Tuesday, May 17, 2011

Remove Win32/Olmarik (Uninstall Guide)

Win32/Olmarik is a Trojan horse that may secretly download and install malware on your computer. It may also display fake security warnings and misleading pop ups to scare you into downloading malicious software voluntarily. Usually, Win32/Olmarik displays misleading warnings saying that your computer is infected with spyware, viruses and other malicious software. If clicked upon, these fake security alerts begin downloading rogue anti-virus software or spyware. Win32/Olmarik may also collect data (keywords entered into search engines, operating system version, etc.) and serve as a backdoor. Some variants of this Trojan can be controlled remotely. For example: Win32/Olmarik.AGF. It also replaces the original (Master Boot Record) of the hard disk drive with its own program code. There is also the Win32/OlmarikTdl4 which is a newest version of this Trojan horse. Unfortunately, Win32/Olmarik can not be manually deleted. Thankfully, there are standalone removal tools that are capable of removing this dangerous infection from your computer for free. If you computer is infected with Win32/Olmarik, please follow the removal instructions below. Clarifications and comments are welcome as usual. If you have questions, please leave a comment below. Good luck and be safe online!

Malicious processes created by Win32/Olmarik:



Win32/Olmarik variants:
  • Win32/Olmarik.AGF
  • Win32/Olmarik.RN
  • Win32/Olmarik.XG
  • Win32/Olmarik.AMN
  • Win32/Olmarik.KW
  • Win32/Olmarik.TX
  • Win32/Olmarik.ADA
  • Win32/Olmarik.JK
  • Win32/Olmarik.AJL

Win32/Olmarik removal instructions:

1. Download EOlmarikRemover and EOlmarikTdl4Cleaner (Win32/Olmarik removal tools from ESET).

2. Run both programs and follow the on-screen instructions.





3. After the rebooting, please download and run recommend anti-malware software (STOPzilla) to remove the leftovers of this virus from your computer.

It's possible that an infection is blocking STOPzilla from properly installing. Before saving the selected program onto your computer, you may have to rename the installer to iexplore.exe or winlogon.exe. Don't forget to update the installed program before scanning.


Associated Win32/Olmarik files and registry values:

Files:
  • C:\WINDOWS\Zcepia.exe
  • C:\Documents and Settings\[UserName]\Local Settings\Temp\Zbl.exe
  • C:\WINDOWS\system32\rundll32.exe
  • rundll32.exe C:\WINDOWS\system32\sshnas21.dll,GetHandle
  • C:\Documents and Settings\[UserName]\pimon.exe
Registry values:
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "C:\Documents and Settings\[UserName]\Local Settings\Temp\Zbl.exe"
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "C:\Documents and Settings\[UserName]\pimon.exe /w"
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SSHNAS\Parameters "C:\WINDOWS\system32\sshnas21.dll"
Share the knowledge:

No comments:

Post a Comment