Malicious processes created by Win32/Olmarik:
Win32/Olmarik variants:
- Win32/Olmarik.AGF
- Win32/Olmarik.RN
- Win32/Olmarik.XG
- Win32/Olmarik.AMN
- Win32/Olmarik.KW
- Win32/Olmarik.TX
- Win32/Olmarik.ADA
- Win32/Olmarik.JK
- Win32/Olmarik.AJL
Win32/Olmarik removal instructions:
1. Download EOlmarikRemover and EOlmarikTdl4Cleaner (Win32/Olmarik removal tools from ESET).
2. Run both programs and follow the on-screen instructions.
3. After the rebooting, please download and run recommend anti-malware software (STOPzilla) to remove the leftovers of this virus from your computer.
It's possible that an infection is blocking STOPzilla from properly installing. Before saving the selected program onto your computer, you may have to rename the installer to iexplore.exe or winlogon.exe. Don't forget to update the installed program before scanning.
Associated Win32/Olmarik files and registry values:
Files:
- C:\WINDOWS\Zcepia.exe
- C:\Documents and Settings\[UserName]\Local Settings\Temp\Zbl.exe
- C:\WINDOWS\system32\rundll32.exe
- rundll32.exe C:\WINDOWS\system32\sshnas21.dll,GetHandle
- C:\Documents and Settings\[UserName]\pimon.exe
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "C:\Documents and Settings\[UserName]\Local Settings\Temp\Zbl.exe"
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "C:\Documents and Settings\[UserName]\pimon.exe /w"
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SSHNAS\Parameters "C:\WINDOWS\system32\sshnas21.dll"
No comments:
Post a Comment