ryr.exe--info please
in [Anti-Virus]
|
From: Richard Oliver on 20 Jan 2010 01:38 A friends computer running Win XP Home has been infected by numerous virus /malware etc. I have run several antivirus programs such as Trend Micro ,Antivir and Malware Bytes. The machine now appears to be clean but will not start in Safe mode,there is no Run mode nor msconfig available. There is a popup on startup looking for ryr.exe which a search on Google reveals as malware. I would appreciate some help in getting this system back in good order again. Regards,Richard
From: David H. Lipman on 20 Jan 2010 06:37 From: "Richard Oliver" <R.Oliver(a)Spam.co.za> | A friends computer running Win XP Home has been infected by numerous | virus /malware etc. | I have run several antivirus programs such as Trend Micro ,Antivir and | Malware Bytes. | The machine now appears to be clean but will not start in Safe | mode,there is no Run mode nor msconfig available. | There is a popup on startup looking for ryr.exe which a search on Google | reveals as malware. | I would appreciate some help in getting this system back in good order | again. | Regards,Richard Find the place the loads ryr.exe and remove it so the OS no longer wants to load it. What do you mean no "Run mode " ? There is no "Run" as a statup item ? As for the no Safe Mode, it could be the load sequence to load Safe Mode has been too corrupted to work anymore. -- Dave http://www.claymania.com/removal-trojan-adware.html Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp
From: Buffalo on 20 Jan 2010 09:57 Richard Oliver wrote: > A friends computer running Win XP Home has been infected by numerous > virus /malware etc. > I have run several antivirus programs such as Trend Micro ,Antivir > and Malware Bytes. > The machine now appears to be clean but will not start in Safe > mode,there is no Run mode nor msconfig available. > There is a popup on startup looking for ryr.exe which a search on > Google reveals as malware. > I would appreciate some help in getting this system back in good order > again. > Regards,Richard Found this and it may help you locate and rid yourself of that ryr.exe. "SOFTWARE ASSESSMENT: PREVX 4 AXES OF EVIL METHODOLOGY 1. COVERT ANALYSIS OF: 0BXFHZ.EXE a.. File Names Used: 3 b.. Paths Used: 1 c.. Common File Name: 0BXFHZ.EXE d.. Common Path: %TEMP%\ e.. Vendor Information: No Vendor details specified f.. 0BXFHZ.EXE may use 3 or more path and file names, these are the most common: g.. 1 :%TEMP%\0BXFHZ.EXE h.. 2 :%TEMP%\RYR.EXE i.. File Name Structure: Normal j.. File and Path Structure: Normal" Buffalo
From: Dustin Cook on 20 Jan 2010 17:33 Richard Oliver <R.Oliver(a)Spam.co.za> wrote in news:lq8dl5hc89e46j9tcjc9l94ceck1d8lpp1(a)4ax.com: > A friends computer running Win XP Home has been infected by numerous > virus /malware etc. > I have run several antivirus programs such as Trend Micro ,Antivir > and Malware Bytes. > The machine now appears to be clean but will not start in Safe > mode,there is no Run mode nor msconfig available. > There is a popup on startup looking for ryr.exe which a search on > Google reveals as malware. > I would appreciate some help in getting this system back in good order > again. > Regards,Richard > You sure do run across alot of friends or relatives suddenly in need of your assistance. :) Have you tried checking the mbam forums? They do offer assistance. I'll give you the benefit of the doubt for now and assume you really are just a normal user trying to help your friends, and not some wannabe technician :) -- "Is there anything in Guul Draz that doesn't suck the life out of you?" - Tarsa, Sea Gate sell-sword.
From: Dustin Cook on 20 Jan 2010 17:33
FredW <fredw(a)blackholespam.net> wrote in news:j50el5htvkijs3d8e87vh0o2i3jcqkcquc(a)4ax.com: > On Wed, 20 Jan 2010 08:38:29 +0200, Richard Oliver > <R.Oliver(a)Spam.co.za> wrote: > >>A friends computer running Win XP Home has been infected by numerous >>virus /malware etc. >>I have run several antivirus programs such as Trend Micro ,Antivir >>and Malware Bytes. >>The machine now appears to be clean but will not start in Safe >>mode,there is no Run mode nor msconfig available. >>There is a popup on startup looking for ryr.exe which a search on >>Google reveals as malware. >>I would appreciate some help in getting this system back in good order >>again. > > Short answer to get the system back in good order: > It is time to do a "Format C:\" and reinstall Windows. > Is the format really necessary tho? -- "Is there anything in Guul Draz that doesn't suck the life out of you?" - Tarsa, Sea Gate sell-sword. |