Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


Trojan Infections, Malware

  • This topic is locked This topic is locked
2 replies to this topic

#1 Mike1162


  • Members
  • 4 posts
  • Local time:06:20 PM

Posted 01 January 2010 - 07:28 PM

Last week we discoveredwe had a Olmarik Trojan virus that could not be removed by our (then) current PC Speed Scan Pro, that is without sendinding them more money. I heard an ad on KNBR radio about "ESET". Downloaded their free ESET NOD32 Antivirus software, and found you guys in the process. After reading through SEVERAL threads and trying various diffrent manual removal steps, I found the followingfrom a link on your site to Wilders Security: ESET has a new standalone remover for Win32/Olmarik, located at http://download.eset.com/special/EOlmarikRemover.exe. Please try using it to remove the infestation. Regards, Aryeh Goretsky. Who apparantly is an ESET moderator. Anyway, after re-running a Full System Scan with ESET NOD32 Antivirus software I had 1 virus which ESET deleted. I still have function problems, such as not being able to use Microsoft Help (offline)(tried to get pc to restore, Help won't open, Can't use SEARCH, some browser or webpages are blank such my face book home page. Hope this helps.
OH BY THE WAY! the following may be important: I originaly started with Grinler's prep guide dated 11-10-05. I was able to do all steps except #6 the DDS Log. When the DOS style window did open, but it quickly closed with out scanning or creating a report. Tried several times to no avail. I have HiJackThis on my PC and will run a scan to stay ahead if you need the report or need to re-direct me. don't know how to use it though, so a scan is all that I will do.

ROOTREPEAL © AD, 2007-2009
Scan Start Time: 2010/01/01 15:13
Program Version: Version
Windows Version: Windows XP SP3

Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xBADA5000 Size: 98304 File Visible: No Signed: -
Status: -

Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xF7BF1000 Size: 8192 File Visible: No Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xF4E29000 Size: 49152 File Visible: No Signed: -
Status: -

#: 019 Function Name: NtAssignProcessToJobObject
Status: Hooked by "<unknown>" at address 0x834a08a0

#: 122 Function Name: NtOpenProcess
Status: Hooked by "<unknown>" at address 0x8349fcb0

#: 128 Function Name: NtOpenThread
Status: Hooked by "<unknown>" at address 0x834a00d0

#: 253 Function Name: NtSuspendProcess
Status: Hooked by "<unknown>" at address 0x834a06d0

#: 254 Function Name: NtSuspendThread
Status: Hooked by "<unknown>" at address 0x834a04f0

#: 257 Function Name: NtTerminateProcess
Status: Hooked by "<unknown>" at address 0x8349fee0

#: 258 Function Name: NtTerminateThread
Status: Hooked by "<unknown>" at address 0x834a0310

Stealth Objects
Object: Hidden Code [ETHREAD: 0x836b18e0]
Process: System Address: 0x8349e930 Size: 1000


BC AdBot (Login to Remove)


#2 Mike1162

  • Topic Starter

  • Members
  • 4 posts
  • Local time:06:20 PM

Posted 03 January 2010 - 11:59 AM

FYI- To all reading my original thread. I've decided to Restore the PC from scratch.

#3 garmanma


    Computer Masochist

  • Members
  • 27,809 posts
  • Gender:Male
  • Location:Cleveland, Ohio
  • Local time:07:20 PM

Posted 03 January 2010 - 10:55 PM

Good luck to you and have a good day
Topic closed
Posted Image
why won't my laptop work?

Having grandkids is God's way of giving you a 2nd chance because you were too busy working your butt off the 1st time around
Do not send me PMs with problems that should be posted in the forums. Keep it in the forums, so everyone benefits
Become a BleepingComputer fan: Facebook and Twitter

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users