Solved

How to remove virus associated with Apache.exe, opmn.exe, rotatelogs.exe

Posted on 2004-10-13
10
2,725 Views
Last Modified: 2010-10-05
I have a virus on my computer, and I can see the following process running in the Windows Task Manager:
Apache.exe
opmn.exe
rotatelogs.exe

I can't find these executables on my computer, or any file that has any of these names included.

I've tried running Norton Antivirus, and it doesn't seem to locate them.
I also tried running Spybot Search & Destroy.  Although it keeps finding new ones, it doesn't seem to find the source that creating the new viruses.


Does any one know how to remove these viruses?
How do these virus rename themselfs on the Windows Task Manager?
0
Comment
Question by:Axter
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 4
  • 2
10 Comments
 
LVL 65

Expert Comment

by:SheharyaarSaahil
ID: 12296888
Hello Axter =)

Who has told u that these are viruses ??
which antivirus software is picking them up.... coz i dont think so that these are viruses :-/
look at here, Apache.exe >> http://www.reger24.de/prozesse/Apache.exe.php

and if will look for the rest two processes on Google, u will find them related to Apache server thingies !!
So... are u sure u have not this server or any of its application is installed on ur system ??
0
 
LVL 30

Author Comment

by:Axter
ID: 12296940
>>Who has told u that these are viruses ??
They have the tail tail sign of viruses.

1. There are two sets of them.
2. When I kill them, they quickly popup again in pairs
3. There are no associated executables with those names


>>which antivirus software is picking them up.... coz i dont think so that these are viruses :-/
I'm positive they're viruses.  I'm not running this server on my computer, and there is no apache.exe file on my computer.
0
 
LVL 65

Expert Comment

by:SheharyaarSaahil
ID: 12297011
No Axter..... i cannot recognise any such virus and neither i can find any information of such virus which has all these processes !! =\

why dont u try this, goto Start>Run>msconfig>Startup and click on Disable All
then in Services section, click Hide Microsoft Services, now u will get all third party services
untick all of them, and now restart ur system
check now if same processes are running or not ??
0
When ransomware hits your clients, what do you do?

MSPs: Endpoint security isn’t enough to prevent ransomware.
As the impact and severity of crypto ransomware attacks has grown, Webroot fought back, not just by building a next-gen endpoint solution capable of preventing ransomware attacks but also by being a thought leader.

 
LVL 6

Accepted Solution

by:
acmp earned 500 total points
ID: 12298588
Hi,

You can use prcview (http://www.prcview.com) to get the path to the exe file. Hopefully the location of hte file will let you tell what it is.

>now u will get all third party services untick all of them, and now restart ur system
I wouldn't do this unless you are sure you don't need them.
I would suggest that you look up each service and check to make sure what it is. If It's valid then don't stop/remove it.

Post back

acmp<><
0
 
LVL 6

Expert Comment

by:acmp
ID: 12298616
BTW,

The file names are all valid _if_ you are running an apache web server. This can be bundled with some other software.

I guess this is why people don't think you have a virus. And If I'm honest, I agree with them. But then again, this wouldn't be the first time I ws wrong. ;-)

acmp<><
0
 
LVL 30

Author Comment

by:Axter
ID: 12299867
>>The file names are all valid _if_ you are running an apache web server. This can be bundled with some other software.

I'm not running appache web server.
Furthermore, even if I had some third party program that was calling these files, wouldn't the name of the executable listed in Windows Task Manager, match the name of the actual executable.

I see no ligitimate reason for having a process named Apache.exe, and when there is no such executable on my computer.

I did a search for this executable on my entire computer, and it was not found.
I also don't see why this executable would pop back up so quickly after I kill the process.
0
 
LVL 30

Author Comment

by:Axter
ID: 12299908
acmp,
That's a great utility.

Thanks a bunch!
0
 
LVL 6

Expert Comment

by:acmp
ID: 12306393
Glad you like it.

If you get chance I'd like to know what was creating the exe's/the path to them.  This is so I can help others if they have a similar problem.

TIA

acmp<><
0
 
LVL 30

Author Comment

by:Axter
ID: 12317749
>>If you get chance I'd like to know what was creating the exe's/the path to them.  This is so I can help others if they have a similar
>>problem.

The virus was hiding in a network drive I had mapped out, which I forgot to search on.
That utility showed me the exact location of the executable.
0
 
LVL 6

Expert Comment

by:acmp
ID: 12398582
Thanks (sorry for the late reply, I've been on holiday :-)

acmp<><
0

Featured Post

MS Dynamics Made Instantly Simpler

Make Your Microsoft Dynamics Investment Count  & Drastically Decrease Training Time by Providing Intuitive Step-By-Step WalkThru Tutorials.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

PREFACE The purpose of this guide is to provide information to successfully add specific IIS 7.0 role services for the Symantec Endpoint Protection Manager (SEPM) to function properly when installed on Windows 2008. AUDIENCE Information Technol…
This article investigates the question of whether a computer can really be cleaned once it has been infected, and what the best ways of cleaning a computer might be (in this author's opinion).
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

636 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question