Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie
Hi there,
There is an issue with role permissions that is being worked on at the moment.
If you are having trouble with access or permissions on regional forums please post here to get access: https://www.boards.ie/discussion/2058365403/you-do-not-have-permission-for-that#latest

How to remove MailSkinner.rtk?

  • 27-09-2007 3:39pm
    #1
    Black Swan
    Moderators, Category Moderators, Science, Health & Environment Moderators, Society & Culture Moderators Posts: 47,812 CMod ✭✭✭✭


    What is MailSkinner.rtk?

    Spybot S&D identified MailSkinner.rtk on my machine. When asked to fix this problem, it went through its process and green checked the problem as solved. After rebooting my machine and rerunning Spybot S&D, MailSkinner.rtk reappeared. It was not removed as claimed by Spybot S&D! I assume that MailSkinner is a rootkit? Does anyone have a safe and user-friendly solution to solve this problem?

    Also, if MailSkinner.rtk is a rootkit, I would assume that my passwords have been compromised and should be changed after this problem has been resolved? What else has been compromised? Email? I loaned my laptop to someone and need to also tell them if their information has been compromised, too.


Comments

  • #2
    ActorSeeksJob
    Closed Accounts Posts: 1,970 ✭✭✭ActorSeeksJob


    Your passwords should be fine
    http://www.bleepingcomputer.com/startups/mailskinner.exe-13171.html

    Should post a HijackThis log


  • #3
    Black Swan
    Moderators, Category Moderators, Science, Health & Environment Moderators, Society & Culture Moderators Posts: 47,812 CMod ✭✭✭✭Black Swan


    ActorSeeksJob: Thanks for the suggestion! Went to the link and tried a couple of their solutions without success. Will probably have to resort to HijackThis per your recommendation.

    A pesky infection, indeed! Defies most AV scanners. Only Skybot S&D detects it clearly (but cannot quaranteen or delete it), although Kaspersky has a popup that says it's password protected. Is hidden in the registry. Also seems to have infected the recovery. Sometimes freezes screen at boot-up before logon (other times not).

    Blacklight does not detect it, and it somehow blocks the free version of AVG Anti-Rootkit from running. Will try the registry scanner built into Vista Ultimate next to see if it's identified on startup. See if it can be turned off or otherwise deleted. If this doesn't work, then will try booting in safe mode and see if it can be deleted by Skybot before it runs.

    More than likely will have to resort to HijackThis! Will try HijackThis Security for automated analysis first. If this doesn't work, then post the logs and look for help from Help2Go Detective and maybe here.

    ActorSeeksJob: I read the detail on the link you supplied, which led me to find out how my rig got infected. Foolishly allowed my flatmate's b/f to use my laptop one night (unsupervised), and after being accosted by me, now admits to have surfed and opened a few of those naughty sites. Boys!!! If all else fails, told him he was going to have to pay for outside help. He's already gotten an earfull of sh*t from his g/f (my flatmate) and me!:rolleyes:


  • #4
    ActorSeeksJob
    Closed Accounts Posts: 1,970 ✭✭✭ActorSeeksJob


    I don't think it's anything too serious. I would recommend running AVG anti-spyware in safe mode as it is the best. I'd also be careful with automated analysis for HijackThis, they aren't very good.

    If you wish to post your HJT log I will take a look before I head out tonight


  • #5
    Black Swan
    Moderators, Category Moderators, Science, Health & Environment Moderators, Society & Culture Moderators Posts: 47,812 CMod ✭✭✭✭Black Swan


    Hi ActorSeeksJob! You've been grand! It's only half past 8AM eight time zones west of ye. I'm sipping java at a free hotspot trying to wakeup after a late night. Hope to get to this fix before the day is out. If so, I'll post the log. I'm a drama student at USC, who wants to learn more about computing and has started taking a few classes as electives. If it continues to be fun, may minor in animation (one of my free electives is 2D animation using CS3) at the George Lucas School of USC.
    Go raibh maith agat! Sonas ort, B!ue.


  • #6
    jabrwky
    Closed Accounts Posts: 1 jabrwky


    I, too, have had this detection. Kaspersky forum has an explanation:
    http://forum.kaspersky.com/index.php?showtopic=49084
    which satisfied me.
    I also highly recommend running RemoveIT Pro v4:
    http://www.soft32.com/download_190456.html from InCode Solutions, a Croatian company. Best regards.
    --jabrwky


  • Advertisement
  • #7
    Black Swan
    Moderators, Category Moderators, Science, Health & Environment Moderators, Society & Culture Moderators Posts: 47,812 CMod ✭✭✭✭Black Swan


    Just updated Spybot S&D and now MailSkinner.rtk fails to show when scanning my system. Was it a false positive like one link suggested and is now corrected, or has this malware somehow found a way to avoid detection?


  • #8
    Black Swan
    Moderators, Category Moderators, Science, Health & Environment Moderators, Society & Culture Moderators Posts: 47,812 CMod ✭✭✭✭Black Swan


    Thanks for linking me to the Kaspersky forum. The solution for removing MailSkinner.rtk is revealed there. If you are running Vista (and in the administrator account) and have Spybot S&D installed do the following:
    1. double right click on the Spybot icon
    2. left click "Run as administrator"
    3. left click "Continue" when the permission window appears
    4. left click "Recovery"
    5. left click "MailSkinner.rtk" box
    6. left click "Purge"
    7. close Spybot
    8. Restart


Advertisement