Hell from pbrrol.exe

Admiral Michael

Michaelsoft Systems CEO
#1
Im trying to fix a friend's computer. Theres a program called pbrrol.exe thats in C:\WINDOWS\System32 that wont let firefox to load. The windows task manager doesnt show it, I have to use the task view from the makers of HiJack This to see it. When I end the program with the secondary task manager Firefox loads no prob otherwise it doesnt show but firefox.exe shows in the task manager.

I cant find the file in the folder, I can find it with windows find, but when I delete it, it respawns. Another file appears in the registry for startup - rikk.exe. This file is loated in the startup folder but cannot be seen even with show hidden file (shows via Windows Find).

I've ran adaware and spybot to no avail.

His laptop runs Windows XP Pro SP2, he uses the windows firewall.
 

Admiral Michael

Michaelsoft Systems CEO
#3
Xie said:
You mention running adware programs and nothing, what anti-virus programs have you run?
Sorry, he (as well as I) runs Norton AntiVirus 2003

He said NAV picked up a virus and removed it. I don't kno the name of the virus.
 

Xie

- geek -
#4
Admiral Michael said:
Sorry, he (as well as I) runs Norton AntiVirus 2003

He said NAV picked up a virus and removed it. I don't kno the name of the virus.
Sounds like it didn't get all of it. I'd try another AV, give housecall a shot, it's free and works rather well. Trying more then 1 AV sometimes does the trick.
 

gonaads

Beware the G-Man
Political User
#5
Delete both files but don't empty trash and also delete the entry in the reg, but first export that entry (just in case it is a legit file). Also search the reg for any instances of either file and delete them, backup/export them first to be safe. Then reboot and see what happens. Sounds like virus goings on in that Laptop.
 
Last edited:

Admiral Michael

Michaelsoft Systems CEO
#7
I tried your suggestion gonaads and no luck. Im gonna try the symantec online scanner to see if its a virus. He has to go home now so I'll have to ait til next time.

Thanks for the updates so far :) Much appreciated.
 

kcnychief

█▄█ ▀█▄ █
Political User
#8
From my experience if this file is a virus, it sounds like you are only finding the droppings. The best way to delete that file since it seems to keep coming back is through recovery console. This is an absolute deletion, obviously skipping over the recycyle bin.

In regards to your AV protection, while 2003 may have the updated .DAT files, this day and age I would strongly recommend upgrading to 2004 at least, if not 2005. I have seen both version for <$20 on eBay buying just the CD and the sleeve. My logic behind that being the updated worm protection, which gives you a double-edged sword for the XPSP2 Firewall.

Also, have you checked your hosts file? (nevermind, sorry my mind is scattered).

I just re-read your post, you should definitely go to Recovery Console. While in Windows, write down the path and names of the file. Go to Recovery Console...

(if you are not familiar, here is how)

  1. Boot to a Windows XP CD
  2. Press "r" to repair
  3. It will prompt you to choose which Windows installation you want to login to, type "c:"
  4. It will then prompt you for the Administrator password (so either make sure he knows it, or reset it before getting this far)
  5. Then, you are pretty much at the CMD prompt from within XP, but on steroids :)
What I would do BEFORE that is make sure that the AV and Windows Security updates are fully patched. Download MS Anti-Spyware, and Stinger from McAfee. Once all updates and patches are all set, go to Recover Console, delete the files, reboot into safe mode WITHOUT networking, do scans like it's your job. They should be gone, but just to be sure. Also, while there, use similar search methods you performed above to ensure they are gone.

These things are a pain, but at the same time rather interesting to get rid of sometimes. Good luck, post back which I'm sure you will :)
 

Admiral Michael

Michaelsoft Systems CEO
#9
Where to begin :p

Xie:

Ill give you suggestion a shot as well as using the symantec online scanner.

kcnychief:


I use NAV 2003 because I trhink its the best norton version, I tried newer versions and they seem to be memory hogs. I may consider to switching to AVG but Ive always used NAV and never had any problems with it myself.

I have checked the hosts file, only one entry which is localhost.

Ive tried deleting the file in safemode, but it still runs while in safemode. I never thought of using the recovery console. I just hope it can find it.
 

kcnychief

█▄█ ▀█▄ █
Political User
#10
Admiral Michael said:
Where to begin :p

I use NAV 2003 because I trhink its the best norton version, I tried newer versions and they seem to be memory hogs. I may consider to switching to AVG but Ive always used NAV and never had any problems with it myself.

I have checked the hosts file, only one entry which is localhost.

Ive tried deleting the file in safemode, but it still runs while in safemode. I never thought of using the recovery console. I just hope it can find it.
I couldn't agree more on the memory hog, but that is evident on *most* newer applications. I have found that McAfee works quite well, and is a bit easier on the resources.

It would still run in safe mode, so that would not be an initial option. Within the recovery console, every file is viewable. So, you would want to write down the path, such as

C:\windows\system32\filethatiskillingmymachine.exe

navigate to there within the Recovery console, delete it. If you get access denied, the file might be read only. At that point, from the CMD prompt, type out the path again...

C:\windows\system32\attrib -r -h -a filethatiskillingmymachine.exe

try to delete again, and you should be set.
 

lancer

There is no answer!
Political User
#17
let me know how the ewido program works out?

also i search google for both those programs and nothing came up... strange.
 

Members online

Latest posts

Latest profile posts

Perris Calderon wrote on Electronic Punk's profile.
Ep, glad to see you come back and tidy up...did want to ask a one day favor, I want to enhance my resume , was hoping you could make me administrator for a day, if so, take me right off since I won't be here to do anything, and don't know the slightest about the board, but it would be nice putting "served administrator osnn", if can do, THANKS

Been running around Quora lately, luv it there https://tinyurl.com/ycpxl
Electronic Punk wrote on Perris Calderon's profile.
All good still mate?
Hello, is there anybody in there? Just nod if you can hear me ...
Xie
What a long strange trip it's been. =)

Forum statistics

Threads
61,970
Messages
673,297
Members
89,018
Latest member
qotipory