rid of this?

 

[Layback Bear]

This is what Microsoft suggest.
http://answers.microsoft.com/en-us/...cription/6a51c549-20de-43d5-8e64-f33e344559c0
What anti virus do you use?
This is what I would start with.
Free Online Virus Scanner | ESET
When it done I would do this.

http://www.sevenforums.com/tutorials/166445-windows-defender-offline.html

Let us know the results their more to be done.

 

[cottonball]

mhuband,

The links provided by Layback Bear are helpful, but, first, let's find out what is going on with your system.

There may be more than what meets the eye, as there are RootKits that are harder to detect and remove, and may be associated with winrscmde.




Please download RogueKiller:
Tlcharger RogueKiller (Site Officiel)

When you get to the website, go to where it says:
(Download link) Lien de téléchargement:

Select the version that applies to your system...(see Note)

Click the dark-blue button that applies to download.

Save to the Desktop

Close all windows and browsers
Right-click and select 'Run as Administrator'

Press: SCAN

A report opens on the Desktop: RKreport.txt

Please provide the RKreport.txt (Mode: Scan) in your reply.

Note:
To find out if system is 32 or 64 bit, please go to Start > Control Panel
Type system in the Search Control Panel box (upper right)
Double-click: System, and look for: System type
It states either 64-bit Operating System, or, 32-bit Operating System

 

[Layback Bear]

Sorry; I thought my suggestions were not just helpful but also useful.
Have a nice day.

 

[cottonball]

Layback Bear,

No one is criticising your suggestions. Something that is helpful, by default, is useful!
Some of the programs mentioned in the links are used very frequently in the malware removal community.

The reason for requesting RogueKiller is that, what appears on the surface, winrscmde, may come with a hidden payload. It is in the best interest of anyone who has an infection to find out what is going on in the system.

Some infections require special tools, and we need to know which one to use, etc.

Since we call malware takeovers 'infections', let's say that some of them are equivalent to a malignant cancer in an advanced stage. In this kind of scenario, before cancer surgery, X-Rays, MRIs and the like preceed it. After surgery, some more tests and diagnostics are done to confirm the cancer is gone. It is all part of a 'total package'.

The file winrscmde may be associated with Rootkit boot.Pihar...:huh:
If you peruse through many of the malware removal forums, you will find that using diagnostic tools
takes precedence. Find out as much as you can about what you are dealing with, and then, use the right tools to remove it

 

[shawn77]

I have to accept with cottonball's comments.Winrscmde is associated with pihar variants.Using TDSSkiller or roguekiller is more safer than windows defender offline.Sometimes we need experience in malware removal to understand what type of tools needs to be used for different type of infections.Windows defender can make system unbootable in cause of pihar rootkits.

 

[Layback Bear]

I'm sorry I offended you all with my short comings. I will try to raise my standards and knowledge.
Have a nice day.

 

[cottonball]

Layback Bear,

I'm sorry I offended you all with my short comings.

No way!!

No apologies needed here, LB.

From what I've seen, this forum is open for anyone who wants to contribute their thoughts.

We all have different approaches, since we come from different backgrounds, and have different experiences to share.

It keeps life interesting...