Member Avatar for peter_99

I had been infected with the Anitvirus system pro malware, was not able to run any programs or get any webpage other than the maleware site. I ran Rkill to stop it so I could remove it. When I ran rkill it disabled my ability to load web pages as well. I assumed after I got rid of it I would be able to load pages again. I run malwarebytes and it removed it but came back on startup, same with superantispyware. I tried the Hijackthis startup analyzer and it found a rpbgsysguard.exe file (spelling of first few letters may be off). I removed that thinking it was the spyware, I am able to startup fine, malware is gone but can't open web pages.

IE opens but it gives me page cannot be displayed. I am on a home wireless network, have confirmed it is connected properly and my computer is connected to it. The funny thing is I was able to install windows updates from the icon at the bottom, I installed IE 8 thinking a reinstall of internet explorer would help but nothing. I also installed xp3 thinking that might do it but nothing again.

I would so much appreciate any help. Thanks.

  • 3 Contributors
  • 2 Replies
  • 115 Views
  • 4 Weeks Discussion Span
  • Latest Post Latest Post by tendragons

Recommended Answers

All 2 Replies

Member Avatar for jholland1964

It would help if we could see some logs here. We have no idea what was removed, or the locations of items removed, especially since you cannot remember the name of the last file you removed. Random letters and then saying it might be incorrect really doesn't give us a true reading. Did you save this log? Can you post that MBA-M log for us?

We have no idea what was found, where it was found OR actually what process you stopped using Rkill.

Realize you were trying to enable IE to work by downloading Windows Updates AND IE8 however, updating ANYTHING other than security software is never a good idea when the machine is not clean.

A KEY requirement for installing Windows SP3 is that the machine be FREE of infection.
Also before installing SP3 you must be certain that ALL drivers are compatible with SP3, ESPECIALLY your wireless network adapter. If it does NOT have drivers that support SP 3 then it should not be installed.

Frankly, I would recommend that you Uninstall SP3 for now. Until the machine is deemed clean it should not be added. You have no way of knowing if these new updates have now been corrupted by this infection.

Are you absolutely certain the infection is Antivirus System Pro?

We really need to see some logs here otherwise we cannot be of any service. We cannot recommend other tools or anything for now. We don't know for certain what it is we are dealing with, but I recommend that you do not use HJT as a way to remove items, this should be considered only a scanner tool. Same goes for the Start Up list generated by HJT, this is NOT an analyzer, it only lists what is starting. Many times infection name themselves with the same names as a legal file, remove the legal file you may damage the system.
Post back with logs from all programs you have run and maybe we can offer assistance.

Edited by jholland1964 because: n/a
Member Avatar for tendragons

Sometimes the browser got stuck trying to send requests to the dead hijacker via a proxy to localhost:5555.

In IE8 it is at: Tools > Internet Options > Connections tab > LAN settings. If is checked the box "Use a proxy server...", uncheck it.

I installed FireFox when the same thing happened here. Even though it still didn't work because the same proxy setting was imported, it's "Page cannot be displayed" message yeilded additional information.

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.