virus piothyw.exe i.simpli.fi.

Techs, Im trying to remove what appears to be a stubborn virus on a win7 laptop. piothyw.exe residing in "j.walt/ AppData / Roaming / Onleidx. Attempted to remove mannually and reports cannot be deleted due to file being in use. Killed services tied to virus and removed. Successfully deleted but the file regenerated itself and the services started running again.  Ran SAntispyware,  malwarebytes, and our symantec AV.  STill here.

The popup the eu is seeing in a File Dowload - Security Warning window.  "Do you want to open or save this file?"  Name: dpx.js, Type: jscript script file, 4.39kb, From i.simpli.fi.

EU has been cancelling the download windows repeatedly.

Any help is appreciated.  

Thank you,
Mark88
Mark O'BrienDispatch Software Support and Server AdministrationAsked:
Who is Participating?

Improve company productivity with a Business Account.Sign Up

x
 
Mark O'BrienConnect With a Mentor Dispatch Software Support and Server AdministrationAuthor Commented:
Since I removed the file from the quarantine last time it has not returned.
No idea what I did differently.
Mark88
0
 
Hassan BesherCommented:
remove your whatever antivirus is and download Free Kaspersky Internet Security 2014 Trial and do full scan and  he will do the rest:

http://usa.kaspersky.com/downloads/free-home-trials/internet-security
0
 
Mark O'BrienDispatch Software Support and Server AdministrationAuthor Commented:
This is a corporate environment.  Not sure if I can uninstall Symantec.
0
What Kind of Coding Program is Right for You?

There are many ways to learn to code these days. From coding bootcamps like Flatiron School to online courses to totally free beginner resources. The best way to learn to code depends on many factors, but the most important one is you. See what course is best for you.

 
Mark O'BrienDispatch Software Support and Server AdministrationAuthor Commented:
Also, the laptop has to stay disconnected from the internet since we don't want the virus to spread.
0
 
Hassan BesherCommented:
install the source on other pc and transfer it using usb flash, in my opinion Kasper is much better then symantec in these situation , you can reinstall symantec after finishing from kasper scan
0
 
Rich RumbleSecurity SamuraiCommented:
Get yourself something like this:http://www.newegg.com/Product/Product.aspx?Item=N82E16812119152
Or Remove the HDD and place it in a machine as a secondary drive, and then scan it.
-rich
0
 
Mark O'BrienDispatch Software Support and Server AdministrationAuthor Commented:
Is it safe to connect the laptop to the network?
0
 
*** Hopeleonie ***Connect With a Mentor IT ManagerCommented:
This is a corporate environment.

Then the best solution is to reimage or reinstall!
Unfortunately nobody can give you a 100% warranty that the computer is clean after Malware removal.
0
 
Rich RumbleConnect With a Mentor Security SamuraiCommented:
Remove the HDD, connect it as a secondary, that is a safe method of cleaning, using the USB->SATA cable is one of the easiest ways of doing that, otherwise you have to pop-open a desktop and connect the drive inside. Reimage is best, you can either backup the data when the drive is mounted on an adapter or as a secondary, and or you can try to clean it when it is.
-rich
0
 
Mark O'BrienDispatch Software Support and Server AdministrationAuthor Commented:
Is it safe to connect the laptop to the network?
0
 
Rich RumbleConnect With a Mentor Security SamuraiCommented:
Probably, but removing the HDD ensures that you can scan and or back up data without fear of further infection/spread, as long as you don't OPEN/Double-Click on anything on the drive. Just scan it, or back up what you need and reimage.
-rich
0
 
Mark O'BrienDispatch Software Support and Server AdministrationAuthor Commented:
I wouldve liked to remove the hdd, but my mgr and I decided to reconnect it with the NW and use signatures from SB S/D to clean it.  That seemed to work for now.

Ive let the eu know that she should let me know if the popups come back.

Waiting.......

Thannk you,
Mark88
0
 
*** Hopeleonie ***Connect With a Mentor IT ManagerCommented:
SLAVED DRIVE SCANS are not recommended nowadays. I'm telling you as this (Malware removal) is my daily work.

Have also a look at this EE Article:
http://www.experts-exchange.com/Software/Anti_Spyware/A_6650-Malware-Fighting-Best-Practices.html

As told in ID: 40016751 I strongly recommend to reimage or reinstall!
But if you need to remove Malware, let me know...
0
 
Mark O'BrienDispatch Software Support and Server AdministrationAuthor Commented:
On Friday I had everything off but eu came back today Monday and part of the file was back again but our Symantec quarantined it.  I did a scan and found nothing else.

Hopeleonie, that's a great article but im not sure what it is telling me to do next - besides reimaging I mean.
0
 
Mark O'BrienDispatch Software Support and Server AdministrationAuthor Commented:
thank you
0
 
Mark O'BrienDispatch Software Support and Server AdministrationAuthor Commented:
I will save this for future research for sure
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.