Jump to content

What procedure do you normally use to delete virus Memory?


Recommended Posts

What procedure do you normally use to delete virus Memory?
One of our clients is with the virus:

Win32/Olmarik.AYN
Win32/Olmasco.AD

Log Information
Working memory = explorer.exe (3932) - a variant of Win32/Olmarik.AYN Trojan - can not clear

Working memory = explorer.exe (3932) - a variant of Win32/Olmasco.AD Trojan - can not clear

Procedures performed however unsuccessfully.
1 - Tracking profunto with high level cleaning enabled
2 - Tracking in safe mode
3 - ESET Online scan
4 - Stand alone removes malware

What can I perform another procedure to remove this virus

Link to comment
Share on other sites

  • ESET Staff

Hi protagon,

 

To remove the Olmasco/Olmarik infection use our stand-alone tool. You can view our knowledgebase article for instructions and to download the tool. In the article you'll find a link to our video walkthrough, which you might also find helpful.

Link to comment
Share on other sites

  • ESET Insiders

What can I perform another procedure to remove this virus

 

As a general rule, I usually start CMD and then kill Explorer.EXE or any other system process.

Explorer.exe file itself is usually not really infected, but malware just hooks as a fork at the process, so cleaning is not necessary after killing them.

If system files really *are* infected I try to recover them with SFC (System File Checker).

If that fails - I find a clean computer and replace executables.

 

Tomo

Link to comment
Share on other sites

The tools available to eleminação ESET's virus was not capable of identifying the threat. Probably is a new variant of the virus.

The tool provided by ESET removes the variants:
Win32/Olmarik.AGF
Win32/Olmasco.R

The variant is that the PC is infected:
Win32/Olmarik.AYN
Win32/Olmasco.AD

It is not possible to send a sample because the file is mentioned as infected explorer.exe

Link to comment
Share on other sites

  • ESET Moderators

Hello Suporte.protagon,

 

please run the tool with parameter /d

 
"C:\>EOlmarikTdl4Cleaner.exe /d
ESET Windows OlmarikTdl4/Olmasco Remover v1.6.0.8 (Jun 10 2013 12:48:50)
Copyright © ESET, spol. s r.o. 1992-2013. All rights reserved.
 
Full dump mode"
 
and provide us with an archive located in EOlmarikTdl4Cleaner folder, which will be created in the same location as Olmarik cleaner was run from.
Link to comment
Share on other sites

  • 2 weeks later...
Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...