Solved

Virus Problem

Posted on 2011-09-23
5
313 Views
Last Modified: 2013-11-22
I have go across this 4 times this week.  My customers for getting a virus/trojan which appears as only number in task manager.  For example: 4170169061:44075829.exe.  The number seems to change on different computer.  I have tried everything, from removing the enties from the registry to scanning the drive external in a USB case, but no luck.  

Has everyone else seen the virus or have a removal tool.  I even contacted TrendMicro and they stated, I have never heard of the virus like that.

The only thing left to do is rebuild the PC.

Please help.

Thanks.
0
Comment
Question by:vitalev88
5 Comments
 
LVL 29

Expert Comment

by:Sudeep Sharma
Comment Utility
This is similar to the problem already raised in EE stated under and solution offered by RPG:

http://www.experts-exchange.com/Virus_and_Spyware/Anti-Virus/Q_27322188.html
http://www.experts-exchange.com/Software/Internet_Email/Anti_Spyware/Q_27321826.html

So as suggested in the articles, please run TDSSKiller first and if the problem doesn't resolve then run Combofix and post the logs here for further analysis.

I hope that would help

Sudeep
0
 
LVL 5

Expert Comment

by:mrfixit22
Comment Utility
If you have not tired Malwarebyte you should.  The others are good but Malwarebyte is made just for this kind of problems. http://www.malwarebytes.org/
0
 
LVL 47

Accepted Solution

by:
rpggamergirl earned 500 total points
Comment Utility
You can follow the links on SSharma's post and use the antizeroaccess.exe
or just use ComboFix, it should take care of the rootkit.

You may have to manually fix the modified permissions though.
I suggest you let combofix instlal the Recovery Console.

Please download ComboFix by sUBs:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.
Double click combofix.exe & follow the prompts.
When finished, it will produce a log. Please save that log and attach it in your next reply.
Note:
Do not mouse-click combofix's window while it is running. That may cause it to stall.

ComboFix tutorial:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix
0
 
LVL 38

Expert Comment

by:younghv
Comment Utility
This question has been classified as abandoned and is closed as part of the Cleanup Program. See the recommendation for more details.
0

Featured Post

Top 6 Sources for Identifying Threat Actor TTPs

Understanding your enemy is essential. These six sources will help you identify the most popular threat actor tactics, techniques, and procedures (TTPs).

Join & Write a Comment

Some of the most commonly posted questions in the "Virus & Malware" Zones are related to the family of rogue malware with the date "2012" somewhere in the title. Examples: XP Antispyware 2012 XP Antivirus 2012 XP Security 2012   XP Home Sec…
Sub-Titled: “My Way” (with apologies to Francis Albert Sinatra) Let me start by stating emphatically that I am one of those Experts who prefer doing things “My Way”. It’s kind of a no-brainer. “The following procedure works for me, so here is …
Viewers will learn how to turn a Live Set into a compressed Live Pack file, and how to install Live Packs. Make: File > Collect All And Save: File > Manage Files: Click Manage Project: Click Create Pack: Select save location: Install: Doub…
Viewers will learn how to use LFOs to modulate the sound of their Sampler instruments. Click the Modulation tab in Sampler: Choose one (or more) of the three available LFOs, and click the respective button to turn it on: Select a waveform, an LF…

771 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now