Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

virus piothyw.exe i.simpli.fi.

Posted on 2014-04-22
16
Medium Priority
?
629 Views
Last Modified: 2014-05-20
Techs, Im trying to remove what appears to be a stubborn virus on a win7 laptop. piothyw.exe residing in "j.walt/ AppData / Roaming / Onleidx. Attempted to remove mannually and reports cannot be deleted due to file being in use. Killed services tied to virus and removed. Successfully deleted but the file regenerated itself and the services started running again.  Ran SAntispyware,  malwarebytes, and our symantec AV.  STill here.

The popup the eu is seeing in a File Dowload - Security Warning window.  "Do you want to open or save this file?"  Name: dpx.js, Type: jscript script file, 4.39kb, From i.simpli.fi.

EU has been cancelling the download windows repeatedly.

Any help is appreciated.  

Thank you,
Mark88
0
Comment
Question by:Mark O'Brien
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 9
  • 3
  • 2
  • +1
16 Comments
 
LVL 6

Expert Comment

by:Hassan Besher
ID: 40016408
remove your whatever antivirus is and download Free Kaspersky Internet Security 2014 Trial and do full scan and  he will do the rest:

http://usa.kaspersky.com/downloads/free-home-trials/internet-security
0
 

Author Comment

by:Mark O'Brien
ID: 40016559
This is a corporate environment.  Not sure if I can uninstall Symantec.
0
 

Author Comment

by:Mark O'Brien
ID: 40016562
Also, the laptop has to stay disconnected from the internet since we don't want the virus to spread.
0
Are You Ready for GDPR?

With the GDPR deadline set for May 25, 2018, many organizations are ill-prepared due to uncertainty about the criteria for compliance. According to a recent WatchGuard survey, a staggering 37% of respondents don't even know if their organization needs to comply with GDPR. Do you?

 
LVL 6

Expert Comment

by:Hassan Besher
ID: 40016567
install the source on other pc and transfer it using usb flash, in my opinion Kasper is much better then symantec in these situation , you can reinstall symantec after finishing from kasper scan
0
 
LVL 38

Expert Comment

by:Rich Rumble
ID: 40016626
Get yourself something like this:http://www.newegg.com/Product/Product.aspx?Item=N82E16812119152
Or Remove the HDD and place it in a machine as a secondary drive, and then scan it.
-rich
0
 

Author Comment

by:Mark O'Brien
ID: 40016635
Is it safe to connect the laptop to the network?
0
 
LVL 19

Assisted Solution

by:*** Hopeleonie ***
*** Hopeleonie *** earned 1000 total points
ID: 40016751
This is a corporate environment.

Then the best solution is to reimage or reinstall!
Unfortunately nobody can give you a 100% warranty that the computer is clean after Malware removal.
0
 
LVL 38

Assisted Solution

by:Rich Rumble
Rich Rumble earned 1000 total points
ID: 40017139
Remove the HDD, connect it as a secondary, that is a safe method of cleaning, using the USB->SATA cable is one of the easiest ways of doing that, otherwise you have to pop-open a desktop and connect the drive inside. Reimage is best, you can either backup the data when the drive is mounted on an adapter or as a secondary, and or you can try to clean it when it is.
-rich
0
 

Author Comment

by:Mark O'Brien
ID: 40017561
Is it safe to connect the laptop to the network?
0
 
LVL 38

Assisted Solution

by:Rich Rumble
Rich Rumble earned 1000 total points
ID: 40017571
Probably, but removing the HDD ensures that you can scan and or back up data without fear of further infection/spread, as long as you don't OPEN/Double-Click on anything on the drive. Just scan it, or back up what you need and reimage.
-rich
0
 

Author Comment

by:Mark O'Brien
ID: 40019049
I wouldve liked to remove the hdd, but my mgr and I decided to reconnect it with the NW and use signatures from SB S/D to clean it.  That seemed to work for now.

Ive let the eu know that she should let me know if the popups come back.

Waiting.......

Thannk you,
Mark88
0
 
LVL 19

Assisted Solution

by:*** Hopeleonie ***
*** Hopeleonie *** earned 1000 total points
ID: 40022040
SLAVED DRIVE SCANS are not recommended nowadays. I'm telling you as this (Malware removal) is my daily work.

Have also a look at this EE Article:
http://www.experts-exchange.com/Software/Anti_Spyware/A_6650-Malware-Fighting-Best-Practices.html

As told in ID: 40016751 I strongly recommend to reimage or reinstall!
But if you need to remove Malware, let me know...
0
 

Author Comment

by:Mark O'Brien
ID: 40028506
On Friday I had everything off but eu came back today Monday and part of the file was back again but our Symantec quarantined it.  I did a scan and found nothing else.

Hopeleonie, that's a great article but im not sure what it is telling me to do next - besides reimaging I mean.
0
 

Accepted Solution

by:
Mark O'Brien earned 0 total points
ID: 40068701
Since I removed the file from the quarantine last time it has not returned.
No idea what I did differently.
Mark88
0
 

Author Comment

by:Mark O'Brien
ID: 40068710
thank you
0
 

Author Closing Comment

by:Mark O'Brien
ID: 40077105
I will save this for future research for sure
0

Featured Post

New benefit for Premium Members - Upgrade now!

Ready to get started with anonymous questions today? It's easy! Learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Our Group Policy work started with Small Business Server in 2000. Microsoft gave us an excellent OU and GPO model in subsequent SBS editions that utilized WMI filters, OU linking, and VBS scripts. These are some of experiences plus our spending a lo…
Curious about the latest ransomware attack? Check out our timeline of events surrounding the spread of this new virus along with tips on how to mitigate the damage.
Windows 8 comes with a dramatically different user interface known as Metro. Notably missing from the new interface is a Start button and Start Menu. Many users do not like it, much preferring the interface of earlier versions — Windows 7, Windows X…
With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…

722 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question