?
Solved

Z@!1.tmp trojan--anyone have success removing this?

Posted on 2008-10-20
5
Medium Priority
?
1,050 Views
Last Modified: 2009-03-03
I keep running into this file when I run security task manager.  Many of the virus scanners have not picked this up and there is only a 1 paragraph blurb on the internet about it which really says nothing.
0
Comment
Question by:OLMECIAN
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
5 Comments
 
LVL 23

Expert Comment

by:Mohamed Osama
ID: 22771687
Try  Malwarebytes Antimalware http://www.malwarebytes.org/mbam.php

download, install, update & run a full scan


if the infection persists, please download Hijack this , install , perform a scan and post the hijack this log here

http://www.trendsecure.com/portal/en-US/threat_analytics/hijackthis.php


if you  have he physical file, you can check it at http://www.virustotal.com/
to identify what different AV engines detect it as.

hope this helps
0
 

Expert Comment

by:cberinger
ID: 23184480
I had the same problem.  I booted into safe mode and began to kill Processes until I was able to delete the Z@1.tmp.  The Process that seemed to be keeping it alive was an svchost.exe running under the System and using about 16,xxx of Mem.  This is really vague I know and you have to be careful killing Processes, but this is how I was able to remove it.  Hope this helps
0
 
LVL 2

Expert Comment

by:stefmahoney
ID: 23339307
I'm working on a system with this now.  Process Explorer shows it not only involved with 2 instances of svchost but also 16 other processes.  Including iexplore.exe, explorer.exe and Mctray.exe.  It's into a lot of stuff.

I'm still trying to figure out what it does.
0
 

Accepted Solution

by:
OLMECIAN earned 0 total points
ID: 23339462
My bad.... its actually a process for Bomgar which is a remote connection tool such as LogMeIn.  If you have it on your pc it was probably installed by the IT department.  If you run the new version of Security Task Manager it will show you the updated info.
0
 

Expert Comment

by:wizzardz
ID: 23745539
This file is part of the Bomgar Remote Support solution. this file should be signed by Bomgar in newer versions of the software (check file properties)
0

Featured Post

New feature and membership benefit!

New feature! Upgrade and increase expert visibility of your issues with Priority Questions.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Today, still in the boom of Apple, PC's and products, nearly 50% of the computer users use Windows as graphical operating systems. If you are among those users who love windows, but are grappling to keep the system's hard drive optimized, then you s…
This story has been written with permission from the scammed victim, a valued client of mine – identity protected by request.
Michael from AdRem Software outlines event notifications and Automatic Corrective Actions in network monitoring. Automatic Corrective Actions are scripts, which can automatically run upon discovery of a certain undesirable condition in your network.…
In this video, Percona Director of Solution Engineering Jon Tobin discusses the function and features of Percona Server for MongoDB. How Percona can help Percona can help you determine if Percona Server for MongoDB is the right solution for …
Suggested Courses

777 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question