Solved

Z@!1.tmp trojan--anyone have success removing this?

Posted on 2008-10-20
5
1,044 Views
Last Modified: 2009-03-03
I keep running into this file when I run security task manager.  Many of the virus scanners have not picked this up and there is only a 1 paragraph blurb on the internet about it which really says nothing.
0
Comment
Question by:OLMECIAN
5 Comments
 
LVL 23

Expert Comment

by:Admin3k
ID: 22771687
Try  Malwarebytes Antimalware http://www.malwarebytes.org/mbam.php

download, install, update & run a full scan


if the infection persists, please download Hijack this , install , perform a scan and post the hijack this log here

http://www.trendsecure.com/portal/en-US/threat_analytics/hijackthis.php


if you  have he physical file, you can check it at http://www.virustotal.com/
to identify what different AV engines detect it as.

hope this helps
0
 

Expert Comment

by:cberinger
ID: 23184480
I had the same problem.  I booted into safe mode and began to kill Processes until I was able to delete the Z@1.tmp.  The Process that seemed to be keeping it alive was an svchost.exe running under the System and using about 16,xxx of Mem.  This is really vague I know and you have to be careful killing Processes, but this is how I was able to remove it.  Hope this helps
0
 
LVL 2

Expert Comment

by:stefmahoney
ID: 23339307
I'm working on a system with this now.  Process Explorer shows it not only involved with 2 instances of svchost but also 16 other processes.  Including iexplore.exe, explorer.exe and Mctray.exe.  It's into a lot of stuff.

I'm still trying to figure out what it does.
0
 

Accepted Solution

by:
OLMECIAN earned 0 total points
ID: 23339462
My bad.... its actually a process for Bomgar which is a remote connection tool such as LogMeIn.  If you have it on your pc it was probably installed by the IT department.  If you run the new version of Security Task Manager it will show you the updated info.
0
 

Expert Comment

by:wizzardz
ID: 23745539
This file is part of the Bomgar Remote Support solution. this file should be signed by Bomgar in newer versions of the software (check file properties)
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Transferring data across the virtual world became simpler but protecting it is becoming a real security challenge.  How to approach cyber security  in today's business world!
Today, still in the boom of Apple, PC's and products, nearly 50% of the computer users use Windows as graphical operating systems. If you are among those users who love windows, but are grappling to keep the system's hard drive optimized, then you s…
Hi friends,  in this video  I'll show you how new windows 10 user can learn the using of windows 10. Thank you.
Learn how to create flexible layouts using relative units in CSS.  New relative units added in CSS3 include vw(viewports width), vh(viewports height), vmin(minimum of viewports height and width), and vmax (maximum of viewports height and width).

910 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

26 Experts available now in Live!

Get 1:1 Help Now