Hell from pbrrol.exe

Admiral Michael

OSNN Veteran Addict
Joined
19 Feb 2003
Messages
3,123
Im trying to fix a friend's computer. Theres a program called pbrrol.exe thats in C:\WINDOWS\System32 that wont let firefox to load. The windows task manager doesnt show it, I have to use the task view from the makers of HiJack This to see it. When I end the program with the secondary task manager Firefox loads no prob otherwise it doesnt show but firefox.exe shows in the task manager.

I cant find the file in the folder, I can find it with windows find, but when I delete it, it respawns. Another file appears in the registry for startup - rikk.exe. This file is loated in the startup folder but cannot be seen even with show hidden file (shows via Windows Find).

I've ran adaware and spybot to no avail.

His laptop runs Windows XP Pro SP2, he uses the windows firewall.
 
You mention running adware programs and nothing, what anti-virus programs have you run?
 
Xie said:
You mention running adware programs and nothing, what anti-virus programs have you run?
Sorry, he (as well as I) runs Norton AntiVirus 2003

He said NAV picked up a virus and removed it. I don't kno the name of the virus.
 
Admiral Michael said:
Sorry, he (as well as I) runs Norton AntiVirus 2003

He said NAV picked up a virus and removed it. I don't kno the name of the virus.
Sounds like it didn't get all of it. I'd try another AV, give housecall a shot, it's free and works rather well. Trying more then 1 AV sometimes does the trick.
 
Delete both files but don't empty trash and also delete the entry in the reg, but first export that entry (just in case it is a legit file). Also search the reg for any instances of either file and delete them, backup/export them first to be safe. Then reboot and see what happens. Sounds like virus goings on in that Laptop.
 
Last edited:
I agree that it sounds like a virus. I'll try your suggestions next time he's over.
 
I tried your suggestion gonaads and no luck. Im gonna try the symantec online scanner to see if its a virus. He has to go home now so I'll have to ait til next time.

Thanks for the updates so far :) Much appreciated.
 
From my experience if this file is a virus, it sounds like you are only finding the droppings. The best way to delete that file since it seems to keep coming back is through recovery console. This is an absolute deletion, obviously skipping over the recycyle bin.

In regards to your AV protection, while 2003 may have the updated .DAT files, this day and age I would strongly recommend upgrading to 2004 at least, if not 2005. I have seen both version for <$20 on eBay buying just the CD and the sleeve. My logic behind that being the updated worm protection, which gives you a double-edged sword for the XPSP2 Firewall.

Also, have you checked your hosts file? (nevermind, sorry my mind is scattered).

I just re-read your post, you should definitely go to Recovery Console. While in Windows, write down the path and names of the file. Go to Recovery Console...

(if you are not familiar, here is how)

  1. Boot to a Windows XP CD
  2. Press "r" to repair
  3. It will prompt you to choose which Windows installation you want to login to, type "c:"
  4. It will then prompt you for the Administrator password (so either make sure he knows it, or reset it before getting this far)
  5. Then, you are pretty much at the CMD prompt from within XP, but on steroids :)
What I would do BEFORE that is make sure that the AV and Windows Security updates are fully patched. Download MS Anti-Spyware, and Stinger from McAfee. Once all updates and patches are all set, go to Recover Console, delete the files, reboot into safe mode WITHOUT networking, do scans like it's your job. They should be gone, but just to be sure. Also, while there, use similar search methods you performed above to ensure they are gone.

These things are a pain, but at the same time rather interesting to get rid of sometimes. Good luck, post back which I'm sure you will :)
 
Where to begin :p

Xie:

Ill give you suggestion a shot as well as using the symantec online scanner.

kcnychief:


I use NAV 2003 because I trhink its the best norton version, I tried newer versions and they seem to be memory hogs. I may consider to switching to AVG but Ive always used NAV and never had any problems with it myself.

I have checked the hosts file, only one entry which is localhost.

Ive tried deleting the file in safemode, but it still runs while in safemode. I never thought of using the recovery console. I just hope it can find it.
 
Admiral Michael said:
Where to begin :p

I use NAV 2003 because I trhink its the best norton version, I tried newer versions and they seem to be memory hogs. I may consider to switching to AVG but Ive always used NAV and never had any problems with it myself.

I have checked the hosts file, only one entry which is localhost.

Ive tried deleting the file in safemode, but it still runs while in safemode. I never thought of using the recovery console. I just hope it can find it.

I couldn't agree more on the memory hog, but that is evident on *most* newer applications. I have found that McAfee works quite well, and is a bit easier on the resources.

It would still run in safe mode, so that would not be an initial option. Within the recovery console, every file is viewable. So, you would want to write down the path, such as

C:\windows\system32\filethatiskillingmymachine.exe

navigate to there within the Recovery console, delete it. If you get access denied, the file might be read only. At that point, from the CMD prompt, type out the path again...

C:\windows\system32\attrib -r -h -a filethatiskillingmymachine.exe

try to delete again, and you should be set.
 
did you try something like bartpe, to delete it off line ? or even going to safe mode.
 
As mentioned I have tried safe mode and the app is running while in safe mode. I will be trying the recovery console method kncychief suggested.
 
let me know how the ewido program works out?

also i search google for both those programs and nothing came up... strange.
 
lancer said:
is that good or bad? :)

eh, neither. I'm not a fan of counterspy, it created a lot of false positives. I only tried it b/c I read an article saying it was "the bomb"
 

Members online

No members online now.

Latest profile posts

Also Hi EP and people. I found this place again while looking through a oooollllllldddd backup. I have filled over 10TB and was looking at my collection of antiques. Any bids on the 500Mhz Win 95 fix?
Any of the SP crew still out there?
Xie wrote on Electronic Punk's profile.
Impressed you have kept this alive this long EP! So many sites have come and gone. :(

Just did some crude math and I apparently joined almost 18yrs ago, how is that possible???
hello peeps... is been some time since i last came here.
Electronic Punk wrote on Sazar's profile.
Rest in peace my friend, been trying to find you and finally did in the worst way imaginable.

Forum statistics

Threads
62,015
Messages
673,494
Members
5,621
Latest member
naeemsafi
Back