Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

virus piothyw.exe i.simpli.fi.

Posted on 2014-04-22
16
Medium Priority
?
638 Views
Last Modified: 2014-05-20
Techs, Im trying to remove what appears to be a stubborn virus on a win7 laptop. piothyw.exe residing in "j.walt/ AppData / Roaming / Onleidx. Attempted to remove mannually and reports cannot be deleted due to file being in use. Killed services tied to virus and removed. Successfully deleted but the file regenerated itself and the services started running again.  Ran SAntispyware,  malwarebytes, and our symantec AV.  STill here.

The popup the eu is seeing in a File Dowload - Security Warning window.  "Do you want to open or save this file?"  Name: dpx.js, Type: jscript script file, 4.39kb, From i.simpli.fi.

EU has been cancelling the download windows repeatedly.

Any help is appreciated.  

Thank you,
Mark88
0
Comment
Question by:Mark O'Brien
  • 9
  • 3
  • 2
  • +1
16 Comments
 
LVL 6

Expert Comment

by:Hassan Besher
ID: 40016408
remove your whatever antivirus is and download Free Kaspersky Internet Security 2014 Trial and do full scan and  he will do the rest:

http://usa.kaspersky.com/downloads/free-home-trials/internet-security
0
 

Author Comment

by:Mark O'Brien
ID: 40016559
This is a corporate environment.  Not sure if I can uninstall Symantec.
0
 

Author Comment

by:Mark O'Brien
ID: 40016562
Also, the laptop has to stay disconnected from the internet since we don't want the virus to spread.
0
Automating Your MSP Business

The road to profitability.
Delivering superior services is key to ensuring customer satisfaction and the consequent long-term relationships that enable MSPs to lock in predictable, recurring revenue. What's the best way to deliver superior service? One word: automation.

 
LVL 6

Expert Comment

by:Hassan Besher
ID: 40016567
install the source on other pc and transfer it using usb flash, in my opinion Kasper is much better then symantec in these situation , you can reinstall symantec after finishing from kasper scan
0
 
LVL 38

Expert Comment

by:Rich Rumble
ID: 40016626
Get yourself something like this:http://www.newegg.com/Product/Product.aspx?Item=N82E16812119152
Or Remove the HDD and place it in a machine as a secondary drive, and then scan it.
-rich
0
 

Author Comment

by:Mark O'Brien
ID: 40016635
Is it safe to connect the laptop to the network?
0
 
LVL 19

Assisted Solution

by:*** Hopeleonie ***
*** Hopeleonie *** earned 1000 total points
ID: 40016751
This is a corporate environment.

Then the best solution is to reimage or reinstall!
Unfortunately nobody can give you a 100% warranty that the computer is clean after Malware removal.
0
 
LVL 38

Assisted Solution

by:Rich Rumble
Rich Rumble earned 1000 total points
ID: 40017139
Remove the HDD, connect it as a secondary, that is a safe method of cleaning, using the USB->SATA cable is one of the easiest ways of doing that, otherwise you have to pop-open a desktop and connect the drive inside. Reimage is best, you can either backup the data when the drive is mounted on an adapter or as a secondary, and or you can try to clean it when it is.
-rich
0
 

Author Comment

by:Mark O'Brien
ID: 40017561
Is it safe to connect the laptop to the network?
0
 
LVL 38

Assisted Solution

by:Rich Rumble
Rich Rumble earned 1000 total points
ID: 40017571
Probably, but removing the HDD ensures that you can scan and or back up data without fear of further infection/spread, as long as you don't OPEN/Double-Click on anything on the drive. Just scan it, or back up what you need and reimage.
-rich
0
 

Author Comment

by:Mark O'Brien
ID: 40019049
I wouldve liked to remove the hdd, but my mgr and I decided to reconnect it with the NW and use signatures from SB S/D to clean it.  That seemed to work for now.

Ive let the eu know that she should let me know if the popups come back.

Waiting.......

Thannk you,
Mark88
0
 
LVL 19

Assisted Solution

by:*** Hopeleonie ***
*** Hopeleonie *** earned 1000 total points
ID: 40022040
SLAVED DRIVE SCANS are not recommended nowadays. I'm telling you as this (Malware removal) is my daily work.

Have also a look at this EE Article:
http://www.experts-exchange.com/Software/Anti_Spyware/A_6650-Malware-Fighting-Best-Practices.html

As told in ID: 40016751 I strongly recommend to reimage or reinstall!
But if you need to remove Malware, let me know...
0
 

Author Comment

by:Mark O'Brien
ID: 40028506
On Friday I had everything off but eu came back today Monday and part of the file was back again but our Symantec quarantined it.  I did a scan and found nothing else.

Hopeleonie, that's a great article but im not sure what it is telling me to do next - besides reimaging I mean.
0
 

Accepted Solution

by:
Mark O'Brien earned 0 total points
ID: 40068701
Since I removed the file from the quarantine last time it has not returned.
No idea what I did differently.
Mark88
0
 

Author Comment

by:Mark O'Brien
ID: 40068710
thank you
0
 

Author Closing Comment

by:Mark O'Brien
ID: 40077105
I will save this for future research for sure
0

Featured Post

2017 Webroot Threat Report

MSPs: Get the facts you need to protect your clients.
The 2017 Webroot Threat Report provides a uniquely insightful global view into the analysis and discoveries made by the Webroot® Threat Intelligence Platform to provide insights on key trends and risks as seen by our users.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you thought ransomware was bad, think again! Doxware has the potential to be even more damaging.
OfficeMate Freezes on login or does not load after login credentials are input.
Windows 8 came with a dramatically different user interface known as Metro. Notably missing from that interface was a Start button and Start Menu. Microsoft responded to negative user feedback of the Metro interface, bringing back the Start button a…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

885 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question