SOLVED (gamereleasedate.info/kb-ribaki.org) auto open on startup/reboot

Discussion in 'Malware Removal Assistance For Windows' started by Koma0000, Aug 20, 2017.

Need Malware Removal Help?

We offer free malware removal assistance to our members. Sign Up now, and get free malware removal support.

  1. Koma0000

    Koma0000 New Member

    Aug 19, 2017
    3
    0
    Indonesia
    Windows 7
    Avira
    Operating System:
    Windows 7
    Are you using a 32-bit or 64-bit operating system?:
    64-bit (x64)
    Infection date and initial symptoms:
    1 week ago
    Current issues and symptoms:
    everytime i start or turn on my computer, google chrome(default browser) always opening gamereleasedate.info. before it opening, cmd will open and immediatly close
    Steps taken in order to remove the infection:
    i already use msconfig to disable it, it work but only for 1 reboot.
    i already delete it on regedit, it still comeback everytime i reboot
    i already use malwarebytes, adwarecleaner, ccleaner, avira(full scan). still not working
    Logs added to help request:
    • FRST.txt
    • Addition.txt
    Hello, My name is Sandy

    This website(kb-ribaki.org to gamereleasedate.info) keep on opening everytime i turn on my computer.
    using AV and delete it manually using regedit, and disable it from msconfig only work after 1 reboot, another reboot still making it appear

    please help
    Thanks.
     

    Attached Files:

  2. TwinHeadedEagle

    TwinHeadedEagle Removal Expert
    Staff Member

    Mar 8, 2013
    21,444
    2,634
    Malware Removal, Gaming
    Windows 7
    ESET
    Hello,


    [​IMG]Scan with Malwarebytes' Anti-Malware

    Please download Malwarebytes Anti-Malware and save it to your desktop.
    • Install the progam.
    • Click the Settings tab, in the left panel choose Protection and tick Scan for rootkits.
    • Click the Scan tab, choose Threat Scan is checked and click Start Scan.
    • If threats are detected, click the Apply Actions button. You will now be prompted to reboot. Click Yes.
    • Upon completion of the scan (or after the reboot), click the Reports tab.
    • Double-click the Scan Log.
    • At the bottom click Export and choose Text file.
    Save the file to your desktop and include its content in your next reply.



    [​IMG] Fix with AdwCleaner

    Please download AdwCleaner by Xplode and save the file to your Desktop.
    • Right-click on [​IMG] icon and select [​IMG] Run as Administrator to start the tool.
    • Accept the Terms of use.
    • Wait until the database is updated.
    • Click Scan.
    • When finished, please click Clean.
    • Your PC should reboot now.
    • After reboot, logfile will be opened. Copy its content into your next reply.

    Note: Reports will be saved in your system partition, usually at C:\Adwcleaner



    Please download Zemana AntiMalware and save it to your Desktop.
    • Install the program and once the installation is complete it will start automatically.
    • Without changing any options, press Scan to begin.
    • After the short scan is finished, if threats are detected press Next to remove them.
    Note: If restart is required to finish the cleaning process, you should click Reboot. If reboot isn't required, please restart your computer manually.

    • Open Zemana AntiMalware again.
    • Click on [​IMG] icon and double click the latest report.
    • Now click File > Save As and choose your Desktop before pressing Save.
    • The only left thing is to attach saved report in your next message.
     
  3. Koma0000

    Koma0000 New Member

    Aug 19, 2017
    3
    0
    Indonesia
    Windows 7
    Avira
    Hello,

    i have try on my own by deleting the registry in regedit in HKCU/windows/software/currentversion/run(if im not wrong) that contain explore.exe hhtp//rb-kibaki.org or something. after that i go to task scheduler and see the active task that named my computer name and checked it, it said something like explore.exe hhtp//rb-kibaki.org too so i delete it. after that, my computer seemed working good. but, would it be enough to rid this virus or i need to use farbar(or other) to clean it

    Thanks

    (i dont know if the files is right, because i take it from Adwcleaner folder)
     

    Attached Files:

  4. TwinHeadedEagle

    TwinHeadedEagle Removal Expert
    Staff Member

    Mar 8, 2013
    21,444
    2,634
    Malware Removal, Gaming
    Windows 7
    ESET
    Please follow my instructions as I post them and completely if you want my help.
     
  5. Koma0000

    Koma0000 New Member

    Aug 19, 2017
    3
    0
    Indonesia
    Windows 7
    Avira
    i think already did it, thanks a lot for your help sir. you sure helped me a lot
    its gone after i use zemana anti malware.
    Thank you
     
Loading...
Similar Threads Forum Date
Mitigating and eliminating info-stealing Qakbot and Emotet in corporate networks Microsoft Nov 6, 2017
Tutorial Data Execution Prevention (DEP) - Native API (NtSetInformationProcess) Develop Coding Skills - Tutorials Nov 3, 2017
Tutorial SYSTEM_INFORMATION_CLASS & PROCESSINFOLASS Develop Coding Skills - Tutorials Nov 3, 2017