Bay 12 Games Forum

Please login or register.

Login with username, password and session length
Advanced search  

Author Topic: How to fix a possible virus "ralinkregistrywriter.exe"  (Read 8696 times)

Truean

  • Bay Watcher
  • Ok.... [sigh] It froze over....
    • View Profile
How to fix a possible virus "ralinkregistrywriter.exe"
« on: September 25, 2012, 10:58:42 am »
So I noticed my browser was being hijacked, went into task manager and ended the process tree of "ralinkregistrywriter.exe" and only that file. Problem solved.

I know enough to know the thing is probably still floating around somewhere. Who knows where. Unfortunately there are now fake (bad) links to Malwarebytes. Can somebody give me a clean link to it/any other suggestions for avoiding this crap in the future? It isn't like I go a lot of places besides here anyhow.
Logged
The kinda human wreckage that you love

Current Spare Time Fiction Project: (C) 2010 http://www.bay12forums.com/smf/index.php?topic=63660.0
Disclaimer: I never take cases online for ethical reasons. If you require an attorney; you need to find one licensed to practice in your jurisdiction. Never take anything online as legal advice, because each case is different and one size does not fit all. Wants nothing at all to do with law.

Please don't quote me.

Scelly9

  • Bay Watcher
  • That crazy long-haired queer liberal communist
    • View Profile
Re: How to fix a possible virus "ralinkregistrywriter.exe"
« Reply #1 on: September 25, 2012, 11:00:55 am »
http://www.techspot.com/downloads/4716-malwarebytes-anti-malware.html

Try that link, it's the official one from their website. Try not to download .exe files when they should be PDFs or something, and especially .rar or .zip files.
Logged
Quote from: blackmagechill on June 08, 2012, 05:08:32 pm
You taste the jug! It is ceramic.
Quote from: Loud Whispers
SUPPORT THE COMMUNIST GAY MOVEMENT!

Truean

  • Bay Watcher
  • Ok.... [sigh] It froze over....
    • View Profile
Re: How to fix a possible virus "ralinkregistrywriter.exe"
« Reply #2 on: September 25, 2012, 12:12:46 pm »
Thank you. Seems the file itself survived the scan and removal process. I can still just end the process tree in task manager though at least. Would be nice to find it but for some reason it doesn't show up in searches, go figure.
Logged
The kinda human wreckage that you love

Current Spare Time Fiction Project: (C) 2010 http://www.bay12forums.com/smf/index.php?topic=63660.0
Disclaimer: I never take cases online for ethical reasons. If you require an attorney; you need to find one licensed to practice in your jurisdiction. Never take anything online as legal advice, because each case is different and one size does not fit all. Wants nothing at all to do with law.

Please don't quote me.

Scelly9

  • Bay Watcher
  • That crazy long-haired queer liberal communist
    • View Profile
Re: How to fix a possible virus "ralinkregistrywriter.exe"
« Reply #3 on: September 25, 2012, 12:18:07 pm »
Can you right-click the process in task manager and choose open file location? I would suggest trying to exterminate it. As a lawyer, someone accessing your files could be bad.
Logged
Quote from: blackmagechill on June 08, 2012, 05:08:32 pm
You taste the jug! It is ceramic.
Quote from: Loud Whispers
SUPPORT THE COMMUNIST GAY MOVEMENT!

Truean

  • Bay Watcher
  • Ok.... [sigh] It froze over....
    • View Profile
Re: How to fix a possible virus "ralinkregistrywriter.exe"
« Reply #4 on: September 25, 2012, 12:23:04 pm »
Quote from: Scelly9 on September 25, 2012, 12:18:07 pm
Can you right-click the process in task manager and choose open file location? I would suggest trying to exterminate it. As a lawyer, someone accessing your files could be bad.

[nods] agreed. Will try.

Edit: Works, sends me to its location. Appears to be in my wireless adapter folder.... Odd.
« Last Edit: September 25, 2012, 12:26:56 pm by Truean »
Logged
The kinda human wreckage that you love

Current Spare Time Fiction Project: (C) 2010 http://www.bay12forums.com/smf/index.php?topic=63660.0
Disclaimer: I never take cases online for ethical reasons. If you require an attorney; you need to find one licensed to practice in your jurisdiction. Never take anything online as legal advice, because each case is different and one size does not fit all. Wants nothing at all to do with law.

Please don't quote me.

MetalSlimeHunt

  • Bay Watcher
  • Gerrymander Commander
    • View Profile
Re: How to fix a possible virus "ralinkregistrywriter.exe"
« Reply #5 on: September 25, 2012, 12:30:05 pm »
Once you've found its program files you should probably go and delete its registry files as well, otherwise it could re-install from them.
Logged
Quote from: Thomas Paine
To argue with a man who has renounced the use and authority of reason, and whose philosophy consists in holding humanity in contempt, is like administering medicine to the dead, or endeavoring to convert an atheist by scripture.
Quote
No Gods, No Masters.

Scelly9

  • Bay Watcher
  • That crazy long-haired queer liberal communist
    • View Profile
Re: How to fix a possible virus "ralinkregistrywriter.exe"
« Reply #6 on: September 25, 2012, 12:33:39 pm »
Quote from: Truean on September 25, 2012, 12:23:04 pm
Edit: Works, sends me to its location. Appears to be in my wireless adapter folder.... Odd.
Not that odd. People are much more likely to leave something alone if it's in a critical part of their computer's files.

Quote from: MetalSlimeHunt on September 25, 2012, 12:30:05 pm
Once you've found its program files you should probably go and delete its registry files as well, otherwise it could re-install from them.
Don't try this if you don't know what you are doing. You have a rather high chance of bricking your computer.
Logged
Quote from: blackmagechill on June 08, 2012, 05:08:32 pm
You taste the jug! It is ceramic.
Quote from: Loud Whispers
SUPPORT THE COMMUNIST GAY MOVEMENT!

