copleymotion
asked on
virus at "system32:dumpk.exe:$DATA". how can I find the file?
Hi, I am using Trend Internet security 2009 and it showing me a virus located "system32:dumpk.exe:$DATA" . it says it can not fix or delete the virus as it is a compressed file.
I have scanned the system32 folder from "C:\Windows" and it show the virus, but if I go into the system32 folder and select all the files and folders, it can not find the virus.
I have "show all hidden files and folders" ticked in windows explorer and "Hide protected operating system files" unticked.
Any help on how to find this file would be much appreciated.
Virus-scan-screen-shot.jpg
I have scanned the system32 folder from "C:\Windows" and it show the virus, but if I go into the system32 folder and select all the files and folders, it can not find the virus.
I have "show all hidden files and folders" ticked in windows explorer and "Hide protected operating system files" unticked.
Any help on how to find this file would be much appreciated.
Virus-scan-screen-shot.jpg
ASKER CERTIFIED SOLUTION
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
The virus might have hidden itself from Windows Explorer, so you might not see it in Windows Explorer.
Download OTMoveIt3 at http://oldtimer.geekstogo.com/OTMoveIt3.exe
[*] Save it to your desktop.
[*] Please double-click OTMoveIt3.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
[*]Copy the lines in bold below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
:Filesc:\windows\system32\dumpk. exe
[*] Return to OTMoveIt3, right click in the Paste Instructions for Items to be Moved window (under the yellow bar) and choose Paste.
[*]Click the red MoveIt! button.
[*]Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
[*]Close OTMoveIt3
Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Not epad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.
Once that's done, do the following also:
Go to http://www.bleepingcomputer.com/combofix/how-to-use-combofix and follow the instructions on how to install the Recovery Console and run ComboFix. Go through all the steps until posting the log part. Post the combofix log here.
[*] Save it to your desktop.
[*] Please double-click OTMoveIt3.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
[*]Copy the lines in bold below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
:Filesc:\windows\system32\dumpk.
[*] Return to OTMoveIt3, right click in the Paste Instructions for Items to be Moved window (under the yellow bar) and choose Paste.
[*]Click the red MoveIt! button.
[*]Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
[*]Close OTMoveIt3
Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Not
Once that's done, do the following also:
Go to http://www.bleepingcomputer.com/combofix/how-to-use-combofix and follow the instructions on how to install the Recovery Console and run ComboFix. Go through all the steps until posting the log part. Post the combofix log here.
ASKER
Fantastic, I scanned with MalwareBytes Anti-Malware and in safe mode and this detected and cleaned the virus. I had tried MalwareBytes Anti-Malware before but not in safe mode.
Here is the log from MalwareByte Anti-Malware:
Files Infected:
C:\WINDOWS\system32:dumpk. exe (Rootkit.ADS) -> Quarantined and deleted successfully.
Thanks for all the help everyone.
Here is the log from MalwareByte Anti-Malware:
Files Infected:
C:\WINDOWS\system32:dumpk.
Thanks for all the help everyone.