Jump to content

Malware problem on office computer

Thermite
 Share
Go to solution Solved by Ryan Bellune,

I have a computer running windows 7 out in my office and it is infected with a type of malware. This malware creates multiple exe's that are named randomly like auclxx.exe and towoo.exe. I need to know how to get rid of this I have seen this on a few computers now and have never really been able to completely remove it. Any help would be greatly appreciated. Also i'm not sure about this but the my task manager there is around 8 explorer.exe's running and I don't have any explorer windows up. I think the malware is somehow using explorer.exe as a mask or something. Any help would be greatly appreciated.

 

EDIT: I have used avast and malwarebytes together and they also can't stop it. Haven't done a boot time scan yet though.

 

That sounds like a pretty serious infection. You may not be able to remove the infection entirely with programs. If you do want to try though, boot to safe mode and run these utilities:

  1. Rkill - This will terminate any known malware processes and allow the antivirus/antimalware to run normally.
  2. ADW cleaner - This is a fantastic adware removal tool and I include it in every scan I do, just because it takes no time whatsoever
  3. Malwarebytes Anti-rootkit - Great anti-rootkit utility.\
  4. HiJack This - After completing the scans listed above, use this utility remove any traces left over after scans. BE VERY CAREFUL. This utility will show you a lot of windows processes as well as the ones with malware, use caution when deleting keys.

If all else fails, just re-install windows

Posted

I have a computer running windows 7 out in my office and it is infected with a type of malware. This malware creates multiple exe's that are named randomly like auclxx.exe and towoo.exe. I need to know how to get rid of this I have seen this on a few computers now and have never really been able to completely remove it. Any help would be greatly appreciated. Also i'm not sure about this but the my task manager there is around 8 explorer.exe's running and I don't have any explorer windows up. I think the malware is somehow using explorer.exe as a mask or something. Any help would be greatly appreciated.

 

EDIT: I have used avast and malwarebytes together and they also can't stop it. Haven't done a boot time scan yet though.

This is my opinion, it doesn't mean I'm right and is liable to change at any time. I may offend of which I apologize in advance.


(Our lord and savior: GabeN)

Link to comment
https://linustechtips.com/topic/275635-malware-problem-on-office-computer/
Share on other sites
Link to post
Share on other sites
Posted

looks like you may need to reinstall windows >.<

 

have you tried going into safemode and running malwarebyes then?

 

which malwarebytes did you use? have you tried malwarebytes regAssassin and malwarebytes anti root kit?

Case: NZXT Phantom PSU: EVGA G2 650w Motherboard: Asus Z97-Pro (Wifi-AC) CPU: 4690K @4.2ghz/1.2V Cooler: Noctua NH-D15 Ram: Kingston HyperX FURY 16GB 1866mhz GPU: Gigabyte G1 GTX970 Storage: (2x) WD Caviar Blue 1TB, Crucial MX100 256GB SSD, Samsung 840 SSD Wifi: TP Link WDN4800

 

Donkeys are love, Donkeys are life.                    "No answer means no problem!" - Luke 2015

 

Link to post
Share on other sites
Posted
  • Solution

I have a computer running windows 7 out in my office and it is infected with a type of malware. This malware creates multiple exe's that are named randomly like auclxx.exe and towoo.exe. I need to know how to get rid of this I have seen this on a few computers now and have never really been able to completely remove it. Any help would be greatly appreciated. Also i'm not sure about this but the my task manager there is around 8 explorer.exe's running and I don't have any explorer windows up. I think the malware is somehow using explorer.exe as a mask or something. Any help would be greatly appreciated.

 

EDIT: I have used avast and malwarebytes together and they also can't stop it. Haven't done a boot time scan yet though.

 

That sounds like a pretty serious infection. You may not be able to remove the infection entirely with programs. If you do want to try though, boot to safe mode and run these utilities:

  1. Rkill - This will terminate any known malware processes and allow the antivirus/antimalware to run normally.
  2. ADW cleaner - This is a fantastic adware removal tool and I include it in every scan I do, just because it takes no time whatsoever
  3. Malwarebytes Anti-rootkit - Great anti-rootkit utility.\
  4. HiJack This - After completing the scans listed above, use this utility remove any traces left over after scans. BE VERY CAREFUL. This utility will show you a lot of windows processes as well as the ones with malware, use caution when deleting keys.

If all else fails, just re-install windows

Link to post
Share on other sites
Posted

There are a few things you can do. As many have suggested you can wipe and reinstall, but contrary to popular belief this is not the best option. It's the easiest option, and some people get those two confused sometimes. We see this kind of stuff in my shop all the time. The best thing to do so you don't have to lose all your data/files/drivers/etc. is to run it through a basic virus removal.

 

Here's what I would run. We use these in our shop every day on virus removals. These are all free scanners so you shouldn't have to pay anything. Now this is probably going to take a few hours so be prepared for it to be offline for a while.

 

First thing, download all the scanners and place them in a folder somewhere where you can find them again. Then boot into safe mode and start running them. Start at the top of this list:

 

1) Malwarebytes Anti-Rootkit (rootkits)

2) Kaspersky Tdss Killer (rootkits)

3) Hitman Pro (malware. once it scans you will want to activate a free license)

4) Malwarebytes Anti-Malware (malware)

5) Combo Fix (performs general virus maintenance) EDIT: I just remembered ComboFix does not run in safe mode. you'll have to reboot to normal mode for this one

6) ESET Online Scanner (Malware and Viruses)

7) adwcleaner (adware)

8) Junkware Removal Tool (junkware)

9) Reboot into Normal Mode

10) Run one final scan with your existing anti-virus

11) Look into a better anti-virus solution like ESET Smart Security

Intel Core i7-4790k | 16GB HyperX Fury | EVGA GTX 1080 FTW

 

The work you do while you procrastinate is probably the work you should be doing for the rest of your life. -Jessica Hische

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing Troubleshooting

×