suporte.protagon 0 Posted July 15, 2013 Share Posted July 15, 2013 What procedure do you normally use to delete virus Memory?One of our clients is with the virus:Win32/Olmarik.AYNWin32/Olmasco.ADLog InformationWorking memory = explorer.exe (3932) - a variant of Win32/Olmarik.AYN Trojan - can not clearWorking memory = explorer.exe (3932) - a variant of Win32/Olmasco.AD Trojan - can not clearProcedures performed however unsuccessfully.1 - Tracking profunto with high level cleaning enabled2 - Tracking in safe mode3 - ESET Online scan4 - Stand alone removes malwareWhat can I perform another procedure to remove this virus Link to comment Share on other sites More sharing options...
ESET Staff CB530 67 Posted July 15, 2013 ESET Staff Share Posted July 15, 2013 Hi protagon, To remove the Olmasco/Olmarik infection use our stand-alone tool. You can view our knowledgebase article for instructions and to download the tool. In the article you'll find a link to our video walkthrough, which you might also find helpful. Link to comment Share on other sites More sharing options...
Administrators Marcos 4,190 Posted July 16, 2013 Administrators Share Posted July 16, 2013 Should the stand-alone cleaner fail to clean the malware, contact samples[at]eset.com. Link to comment Share on other sites More sharing options...
ESET Insiders PodrskaNORT 17 Posted July 16, 2013 ESET Insiders Share Posted July 16, 2013 What can I perform another procedure to remove this virus As a general rule, I usually start CMD and then kill Explorer.EXE or any other system process. Explorer.exe file itself is usually not really infected, but malware just hooks as a fork at the process, so cleaning is not necessary after killing them. If system files really *are* infected I try to recover them with SFC (System File Checker). If that fails - I find a clean computer and replace executables. Tomo Link to comment Share on other sites More sharing options...
suporte.protagon 0 Posted July 16, 2013 Author Share Posted July 16, 2013 The tools available to eleminação ESET's virus was not capable of identifying the threat. Probably is a new variant of the virus.The tool provided by ESET removes the variants:Win32/Olmarik.AGFWin32/Olmasco.RThe variant is that the PC is infected:Win32/Olmarik.AYNWin32/Olmasco.ADIt is not possible to send a sample because the file is mentioned as infected explorer.exe Link to comment Share on other sites More sharing options...
ESET Moderators Peter Randziak 752 Posted July 17, 2013 ESET Moderators Share Posted July 17, 2013 Hello Suporte.protagon, please run the tool with parameter /d "C:\>EOlmarikTdl4Cleaner.exe /d ESET Windows OlmarikTdl4/Olmasco Remover v1.6.0.8 (Jun 10 2013 12:48:50) Copyright © ESET, spol. s r.o. 1992-2013. All rights reserved. Full dump mode" and provide us with an archive located in EOlmarikTdl4Cleaner folder, which will be created in the same location as Olmarik cleaner was run from. Link to comment Share on other sites More sharing options...
suporte.protagon 0 Posted July 30, 2013 Author Share Posted July 30, 2013 The client who was infected with the pc decided to format since the computer had other problems.Thanks for the help. Link to comment Share on other sites More sharing options...
Recommended Posts