Solved

virus piothyw.exe i.simpli.fi.

Posted on 2014-04-22
16
589 Views
Last Modified: 2014-05-20
Techs, Im trying to remove what appears to be a stubborn virus on a win7 laptop. piothyw.exe residing in "j.walt/ AppData / Roaming / Onleidx. Attempted to remove mannually and reports cannot be deleted due to file being in use. Killed services tied to virus and removed. Successfully deleted but the file regenerated itself and the services started running again.  Ran SAntispyware,  malwarebytes, and our symantec AV.  STill here.

The popup the eu is seeing in a File Dowload - Security Warning window.  "Do you want to open or save this file?"  Name: dpx.js, Type: jscript script file, 4.39kb, From i.simpli.fi.

EU has been cancelling the download windows repeatedly.

Any help is appreciated.  

Thank you,
Mark88
0
Comment
Question by:Mark88
  • 9
  • 3
  • 2
  • +1
16 Comments
 
LVL 6

Expert Comment

by:Hassan Besher
ID: 40016408
remove your whatever antivirus is and download Free Kaspersky Internet Security 2014 Trial and do full scan and  he will do the rest:

http://usa.kaspersky.com/downloads/free-home-trials/internet-security
0
 

Author Comment

by:Mark88
ID: 40016559
This is a corporate environment.  Not sure if I can uninstall Symantec.
0
 

Author Comment

by:Mark88
ID: 40016562
Also, the laptop has to stay disconnected from the internet since we don't want the virus to spread.
0
 
LVL 6

Expert Comment

by:Hassan Besher
ID: 40016567
install the source on other pc and transfer it using usb flash, in my opinion Kasper is much better then symantec in these situation , you can reinstall symantec after finishing from kasper scan
0
 
LVL 38

Expert Comment

by:Rich Rumble
ID: 40016626
Get yourself something like this:http://www.newegg.com/Product/Product.aspx?Item=N82E16812119152
Or Remove the HDD and place it in a machine as a secondary drive, and then scan it.
-rich
0
 

Author Comment

by:Mark88
ID: 40016635
Is it safe to connect the laptop to the network?
0
 
LVL 18

Assisted Solution

by:hopeleonie
hopeleonie earned 250 total points
ID: 40016751
This is a corporate environment.

Then the best solution is to reimage or reinstall!
Unfortunately nobody can give you a 100% warranty that the computer is clean after Malware removal.
0
 
LVL 38

Assisted Solution

by:Rich Rumble
Rich Rumble earned 250 total points
ID: 40017139
Remove the HDD, connect it as a secondary, that is a safe method of cleaning, using the USB->SATA cable is one of the easiest ways of doing that, otherwise you have to pop-open a desktop and connect the drive inside. Reimage is best, you can either backup the data when the drive is mounted on an adapter or as a secondary, and or you can try to clean it when it is.
-rich
0
IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

 

Author Comment

by:Mark88
ID: 40017561
Is it safe to connect the laptop to the network?
0
 
LVL 38

Assisted Solution

by:Rich Rumble
Rich Rumble earned 250 total points
ID: 40017571
Probably, but removing the HDD ensures that you can scan and or back up data without fear of further infection/spread, as long as you don't OPEN/Double-Click on anything on the drive. Just scan it, or back up what you need and reimage.
-rich
0
 

Author Comment

by:Mark88
ID: 40019049
I wouldve liked to remove the hdd, but my mgr and I decided to reconnect it with the NW and use signatures from SB S/D to clean it.  That seemed to work for now.

Ive let the eu know that she should let me know if the popups come back.

Waiting.......

Thannk you,
Mark88
0
 
LVL 18

Assisted Solution

by:hopeleonie
hopeleonie earned 250 total points
ID: 40022040
SLAVED DRIVE SCANS are not recommended nowadays. I'm telling you as this (Malware removal) is my daily work.

Have also a look at this EE Article:
http://www.experts-exchange.com/Software/Anti_Spyware/A_6650-Malware-Fighting-Best-Practices.html

As told in ID: 40016751 I strongly recommend to reimage or reinstall!
But if you need to remove Malware, let me know...
0
 

Author Comment

by:Mark88
ID: 40028506
On Friday I had everything off but eu came back today Monday and part of the file was back again but our Symantec quarantined it.  I did a scan and found nothing else.

Hopeleonie, that's a great article but im not sure what it is telling me to do next - besides reimaging I mean.
0
 

Accepted Solution

by:
Mark88 earned 0 total points
ID: 40068701
Since I removed the file from the quarantine last time it has not returned.
No idea what I did differently.
Mark88
0
 

Author Comment

by:Mark88
ID: 40068710
thank you
0
 

Author Closing Comment

by:Mark88
ID: 40077105
I will save this for future research for sure
0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

In a recent article here at Experts Exchange (http://www.experts-exchange.com/articles/18880/PaperPort-14-in-Windows-10-A-First-Look.html), I discussed my nine-month sandbox testing of the Windows 10 Technical Preview, specifically with respect to r…
Article by: btan
The intent is not to repeat what many has know about Ransomware but more to join its dots of what is it, who are the victims, why it exists, when and how we respond on infection. Lastly, sum up in a glance to share such information with more to help…
Windows 8 comes with a dramatically different user interface known as Metro. Notably missing from the new interface is a Start button and Start Menu. Many users do not like it, much preferring the interface of earlier versions — Windows 7, Windows X…
With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…

760 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now