Solved

How to remove virus associated with Apache.exe, opmn.exe, rotatelogs.exe

Posted on 2004-10-13
10
2,709 Views
Last Modified: 2010-10-05
I have a virus on my computer, and I can see the following process running in the Windows Task Manager:
Apache.exe
opmn.exe
rotatelogs.exe

I can't find these executables on my computer, or any file that has any of these names included.

I've tried running Norton Antivirus, and it doesn't seem to locate them.
I also tried running Spybot Search & Destroy.  Although it keeps finding new ones, it doesn't seem to find the source that creating the new viruses.


Does any one know how to remove these viruses?
How do these virus rename themselfs on the Windows Task Manager?
0
Comment
Question by:Axter
  • 4
  • 4
  • 2
10 Comments
 
LVL 65

Expert Comment

by:SheharyaarSaahil
ID: 12296888
Hello Axter =)

Who has told u that these are viruses ??
which antivirus software is picking them up.... coz i dont think so that these are viruses :-/
look at here, Apache.exe >> http://www.reger24.de/prozesse/Apache.exe.php

and if will look for the rest two processes on Google, u will find them related to Apache server thingies !!
So... are u sure u have not this server or any of its application is installed on ur system ??
0
 
LVL 30

Author Comment

by:Axter
ID: 12296940
>>Who has told u that these are viruses ??
They have the tail tail sign of viruses.

1. There are two sets of them.
2. When I kill them, they quickly popup again in pairs
3. There are no associated executables with those names


>>which antivirus software is picking them up.... coz i dont think so that these are viruses :-/
I'm positive they're viruses.  I'm not running this server on my computer, and there is no apache.exe file on my computer.
0
 
LVL 65

Expert Comment

by:SheharyaarSaahil
ID: 12297011
No Axter..... i cannot recognise any such virus and neither i can find any information of such virus which has all these processes !! =\

why dont u try this, goto Start>Run>msconfig>Startup and click on Disable All
then in Services section, click Hide Microsoft Services, now u will get all third party services
untick all of them, and now restart ur system
check now if same processes are running or not ??
0
 
LVL 6

Accepted Solution

by:
acmp earned 500 total points
ID: 12298588
Hi,

You can use prcview (http://www.prcview.com) to get the path to the exe file. Hopefully the location of hte file will let you tell what it is.

>now u will get all third party services untick all of them, and now restart ur system
I wouldn't do this unless you are sure you don't need them.
I would suggest that you look up each service and check to make sure what it is. If It's valid then don't stop/remove it.

Post back

acmp<><
0
 
LVL 6

Expert Comment

by:acmp
ID: 12298616
BTW,

The file names are all valid _if_ you are running an apache web server. This can be bundled with some other software.

I guess this is why people don't think you have a virus. And If I'm honest, I agree with them. But then again, this wouldn't be the first time I ws wrong. ;-)

acmp<><
0
Why You Should Analyze Threat Actor TTPs

After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

 
LVL 30

Author Comment

by:Axter
ID: 12299867
>>The file names are all valid _if_ you are running an apache web server. This can be bundled with some other software.

I'm not running appache web server.
Furthermore, even if I had some third party program that was calling these files, wouldn't the name of the executable listed in Windows Task Manager, match the name of the actual executable.

I see no ligitimate reason for having a process named Apache.exe, and when there is no such executable on my computer.

I did a search for this executable on my entire computer, and it was not found.
I also don't see why this executable would pop back up so quickly after I kill the process.
0
 
LVL 30

Author Comment

by:Axter
ID: 12299908
acmp,
That's a great utility.

Thanks a bunch!
0
 
LVL 6

Expert Comment

by:acmp
ID: 12306393
Glad you like it.

If you get chance I'd like to know what was creating the exe's/the path to them.  This is so I can help others if they have a similar problem.

TIA

acmp<><
0
 
LVL 30

Author Comment

by:Axter
ID: 12317749
>>If you get chance I'd like to know what was creating the exe's/the path to them.  This is so I can help others if they have a similar
>>problem.

The virus was hiding in a network drive I had mapped out, which I forgot to search on.
That utility showed me the exact location of the executable.
0
 
LVL 6

Expert Comment

by:acmp
ID: 12398582
Thanks (sorry for the late reply, I've been on holiday :-)

acmp<><
0

Featured Post

How to improve team productivity

Quip adds documents, spreadsheets, and tasklists to your Slack experience
- Elevate ideas to Quip docs
- Share Quip docs in Slack
- Get notified of changes to your docs
- Available on iOS/Android/Desktop/Web
- Online/Offline

Join & Write a Comment

As more computers now shipped with 64-bit version of Windows, more users are now using this Operating System.  So it's important to be aware how some 32-bit diagnostic tool works on these systems, so we know what to expect when analyzing the logs an…
UPDATE - 6/15/2011 Added support for Release Update 6 Maintenance Patch 2 Point Patch 1 (RU6 MP2 PP1). Fixed a defect in the username field that was hard-coded to look for a specific domain (left over code from testing). This release will be the …
In this seventh video of the Xpdf series, we discuss and demonstrate the PDFfonts utility, which lists all the fonts used in a PDF file. It does this via a command line interface, making it suitable for use in programs, scripts, batch files — any pl…
Polish reports in Access so they look terrific. Take yourself to another level. Equations, Back Color, Alternate Back Color. Write easy VBA Code. Tighten space to use less pages. Launch report from a menu, considering criteria only when it is filled…

708 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now