What procedure do you normally use to delete virus Memory?

[suporte.protagon 0]

What procedure do you normally use to delete virus Memory?
One of our clients is with the virus:

Win32/Olmarik.AYN
Win32/Olmasco.AD

Log Information
Working memory = explorer.exe (3932) - a variant of Win32/Olmarik.AYN Trojan - can not clear

Working memory = explorer.exe (3932) - a variant of Win32/Olmasco.AD Trojan - can not clear

Procedures performed however unsuccessfully.
1 - Tracking profunto with high level cleaning enabled
2 - Tracking in safe mode
3 - ESET Online scan
4 - Stand alone removes malware

What can I perform another procedure to remove this virus

[CB530 70]

Hi protagon,

 

To remove the Olmasco/Olmarik infection use our stand-alone tool. You can view our knowledgebase article for instructions and to download the tool. In the article you'll find a link to our video walkthrough, which you might also find helpful.

[Marcos 5,070]

Should the stand-alone cleaner fail to clean the malware, contact samples[at]eset.com.

[PodrskaNORT 17]

What can I perform another procedure to remove this virus

 

As a general rule, I usually start CMD and then kill Explorer.EXE or any other system process.

Explorer.exe file itself is usually not really infected, but malware just hooks as a fork at the process, so cleaning is not necessary after killing them.

If system files really *are* infected I try to recover them with SFC (System File Checker).

If that fails - I find a clean computer and replace executables.

 

Tomo

[suporte.protagon 0]

The tools available to eleminação ESET's virus was not capable of identifying the threat. Probably is a new variant of the virus.

The tool provided by ESET removes the variants:
Win32/Olmarik.AGF
Win32/Olmasco.R

The variant is that the PC is infected:
Win32/Olmarik.AYN
Win32/Olmasco.AD

It is not possible to send a sample because the file is mentioned as infected explorer.exe

[Peter Randziak 1,130]

Hello Suporte.protagon,

 

please run the tool with parameter /d

 

"C:\>EOlmarikTdl4Cleaner.exe /d

ESET Windows OlmarikTdl4/Olmasco Remover v1.6.0.8 (Jun 10 2013 12:48:50)

Copyright © ESET, spol. s r.o. 1992-2013. All rights reserved.

 

Full dump mode"

 

and provide us with an archive located in EOlmarikTdl4Cleaner folder, which will be created in the same location as Olmarik cleaner was run from.

[suporte.protagon 0]

The client who was infected with the pc decided to format since the computer had other problems.

Thanks for the help.