Solved

How to remove virus associated with Apache.exe, opmn.exe, rotatelogs.exe

Posted on 2004-10-13
10
2,713 Views
Last Modified: 2010-10-05
I have a virus on my computer, and I can see the following process running in the Windows Task Manager:
Apache.exe
opmn.exe
rotatelogs.exe

I can't find these executables on my computer, or any file that has any of these names included.

I've tried running Norton Antivirus, and it doesn't seem to locate them.
I also tried running Spybot Search & Destroy.  Although it keeps finding new ones, it doesn't seem to find the source that creating the new viruses.


Does any one know how to remove these viruses?
How do these virus rename themselfs on the Windows Task Manager?
0
Comment
Question by:Axter
  • 4
  • 4
  • 2
10 Comments
 
LVL 65

Expert Comment

by:SheharyaarSaahil
ID: 12296888
Hello Axter =)

Who has told u that these are viruses ??
which antivirus software is picking them up.... coz i dont think so that these are viruses :-/
look at here, Apache.exe >> http://www.reger24.de/prozesse/Apache.exe.php

and if will look for the rest two processes on Google, u will find them related to Apache server thingies !!
So... are u sure u have not this server or any of its application is installed on ur system ??
0
 
LVL 30

Author Comment

by:Axter
ID: 12296940
>>Who has told u that these are viruses ??
They have the tail tail sign of viruses.

1. There are two sets of them.
2. When I kill them, they quickly popup again in pairs
3. There are no associated executables with those names


>>which antivirus software is picking them up.... coz i dont think so that these are viruses :-/
I'm positive they're viruses.  I'm not running this server on my computer, and there is no apache.exe file on my computer.
0
 
LVL 65

Expert Comment

by:SheharyaarSaahil
ID: 12297011
No Axter..... i cannot recognise any such virus and neither i can find any information of such virus which has all these processes !! =\

why dont u try this, goto Start>Run>msconfig>Startup and click on Disable All
then in Services section, click Hide Microsoft Services, now u will get all third party services
untick all of them, and now restart ur system
check now if same processes are running or not ??
0
 
LVL 6

Accepted Solution

by:
acmp earned 500 total points
ID: 12298588
Hi,

You can use prcview (http://www.prcview.com) to get the path to the exe file. Hopefully the location of hte file will let you tell what it is.

>now u will get all third party services untick all of them, and now restart ur system
I wouldn't do this unless you are sure you don't need them.
I would suggest that you look up each service and check to make sure what it is. If It's valid then don't stop/remove it.

Post back

acmp<><
0
 
LVL 6

Expert Comment

by:acmp
ID: 12298616
BTW,

The file names are all valid _if_ you are running an apache web server. This can be bundled with some other software.

I guess this is why people don't think you have a virus. And If I'm honest, I agree with them. But then again, this wouldn't be the first time I ws wrong. ;-)

acmp<><
0
Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

 
LVL 30

Author Comment

by:Axter
ID: 12299867
>>The file names are all valid _if_ you are running an apache web server. This can be bundled with some other software.

I'm not running appache web server.
Furthermore, even if I had some third party program that was calling these files, wouldn't the name of the executable listed in Windows Task Manager, match the name of the actual executable.

I see no ligitimate reason for having a process named Apache.exe, and when there is no such executable on my computer.

I did a search for this executable on my entire computer, and it was not found.
I also don't see why this executable would pop back up so quickly after I kill the process.
0
 
LVL 30

Author Comment

by:Axter
ID: 12299908
acmp,
That's a great utility.

Thanks a bunch!
0
 
LVL 6

Expert Comment

by:acmp
ID: 12306393
Glad you like it.

If you get chance I'd like to know what was creating the exe's/the path to them.  This is so I can help others if they have a similar problem.

TIA

acmp<><
0
 
LVL 30

Author Comment

by:Axter
ID: 12317749
>>If you get chance I'd like to know what was creating the exe's/the path to them.  This is so I can help others if they have a similar
>>problem.

The virus was hiding in a network drive I had mapped out, which I forgot to search on.
That utility showed me the exact location of the executable.
0
 
LVL 6

Expert Comment

by:acmp
ID: 12398582
Thanks (sorry for the late reply, I've been on holiday :-)

acmp<><
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Anti exploit excel 3 130
Trend Micro says it has blocked 9 encryption attempts 6 340
removing adware/spyware from profile on windows server 2008 11 108
Norton Blue Screen 11 83
As more computers now shipped with 64-bit version of Windows, more users are now using this Operating System.  So it's important to be aware how some 32-bit diagnostic tool works on these systems, so we know what to expect when analyzing the logs an…
I recently had to create a utility which aim is to update McAfee's Virusscan and that had to be launched from a command line. I thought I’d share my experience with you. Why is it useful to be able to update an Antivirus from the command line?…
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.
This video explains how to create simple products associated to Magento configurable product and offers fast way of their generation with Store Manager for Magento tool.

943 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

1 Experts available now in Live!

Get 1:1 Help Now