asked on
virus at "system32:dumpk.exe:$DATA". how can I find the file?
Hi, I am using Trend Internet security 2009 and it showing me a virus located "system32:dumpk.exe:$DATA"
I have scanned the system32 folder from "C:\Windows" and it show the virus, but if I go into the system32 folder and select all the files and folders, it can not find the virus.
I have "show all hidden files and folders" ticked in windows explorer and "Hide protected operating system files" unticked.
Any help on how to find this file would be much appreciated.
Virus-scan-screen-shot.jpg
I have scanned the system32 folder from "C:\Windows" and it show the virus, but if I go into the system32 folder and select all the files and folders, it can not find the virus.
I have "show all hidden files and folders" ticked in windows explorer and "Hide protected operating system files" unticked.
Any help on how to find this file would be much appreciated.
Virus-scan-screen-shot.jpg
Anti-Virus Apps
Last Comment
copleymotion
ASKER CERTIFIED SOLUTION
THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
The virus might have hidden itself from Windows Explorer, so you might not see it in Windows Explorer.
Download OTMoveIt3 at http://oldtimer.geekstogo.com/OTMoveIt3.exe
[*] Save it to your desktop.
[*] Please double-click OTMoveIt3.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
[*]Copy the lines in bold below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
:Filesc:\windows\system32\dumpk.
[*] Return to OTMoveIt3, right click in the Paste Instructions for Items to be Moved window (under the yellow bar) and choose Paste.
[*]Click the red MoveIt! button.
[*]Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
[*]Close OTMoveIt3
Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Not
Once that's done, do the following also:
Go to http://www.bleepingcomputer.com/combofix/how-to-use-combofix and follow the instructions on how to install the Recovery Console and run ComboFix. Go through all the steps until posting the log part. Post the combofix log here.
[*] Save it to your desktop.
[*] Please double-click OTMoveIt3.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
[*]Copy the lines in bold below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
:Filesc:\windows\system32\dumpk.
[*] Return to OTMoveIt3, right click in the Paste Instructions for Items to be Moved window (under the yellow bar) and choose Paste.
[*]Click the red MoveIt! button.
[*]Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
[*]Close OTMoveIt3
Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Not
Once that's done, do the following also:
Go to http://www.bleepingcomputer.com/combofix/how-to-use-combofix and follow the instructions on how to install the Recovery Console and run ComboFix. Go through all the steps until posting the log part. Post the combofix log here.
ASKER
Fantastic, I scanned with MalwareBytes Anti-Malware and in safe mode and this detected and cleaned the virus. I had tried MalwareBytes Anti-Malware before but not in safe mode.
Here is the log from MalwareByte Anti-Malware:
Files Infected:
C:\WINDOWS\system32:dumpk.
Thanks for all the help everyone.
Here is the log from MalwareByte Anti-Malware:
Files Infected:
C:\WINDOWS\system32:dumpk.
Thanks for all the help everyone.