I recently recieved spyware files that imbedded themselves in my system32
folder. The file names are ekrfb.exe and nbabbp.exe. I am unable to stop
process on these files, ekrfb.exe runs 3 at a time in the process tray, so
each file restarts itself. These files also keep me from being able to use
most of the explorer options, I'm unable to run any anti-spyware/virus
programs, if I attempt to run (spybot, system restore, manager) the files
kill my explorer.exe process, and I am left looking at just my wall paper.
I'm unable to log into my main user account because spybot automatically
starts. These files start in safe mode also.

Is there a way I can get all the programs to shut down at the same time? Is
there a way that I can get them to not start up? I'm lost here, and really
frusterated, please help. Thank You

On Thu, 24 Aug 2006 18:14:01 -0700, Jeffrey B <Jeffrey
> wrote:

>I recently recieved spyware files that imbedded themselves in my system32
>folder. The file names are ekrfb.exe and nbabbp.exe. I am unable to stop
>process on these files, ekrfb.exe runs 3 at a time in the process tray, so
>each file restarts itself. These files also keep me from being able to use
>most of the explorer options, I'm unable to run any anti-spyware/virus
>programs, if I attempt to run (spybot, system restore, manager) the files
>kill my explorer.exe process, and I am left looking at just my wall paper.
>I'm unable to log into my main user account because spybot automatically
>starts. These files start in safe mode also.
>
>Is there a way I can get all the programs to shut down at the same time? Is
>there a way that I can get them to not start up? I'm lost here, and really
>frusterated, please help. Thank You


When the computer first boots up, tap F8 a few times and start up in
safe mode.

Move or rename the files <ekrfb.exe to ekrfb.old> and reboot.

"Curtis Newton" wrote:

> On Thu, 24 Aug 2006 18:14:01 -0700, Jeffrey B <Jeffrey
> > wrote:
>
> >I recently recieved spyware files that imbedded themselves in my system32
> >folder. The file names are ekrfb.exe and nbabbp.exe. I am unable to stop
> >process on these files, ekrfb.exe runs 3 at a time in the process tray, so
> >each file restarts itself. These files also keep me from being able to use
> >most of the explorer options, I'm unable to run any anti-spyware/virus
> >programs, if I attempt to run (spybot, system restore, manager) the files
> >kill my explorer.exe process, and I am left looking at just my wall paper.
> >I'm unable to log into my main user account because spybot automatically
> >starts. These files start in safe mode also.
> >
> >Is there a way I can get all the programs to shut down at the same time? Is
> >there a way that I can get them to not start up? I'm lost here, and really
> >frusterated, please help. Thank You
>
>
> When the computer first boots up, tap F8 a few times and start up in
> safe mode.
>
> Move or rename the files <ekrfb.exe to ekrfb.old> and reboot.
>
>

It remakes itself. I know have in the folder an ekrfb.exe and an ekrfb.old,
same happened with the other file.

On Thu, 24 Aug 2006 19:39:01 -0700, Jeffrey B
> wrote:

>
>
>"Curtis Newton" wrote:

>>
>>
>> When the computer first boots up, tap F8 a few times and start up in
>> safe mode.
>>
>> Move or rename the files <ekrfb.exe to ekrfb.old> and reboot.
>>
>>
>
>It remakes itself. I know have in the folder an ekrfb.exe and an ekrfb.old,
>same happened with the other file.


I would download and run hijackthis (google for it) and then post your
log. It will provide a display of running process and provide an easy
way to stop them.

"Curtis Newton" wrote:

> On Thu, 24 Aug 2006 19:39:01 -0700, Jeffrey B
> > wrote:
>
> >
> >
> >"Curtis Newton" wrote:
>
> >>
> >>
> >> When the computer first boots up, tap F8 a few times and start up in
> >> safe mode.
> >>
> >> Move or rename the files <ekrfb.exe to ekrfb.old> and reboot.
> >>
> >>
> >
> >It remakes itself. I know have in the folder an ekrfb.exe and an ekrfb.old,
> >same happened with the other file.
>
>
> I would download and run hijackthis (google for it) and then post your
> log. It will provide a display of running process and provide an easy
> way to stop them.
>
>

Downloaded it,,,, as all the programs before it causes my explorer process
to end, and doesn't allow me to use the hijackthis program.

