Solved

virus piothyw.exe i.simpli.fi.

Posted on 2014-04-22
16
595 Views
Last Modified: 2014-05-20
Techs, Im trying to remove what appears to be a stubborn virus on a win7 laptop. piothyw.exe residing in "j.walt/ AppData / Roaming / Onleidx. Attempted to remove mannually and reports cannot be deleted due to file being in use. Killed services tied to virus and removed. Successfully deleted but the file regenerated itself and the services started running again.  Ran SAntispyware,  malwarebytes, and our symantec AV.  STill here.

The popup the eu is seeing in a File Dowload - Security Warning window.  "Do you want to open or save this file?"  Name: dpx.js, Type: jscript script file, 4.39kb, From i.simpli.fi.

EU has been cancelling the download windows repeatedly.

Any help is appreciated.  

Thank you,
Mark88
0
Comment
Question by:Mark88
  • 9
  • 3
  • 2
  • +1
16 Comments
 
LVL 6

Expert Comment

by:Hassan Besher
ID: 40016408
remove your whatever antivirus is and download Free Kaspersky Internet Security 2014 Trial and do full scan and  he will do the rest:

http://usa.kaspersky.com/downloads/free-home-trials/internet-security
0
 

Author Comment

by:Mark88
ID: 40016559
This is a corporate environment.  Not sure if I can uninstall Symantec.
0
 

Author Comment

by:Mark88
ID: 40016562
Also, the laptop has to stay disconnected from the internet since we don't want the virus to spread.
0
 
LVL 6

Expert Comment

by:Hassan Besher
ID: 40016567
install the source on other pc and transfer it using usb flash, in my opinion Kasper is much better then symantec in these situation , you can reinstall symantec after finishing from kasper scan
0
 
LVL 38

Expert Comment

by:Rich Rumble
ID: 40016626
Get yourself something like this:http://www.newegg.com/Product/Product.aspx?Item=N82E16812119152
Or Remove the HDD and place it in a machine as a secondary drive, and then scan it.
-rich
0
 

Author Comment

by:Mark88
ID: 40016635
Is it safe to connect the laptop to the network?
0
 
LVL 19

Assisted Solution

by:*** Hopeleonie ***
*** Hopeleonie *** earned 250 total points
ID: 40016751
This is a corporate environment.

Then the best solution is to reimage or reinstall!
Unfortunately nobody can give you a 100% warranty that the computer is clean after Malware removal.
0
 
LVL 38

Assisted Solution

by:Rich Rumble
Rich Rumble earned 250 total points
ID: 40017139
Remove the HDD, connect it as a secondary, that is a safe method of cleaning, using the USB->SATA cable is one of the easiest ways of doing that, otherwise you have to pop-open a desktop and connect the drive inside. Reimage is best, you can either backup the data when the drive is mounted on an adapter or as a secondary, and or you can try to clean it when it is.
-rich
0
Save on storage to protect fatherhood memories

You're the dad who has everything. This Father's Day, make sure your family memories are protected. My Passport Ultra has automatic backup and password protection to keep your cherished photos and videos safe. With up to 3TB, you have plenty of room to hold the adventures ahead.

 

Author Comment

by:Mark88
ID: 40017561
Is it safe to connect the laptop to the network?
0
 
LVL 38

Assisted Solution

by:Rich Rumble
Rich Rumble earned 250 total points
ID: 40017571
Probably, but removing the HDD ensures that you can scan and or back up data without fear of further infection/spread, as long as you don't OPEN/Double-Click on anything on the drive. Just scan it, or back up what you need and reimage.
-rich
0
 

Author Comment

by:Mark88
ID: 40019049
I wouldve liked to remove the hdd, but my mgr and I decided to reconnect it with the NW and use signatures from SB S/D to clean it.  That seemed to work for now.

Ive let the eu know that she should let me know if the popups come back.

Waiting.......

Thannk you,
Mark88
0
 
LVL 19

Assisted Solution

by:*** Hopeleonie ***
*** Hopeleonie *** earned 250 total points
ID: 40022040
SLAVED DRIVE SCANS are not recommended nowadays. I'm telling you as this (Malware removal) is my daily work.

Have also a look at this EE Article:
http://www.experts-exchange.com/Software/Anti_Spyware/A_6650-Malware-Fighting-Best-Practices.html

As told in ID: 40016751 I strongly recommend to reimage or reinstall!
But if you need to remove Malware, let me know...
0
 

Author Comment

by:Mark88
ID: 40028506
On Friday I had everything off but eu came back today Monday and part of the file was back again but our Symantec quarantined it.  I did a scan and found nothing else.

Hopeleonie, that's a great article but im not sure what it is telling me to do next - besides reimaging I mean.
0
 

Accepted Solution

by:
Mark88 earned 0 total points
ID: 40068701
Since I removed the file from the quarantine last time it has not returned.
No idea what I did differently.
Mark88
0
 

Author Comment

by:Mark88
ID: 40068710
thank you
0
 

Author Closing Comment

by:Mark88
ID: 40077105
I will save this for future research for sure
0

Featured Post

Network it in WD Red

There's an industry-leading WD Red drive for every compatible NAS system to help fulfill your data storage needs. With drives up to 8TB, WD Red offers a wide array of solutions for customers looking to build the biggest, best-performing NAS storage solution.  

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Users of Windows 10 Professional can disable automatic reboots using the policy editor. This tool is not included in the Windows home edition. But don't worry! Follow the instructions below to install (a Win7) policy editor on your Windows 10 Home e…
Ever notice how you can't use a new drive in Windows without having Windows assigning a Disk Signature?  Ever have a signature collision problem (especially with Virtual Machines?)  This article is intended to help you understand what's going on and…
In this video, we discuss why the need for additional vertical screen space has become more important in recent years, namely, due to the transition in the marketplace of 4x3 computer screens to 16x9 and 16x10 screens (so-called widescreen format). …
With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…

863 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

27 Experts available now in Live!

Get 1:1 Help Now