suporte.protagon 0 Posted July 15, 2013 Share Posted July 15, 2013 What procedure do you normally use to delete virus Memory?One of our clients is with the virus:Win32/Olmarik.AYNWin32/Olmasco.ADLog InformationWorking memory = explorer.exe (3932) - a variant of Win32/Olmarik.AYN Trojan - can not clearWorking memory = explorer.exe (3932) - a variant of Win32/Olmasco.AD Trojan - can not clearProcedures performed however unsuccessfully.1 - Tracking profunto with high level cleaning enabled2 - Tracking in safe mode3 - ESET Online scan4 - Stand alone removes malwareWhat can I perform another procedure to remove this virus Link to post Share on other sites
ESET Staff CB530 66 Posted July 15, 2013 ESET Staff Share Posted July 15, 2013 Hi protagon, To remove the Olmasco/Olmarik infection use our stand-alone tool. You can view our knowledgebase article for instructions and to download the tool. In the article you'll find a link to our video walkthrough, which you might also find helpful. Link to post Share on other sites
Administrators Marcos 3,629 Posted July 16, 2013 Administrators Share Posted July 16, 2013 Should the stand-alone cleaner fail to clean the malware, contact samples[at]eset.com. Link to post Share on other sites
ESET Insiders PodrskaNORT 17 Posted July 16, 2013 ESET Insiders Share Posted July 16, 2013 What can I perform another procedure to remove this virus As a general rule, I usually start CMD and then kill Explorer.EXE or any other system process. Explorer.exe file itself is usually not really infected, but malware just hooks as a fork at the process, so cleaning is not necessary after killing them. If system files really *are* infected I try to recover them with SFC (System File Checker). If that fails - I find a clean computer and replace executables. Tomo Link to post Share on other sites
suporte.protagon 0 Posted July 16, 2013 Author Share Posted July 16, 2013 The tools available to eleminação ESET's virus was not capable of identifying the threat. Probably is a new variant of the virus.The tool provided by ESET removes the variants:Win32/Olmarik.AGFWin32/Olmasco.RThe variant is that the PC is infected:Win32/Olmarik.AYNWin32/Olmasco.ADIt is not possible to send a sample because the file is mentioned as infected explorer.exe Link to post Share on other sites
ESET Moderators Peter Randziak 598 Posted July 17, 2013 ESET Moderators Share Posted July 17, 2013 Hello Suporte.protagon, please run the tool with parameter /d "C:\>EOlmarikTdl4Cleaner.exe /d ESET Windows OlmarikTdl4/Olmasco Remover v1.6.0.8 (Jun 10 2013 12:48:50) Copyright © ESET, spol. s r.o. 1992-2013. All rights reserved. Full dump mode" and provide us with an archive located in EOlmarikTdl4Cleaner folder, which will be created in the same location as Olmarik cleaner was run from. Link to post Share on other sites
suporte.protagon 0 Posted July 30, 2013 Author Share Posted July 30, 2013 The client who was infected with the pc decided to format since the computer had other problems.Thanks for the help. Link to post Share on other sites
Recommended Posts