[2 days left] What’s wrong with your cloud strategy? Learn why multicloud solutions matter with Nimble Storage.Register Now

x
?
Solved

At1.job and Associated Malware

Posted on 2011-09-09
9
Medium Priority
?
2,058 Views
Last Modified: 2013-12-09
Plaform Windows 2008 Server Service Pack 2
Worry Free Business Security Version 7

Recently my client always have the Trend Micro ICOn showing required restart. And notification always shown lots of virus detected. But either being resolved of clean.
Even my servers was affected.
Can someone advise me how to clean up this malware.
Have attached a logs on the detection.
 Malware Detected
0
Comment
Question by:wchoonhei
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
  • 2
9 Comments
 
LVL 13

Expert Comment

by:khairil
ID: 36509517
Hi,

It is in your task scheduler but the real one that writing the task and do monitoring is in memory.

You can use tools, process monitor from sysinternal to kill the in memory culprit and use autorun to remove it from startup and task scheduler.
0
 
LVL 13

Expert Comment

by:khairil
ID: 36509520
Do the restart and scan the virus in safe mode.
0
 

Author Comment

by:wchoonhei
ID: 36510563
How do i use the Tools mention? Can you be more specifiec? My computer knowledge is not good. Just a Normal user.

I restart in safe mode but the Trend micro doen't work.
0
Visualize your virtual and backup environments

Create well-organized and polished visualizations of your virtual and backup environments when planning VMware vSphere, Microsoft Hyper-V or Veeam deployments. It helps you to gain better visibility and valuable business insights.

 
LVL 13

Expert Comment

by:khairil
ID: 36516321
Hi,

Yup that tools require some IT knowledge. At1.job can be generated by more than one viruses, here is some of them:

1. AutoIT
2. Brontok.i
3. Nuqel
4. Vundo
5. Kido

Kido or confiker is nasty.

There are some cleaning up tools available on the net, like this one for confiker by sophos, http://www.sophos.com/support/knowledgebase/article/51169.html

However, cleaning up is one part, the other part is to make sure your system full patch. Without patching, virus from other computer can simple enter your. It will be quite a challenge as you need to connect to internet to download patches and the virus attack your computer when they found you connected to the network.

So, try download all the tools suspected for the viruses. run it in safe mode to clean the computer. Try download any critical security update and run it on the affected computer. Once you got all critical update patch then run in normal mode, connect to internet and run full update.

I not so sure if Trend cannot run in safe mode, it should. If it can't then you might want to look other AV as well.

If you cannot do it by yourself, then better bring it to the experts. It will worth your money and time and also your precious data. Make sure you backup your data first before sending it to them, and ask them too to backup your data (just in case). Make sure your copy all things in my documents, outlook pst file (if you are using outlook), your IE favourites and any other file you feel important.

In wrost cases, they might suggest to format your computer, so you need to supply them with cd drivers or other cd that comes with your computer.
0
 

Author Comment

by:wchoonhei
ID: 36518978
Does any one familiar with the trend micro worry free version 7? On the client or the server that I can enable the safe mode scanning . Or does it support this function ?
0
 
LVL 13

Expert Comment

by:khairil
ID: 36520807
You can try use command line of TM when running in safe mode, but for Worry Free, I do not know the executeble files. For Trend Micro OfficeScan in safe mode, you will have to use command lined based scanning. Logon using safemode, then open a command prompt, navigate to your trend micro folder and run VSCANWIN32. This will show you a few command line switches you can use. Use VSCANWIN32 /S C: for C drive. The executables might be different for Worry Free.

You still can use some of other antivirus  as well, here is shareware version of free malwarebytes, http://www.majorgeeks.com/Malwarebyte's_Anti-Malware_d5756.html, id done job fine in most cases when other AV cannot function well.

There are some advanced steps but I tried not go get to that first, like scanning for the rootkit, because it requires some advanced knowledge of your computer and the application. Tried step above first.
0
 
LVL 30

Expert Comment

by:Sudeep Sharma
ID: 36532142
You could also use Trend Micro System Cleaner to clean the system. Below are the details

http://esupport.trendmicro.com/solution/en-us/1057836.aspx

Sudeep
0
 
LVL 30

Expert Comment

by:Sudeep Sharma
ID: 36532151
The above is not designed to work with the server family though. So you may need other tools to run on servers, however you could run it on Client OS
0
 
LVL 30

Accepted Solution

by:
Sudeep Sharma earned 2000 total points
ID: 36532216
Below are the details from Trend on its behaviour and removal instructions

http://about-threats.trendmicro.com/Malware.aspx?language=us&name=WORM_DOWNAD.AD

Below is tools designed by them to remove it

http://www.trendmicro.com/ftp/products/pattern/spyware/fixtool/SysClean-WORM_DOWNAD.zip
0

Featured Post

Get your Conversational Ransomware Defense e‑book

This e-book gives you an insight into the ransomware threat and reviews the fundamentals of top-notch ransomware preparedness and recovery. To help you protect yourself and your organization. The initial infection may be inevitable, so the best protection is to be fully prepared.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
An introduction to the wonderful sport of Scam Baiting.  Learn how to help fight scammers by beating them at their own game. This great pass time helps the world, while providing an endless source of entertainment. Enjoy!
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …

649 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question