Avatar of copleymotion
 asked on

virus at "system32:dumpk.exe:$DATA". how can I find the file?

Hi, I am using Trend Internet security 2009 and it showing me a virus located "system32:dumpk.exe:$DATA". it says it can not fix or delete the virus as it is a compressed file.
I have scanned the system32 folder from "C:\Windows" and it show the virus, but if I go into the system32 folder and select all the files and folders, it can not find the virus.
I have "show all hidden files and folders" ticked in windows explorer and "Hide protected operating system files" unticked.

Any help on how to find this file would be much appreciated.
Anti-Virus Apps

Avatar of undefined
Last Comment

8/22/2022 - Mon

View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
See Pricing Options
Start Free Trial
Ask your own question & get feedback from real experts
Find out why thousands trust the EE community with their toughest problems.

The virus might have hidden itself from Windows Explorer, so you might not see it in Windows Explorer.

Download OTMoveIt3 at http://oldtimer.geekstogo.com/OTMoveIt3.exe

[*] Save it to your desktop.
[*] Please double-click OTMoveIt3.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
[*]Copy the lines in bold below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):


[*] Return to OTMoveIt3, right click in the Paste Instructions for Items to be Moved window (under the yellow bar) and choose Paste.

[*]Click the red MoveIt! button.
[*]Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
[*]Close OTMoveIt3
Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

Once that's done, do the following also:

Go to http://www.bleepingcomputer.com/combofix/how-to-use-combofix and follow the instructions on how to install the Recovery Console and run ComboFix. Go through all the steps until posting the log part. Post the combofix log here.

Fantastic, I scanned with MalwareBytes Anti-Malware and in safe mode and this detected and cleaned the virus. I had tried MalwareBytes Anti-Malware before but not in safe mode.
Here is the log from MalwareByte Anti-Malware:

Files Infected:
C:\WINDOWS\system32:dumpk.exe (Rootkit.ADS) -> Quarantined and deleted successfully.

Thanks for all the help everyone.
All of life is about relationships, and EE has made a viirtual community a real community. It lifts everyone's boat
William Peck