MetalSlimeHunt

  • Bay Watcher
  • Gerrymander Commander
    • View Profile
Re: How to fix a possible virus "ralinkregistrywriter.exe"
« Reply #7 on: September 25, 2012, 12:36:30 pm »
Quote from: Scelly9 on September 25, 2012, 12:33:39 pm
Quote from: MetalSlimeHunt on September 25, 2012, 12:30:05 pm
Once you've found its program files you should probably go and delete its registry files as well, otherwise it could re-install from them.
Don't try this if you don't know what you are doing. You have a rather high chance of bricking your computer.
You don't have a high chance of doing that. The only way you could brick your computer like that is by deleting the entire registry.

Hell, I once had most of my registry files corrupted by a particularly nasty piece of malware and managed to fix it without much trouble. There are sites which offer legit registry repair programs.
Logged
Quote from: Thomas Paine
To argue with a man who has renounced the use and authority of reason, and whose philosophy consists in holding humanity in contempt, is like administering medicine to the dead, or endeavoring to convert an atheist by scripture.
Quote
No Gods, No Masters.

miauw62

  • Bay Watcher
  • Every time you get ahead / it's just another hit
    • View Profile
Re: How to fix a possible virus "ralinkregistrywriter.exe"
« Reply #8 on: September 25, 2012, 12:52:00 pm »
Like Combofix.

Not a fake, rogueamp used it in a few of his vids.
Logged

Quote from: NW_Kohaku
they wouldn't be able to tell the difference between the raving confessions of a mass murdering cannibal from a recipe to bake a pie.
Quote from: MonkeyHead on May 25, 2014, 05:36:03 am
Knowing Belgium, everyone will vote for themselves out of mistrust for anyone else, and some kind of weird direct democracy coalition will need to be formed from 11 million or so individuals.

Truean

  • Bay Watcher
  • Ok.... [sigh] It froze over....
    • View Profile
Re: How to fix a possible virus "ralinkregistrywriter.exe"
« Reply #9 on: September 25, 2012, 03:28:57 pm »
Quote from: Scelly9 on September 25, 2012, 12:33:39 pm
Quote from: Truean on September 25, 2012, 12:23:04 pm
Edit: Works, sends me to its location. Appears to be in my wireless adapter folder.... Odd.
Not that odd. People are much more likely to leave something alone if it's in a critical part of their computer's files.

Quote from: MetalSlimeHunt on September 25, 2012, 12:30:05 pm
Once you've found its program files you should probably go and delete its registry files as well, otherwise it could re-install from them.
Don't try this if you don't know what you are doing. You have a rather high chance of bricking your computer.

Yeah, that is honestly what I am afraid of. Thankfully, the program seems to be running in the background and no longer must I deal with the browser hijacks. I think Malwarebytes may have solved the problem..... Not sure. [thinks]
Logged
The kinda human wreckage that you love

Current Spare Time Fiction Project: (C) 2010 http://www.bay12forums.com/smf/index.php?topic=63660.0
Disclaimer: I never take cases online for ethical reasons. If you require an attorney; you need to find one licensed to practice in your jurisdiction. Never take anything online as legal advice, because each case is different and one size does not fit all. Wants nothing at all to do with law.

Please don't quote me.

Scelly9

  • Bay Watcher
  • That crazy long-haired queer liberal communist
    • View Profile
Re: How to fix a possible virus "ralinkregistrywriter.exe"
« Reply #10 on: September 25, 2012, 03:40:28 pm »
Programs that run in the background can easily hijack your entire computer. Use regedit to look around in your registry files and find anything with ralinkregistrywriter.exe in it.
Logged
Quote from: blackmagechill on June 08, 2012, 05:08:32 pm
You taste the jug! It is ceramic.
Quote from: Loud Whispers
SUPPORT THE COMMUNIST GAY MOVEMENT!

rutsber

  • Bay Watcher
    • View Profile
Re: How to fix a possible virus "ralinkregistrywriter.exe"
« Reply #11 on: September 25, 2012, 04:49:27 pm »
Make sure you back up the registry before you do any changes, just in case you accidentally delete something you didn't want to.
Logged
Quote from: johnny_cat on June 29, 2011, 07:06:23 pm
Gave me an idea. I'm gonna add the milkable tag to the male minotaur. MMMMmmm minotaur cheese.
Quote from: Number4 on June 30, 2011, 05:23:51 pm
A loud angry voice and instinct. "FUCK OFF URIST THIS TABLE IS MINE!"

miauw62

  • Bay Watcher
  • Every time you get ahead / it's just another hit
    • View Profile
Re: How to fix a possible virus "ralinkregistrywriter.exe"
« Reply #12 on: September 26, 2012, 10:53:02 am »
Did a quick google, apparantly ralink registry writer is a legitimate program, but some malware disguises itself as it.
Its probably in the wireless adapter folder because ralink has something to do with wireless routers.

I hate to nag, but try combofix.
(dont download it from combofix.org tough, download it from here)
more info about combofix.
« Last Edit: September 26, 2012, 11:05:00 am by miauw62 »
Logged

Quote from: NW_Kohaku
they wouldn't be able to tell the difference between the raving confessions of a mass murdering cannibal from a recipe to bake a pie.
Quote from: MonkeyHead on May 25, 2014, 05:36:03 am
Knowing Belgium, everyone will vote for themselves out of mistrust for anyone else, and some kind of weird direct democracy coalition will need to be formed from 11 million or so individuals.