Solved

Z@!1.tmp trojan--anyone have success removing this?

Posted on 2008-10-20
5
1,043 Views
Last Modified: 2009-03-03
I keep running into this file when I run security task manager.  Many of the virus scanners have not picked this up and there is only a 1 paragraph blurb on the internet about it which really says nothing.
0
Comment
Question by:OLMECIAN
5 Comments
 
LVL 23

Expert Comment

by:Admin3k
ID: 22771687
Try  Malwarebytes Antimalware http://www.malwarebytes.org/mbam.php

download, install, update & run a full scan


if the infection persists, please download Hijack this , install , perform a scan and post the hijack this log here

http://www.trendsecure.com/portal/en-US/threat_analytics/hijackthis.php


if you  have he physical file, you can check it at http://www.virustotal.com/
to identify what different AV engines detect it as.

hope this helps
0
 

Expert Comment

by:cberinger
ID: 23184480
I had the same problem.  I booted into safe mode and began to kill Processes until I was able to delete the Z@1.tmp.  The Process that seemed to be keeping it alive was an svchost.exe running under the System and using about 16,xxx of Mem.  This is really vague I know and you have to be careful killing Processes, but this is how I was able to remove it.  Hope this helps
0
 
LVL 2

Expert Comment

by:stefmahoney
ID: 23339307
I'm working on a system with this now.  Process Explorer shows it not only involved with 2 instances of svchost but also 16 other processes.  Including iexplore.exe, explorer.exe and Mctray.exe.  It's into a lot of stuff.

I'm still trying to figure out what it does.
0
 

Accepted Solution

by:
OLMECIAN earned 0 total points
ID: 23339462
My bad.... its actually a process for Bomgar which is a remote connection tool such as LogMeIn.  If you have it on your pc it was probably installed by the IT department.  If you run the new version of Security Task Manager it will show you the updated info.
0
 

Expert Comment

by:wizzardz
ID: 23745539
This file is part of the Bomgar Remote Support solution. this file should be signed by Bomgar in newer versions of the software (check file properties)
0

Featured Post

What Should I Do With This Threat Intelligence?

Are you wondering if you actually need threat intelligence? The answer is yes. We explain the basics for creating useful threat intelligence.

Join & Write a Comment

The month of August was another action packed month for hackers and a security nightmare for many retailers and restaurant establishments. Some of the more notable data breach victims this past month included supermarket giants SUPERVALU and Alberts…
Read about achieving the basic levels of HRIS security in the workplace.
This video discusses moving either the default database or any database to a new volume.
This video explains how to create simple products associated to Magento configurable product and offers fast way of their generation with Store Manager for Magento tool.

760 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

22 Experts available now in Live!

Get 1:1 Help Now