Hell from pbrrol.exe

[Admiral Michael]

also i search google for both those programs and nothing came up... strange.

I tried that too and came up with the same thing.. nada.

 

[American Zombie]

Make a BartPE cd then boot from it and you can then delete the file. If you put the RegEditPE plugin on the cd when creating it you can also delete any registry entries the file has made.

 

[gonaads]

You could also take note of the location of both these files (write down the full thing such as "C:\windows\blah blah\blah.exe") and then reboot but to a command prompt. But remember that from a command prompt some directories/files are shortened by windows and are listed C:\windows\sys~ blah blah or whatever. You'll have to figure that part out. Then do the delete command for each of these files. Then reboot and see what blows up.

 

[Johnny]

As American Zonbie said, with bartpe the file wont run . you can add plugisn and such to it. It is a great utilitly ..

More info: http://www.nu2.nu/pebuilder/

 

[Admiral Michael]

Hmm I made a BArtPE cd and man this is an awesome utility. Rep Points for all who suggested it, I like it so much

 

[kcnychief]

Hmm I made a BArtPE cd and man this is an awesome utility. Rep Points for all who suggested it, I like it so much

I don't know if you found this yet, but here is the forum for BartPE...

http://www.911cd.net/forums/

 

[Admiral Michael]

Cool Thanks!

 

[yoyo]

Certainly agree that BartPE is a very useful utility. Everyone should have such a cd.

However I am a little bit in doubt whether it will solve your problem.

Just deleting these files should be no problem using one of the utilities that delete files on reboot - Killbox, MoveOnBoot, Dellater, or the tool build into HijackThis.

Problem is, if you don't catch all files they probably will be recreated.

You said the process doesn't show up in taskmanager and you can't see the file in the system32 folder. (You do have "show hidden files" checked and "hide protected system files" unchecked in folder options?)
That may indicate the nasty you've got uses some kind of rootkit technology. Mostly that is installed as a kernel driver (*.sys file).

I'd suggest you post a HijackThis log.

Also check pbrrol.exe and rikk.exe here: http://virusscan.jotti.org

 

[Admiral Michael]

Yes I do have both show hidden files and hide protected unchecked. I will give your suggestions a go.

Since he works alot we arent able to get together alot. Maybe this weekend, I will give all your suggestons a try.

I was also thinking of running a windows file protection scan as well.

 

[American Zombie]

That may indicate the nasty you've got uses some kind of rootkit technology.

Rootkit Revealer should verify whether or not this is the case.