[Webinar] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 2092
  • Last Modified:

At1.job and Associated Malware

Plaform Windows 2008 Server Service Pack 2
Worry Free Business Security Version 7

Recently my client always have the Trend Micro ICOn showing required restart. And notification always shown lots of virus detected. But either being resolved of clean.
Even my servers was affected.
Can someone advise me how to clean up this malware.
Have attached a logs on the detection.
 Malware Detected
0
wchoonhei
Asked:
wchoonhei
  • 4
  • 3
  • 2
1 Solution
 
khairilCommented:
Hi,

It is in your task scheduler but the real one that writing the task and do monitoring is in memory.

You can use tools, process monitor from sysinternal to kill the in memory culprit and use autorun to remove it from startup and task scheduler.
0
 
khairilCommented:
Do the restart and scan the virus in safe mode.
0
 
wchoonheiAuthor Commented:
How do i use the Tools mention? Can you be more specifiec? My computer knowledge is not good. Just a Normal user.

I restart in safe mode but the Trend micro doen't work.
0
Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

 
khairilCommented:
Hi,

Yup that tools require some IT knowledge. At1.job can be generated by more than one viruses, here is some of them:

1. AutoIT
2. Brontok.i
3. Nuqel
4. Vundo
5. Kido

Kido or confiker is nasty.

There are some cleaning up tools available on the net, like this one for confiker by sophos, http://www.sophos.com/support/knowledgebase/article/51169.html

However, cleaning up is one part, the other part is to make sure your system full patch. Without patching, virus from other computer can simple enter your. It will be quite a challenge as you need to connect to internet to download patches and the virus attack your computer when they found you connected to the network.

So, try download all the tools suspected for the viruses. run it in safe mode to clean the computer. Try download any critical security update and run it on the affected computer. Once you got all critical update patch then run in normal mode, connect to internet and run full update.

I not so sure if Trend cannot run in safe mode, it should. If it can't then you might want to look other AV as well.

If you cannot do it by yourself, then better bring it to the experts. It will worth your money and time and also your precious data. Make sure you backup your data first before sending it to them, and ask them too to backup your data (just in case). Make sure your copy all things in my documents, outlook pst file (if you are using outlook), your IE favourites and any other file you feel important.

In wrost cases, they might suggest to format your computer, so you need to supply them with cd drivers or other cd that comes with your computer.
0
 
wchoonheiAuthor Commented:
Does any one familiar with the trend micro worry free version 7? On the client or the server that I can enable the safe mode scanning . Or does it support this function ?
0
 
khairilCommented:
You can try use command line of TM when running in safe mode, but for Worry Free, I do not know the executeble files. For Trend Micro OfficeScan in safe mode, you will have to use command lined based scanning. Logon using safemode, then open a command prompt, navigate to your trend micro folder and run VSCANWIN32. This will show you a few command line switches you can use. Use VSCANWIN32 /S C: for C drive. The executables might be different for Worry Free.

You still can use some of other antivirus  as well, here is shareware version of free malwarebytes, http://www.majorgeeks.com/Malwarebyte's_Anti-Malware_d5756.html, id done job fine in most cases when other AV cannot function well.

There are some advanced steps but I tried not go get to that first, like scanning for the rootkit, because it requires some advanced knowledge of your computer and the application. Tried step above first.
0
 
Sudeep SharmaTechnical DesignerCommented:
You could also use Trend Micro System Cleaner to clean the system. Below are the details

http://esupport.trendmicro.com/solution/en-us/1057836.aspx

Sudeep
0
 
Sudeep SharmaTechnical DesignerCommented:
The above is not designed to work with the server family though. So you may need other tools to run on servers, however you could run it on Client OS
0
 
Sudeep SharmaTechnical DesignerCommented:
Below are the details from Trend on its behaviour and removal instructions

http://about-threats.trendmicro.com/Malware.aspx?language=us&name=WORM_DOWNAD.AD

Below is tools designed by them to remove it

http://www.trendmicro.com/ftp/products/pattern/spyware/fixtool/SysClean-WORM_DOWNAD.zip
0

Featured Post

 The Evil-ution of Network Security Threats

What are the hacks that forever changed the security industry? To answer that question, we created an exciting new eBook that takes you on a trip through hacking history. It explores the top hacks from the 80s to 2010s, why they mattered, and how the security industry responded.

  • 4
  • 3
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now