On Thu, 24 Aug 2006 20:55:01 -0700, Jeffrey B
> wrote:

>
>
>"Curtis Newton" wrote:
>
>> On Thu, 24 Aug 2006 19:39:01 -0700, Jeffrey B
>> > wrote:
>>
>> >
>> >
>> >"Curtis Newton" wrote:
>>
>> >>
>> >>
>> >> When the computer first boots up, tap F8 a few times and start up in
>> >> safe mode.
>> >>
>> >> Move or rename the files <ekrfb.exe to ekrfb.old> and reboot.
>> >>
>> >>
>> >
>> >It remakes itself. I know have in the folder an ekrfb.exe and an ekrfb.old,
>> >same happened with the other file.
>>
>>
>> I would download and run hijackthis (google for it) and then post your
>> log. It will provide a display of running process and provide an easy
>> way to stop them.
>>
>>
>
>Downloaded it,,,, as all the programs before it causes my explorer process
>to end, and doesn't allow me to use the hijackthis program.


Weird.

Can you get to start ; run in Windows?

If so, I would next run 'msconfig' from the start - run line.

Click on startup tab and unselect the two or three files you are
referenced that are causing the problem and restart.

Still seeing the issue??

"Curtis Newton" wrote:

> On Thu, 24 Aug 2006 20:55:01 -0700, Jeffrey B
> > wrote:
>
> >
> >
> >"Curtis Newton" wrote:
> >
> >> On Thu, 24 Aug 2006 19:39:01 -0700, Jeffrey B
> >> > wrote:
> >>
> >> >
> >> >
> >> >"Curtis Newton" wrote:
> >>
> >> >>
> >> >>
> >> >> When the computer first boots up, tap F8 a few times and start up in
> >> >> safe mode.
> >> >>
> >> >> Move or rename the files <ekrfb.exe to ekrfb.old> and reboot.
> >> >>
> >> >>
> >> >
> >> >It remakes itself. I know have in the folder an ekrfb.exe and an ekrfb.old,
> >> >same happened with the other file.
> >>
> >>
> >> I would download and run hijackthis (google for it) and then post your
> >> log. It will provide a display of running process and provide an easy
> >> way to stop them.
> >>
> >>
> >
> >Downloaded it,,,, as all the programs before it causes my explorer process
> >to end, and doesn't allow me to use the hijackthis program.
>
>
> Weird.
>
> Can you get to start ; run in Windows?
>
> If so, I would next run 'msconfig' from the start - run line.
>
> Click on startup tab and unselect the two or three files you are
> referenced that are causing the problem and restart.
>
> Still seeing the issue??
>
>

Dang programs won't even let me run 'msconfig', from the run line, nor the
icon.

On Thu, 24 Aug 2006 22:19:01 -0700, Jeffrey B
> wrote:

>
>
>"Curtis Newton" wrote:
>
>> On Thu, 24 Aug 2006 20:55:01 -0700, Jeffrey B
>> > wrote:
>>
>> >
>> >
>> >"Curtis Newton" wrote:
>> >
>> >> On Thu, 24 Aug 2006 19:39:01 -0700, Jeffrey B
>> >> > wrote:
>> >>
>> >> >
>> >> >
>> >> >"Curtis Newton" wrote:
>> >>
>> >> >>
>> >> >>
>> >> >> When the computer first boots up, tap F8 a few times and start up in
>> >> >> safe mode.
>> >> >>
>> >> >> Move or rename the files <ekrfb.exe to ekrfb.old> and reboot.
>> >> >>
>> >> >>
>> >> >
>> >> >It remakes itself. I know have in the folder an ekrfb.exe and an ekrfb.old,
>> >> >same happened with the other file.
>> >>
>> >>
>> >> I would download and run hijackthis (google for it) and then post your
>> >> log. It will provide a display of running process and provide an easy
>> >> way to stop them.
>> >>
>> >>
>> >
>> >Downloaded it,,,, as all the programs before it causes my explorer process
>> >to end, and doesn't allow me to use the hijackthis program.
>>
>>
>> Weird.
>>
>> Can you get to start ; run in Windows?
>>
>> If so, I would next run 'msconfig' from the start - run line.
>>
>> Click on startup tab and unselect the two or three files you are
>> referenced that are causing the problem and restart.
>>
>> Still seeing the issue??
>>
>>
>
>Dang programs won't even let me run 'msconfig', from the run line, nor the
>icon.

May be time for someone else to chime in (obviously, I am no help)
..... but, the next thing I would try is to get to a computer that
works and grab F-Prot for DOS (free), make a CD boot disk of the DOS
antivirus and boot off of it and run it in DOS mode (see URL for the
free version). Any luck?

http://www.f-prot.com/download/home_user/

Thanks man, that worked to find a few other programs, but didn't fix the
problem. So as a last ditch effort, I moved all programs that were created or
modified in my windows, system32 and c: drive. I did a power pull, and went
back into safe mode, and was able to use system restore after that.

Thanks a ton for your ideas and time.