1
How to remove a DCOM virus?
Payload is it goes and downloads Trojans from a Russian ip. Microsoft Security Essentials detects access to the Windows Temp folder, but how do I remove the DCOM server virus?
abmv
Posted 2010-01-13T13:19:58.353
Reputation: 276
1
I'm assuming your antivirus solution cannot remove the virus. That being the case, do you have a System Restore point you could utilize?
Mark
Posted 2010-01-13T13:19:58.353
Reputation: 3 009
no system restore – abmv – 2010-01-13T18:33:41.417
1
Here are some options:
Google for "antivirus online scan" and use a couple of the best-known ones to scan the computer (each takes some hours to complete).
Some that I like are Trend Micro House Call and Kaspersky Labs Free Virus Scan.
Please note that they might require you to use Internet Explorer as your browser
Use a rescue live-CD virus scanner : I like best Avira AntiVir Rescue System because it gets updated several times a day and so the download CD is up-to-date. As a boot CD it doesn't use Windows, so your virus can't block it.
harrymc
Posted 2010-01-13T13:19:58.353
Reputation: 306 093
don't think this would work tried mse – abmv – 2010-01-13T18:35:20.617
1Not all antiviruses are equal. If you would like to avoid reinstalling Windows, try as many as it takes to clean your computer. Some to try are MBAM, Avast and Spybot S&D. – harrymc – 2010-01-13T20:53:56.140
1I'm not sure if an "antivirus online scan" search is really a safe solution to give. Many fake antivirus are popping on such results. – Gnoupi – 2010-01-13T21:41:29.167
1
A DCOM Server is just an EXE somewhere. If it's configured to run as a Service, it'll be in the Services section of the Computer Management MMC tool found in Control Panel > Administrative Tools.
If you find that it is indeed a rogue service, you can use the following command line:
SC delete service_name
JBRWilkinson
Posted 2010-01-13T13:19:58.353
Reputation: 142
1
Today's anti-virus tools are a long way behind the explosion of Russian trojans. They're unlikely to be able to clean it up, and even if it looks like they did, how do you know there's not still a rootkit left behind that you can't see?
No: unless you have the technical knowledge and experience to analyse the infection yourself, the only safe route once a machine has been compromised is to reinstall the OS.
bobince
Posted 2010-01-13T13:19:58.353
Reputation: 8 816
@abmv: There exist rootkit scanners for that purpose, and it's not true that anti-virus tools are way behind. Analysing the infection becomes an ease with Sysinternals Tools like Process Explorer, Process Monitor and AutoRuns and rootkits become an ease with RootKitRevealer, GMER and similar software...
– Tamara Wijsman – 2011-08-04T12:29:20.897I will format today sad its Windows 7 – abmv – 2010-01-14T06:24:35.107
0
This is Server Launcher Issues
Signs are:
Getting Blue screen error,
Dump system performance,
Some unwanted file will be create on root of hard drive.
There are two steps: Implement anti-malware software and Empty Windows Registry
Read Troubleshooting - https://www.solvusoft.com/en/malware/viruses/troj-dcom-ai/
Mellisasha Rapova
Posted 2010-01-13T13:19:58.353
Reputation: 26
Whilst this may theoretically answer the question, it would be preferable to include the essential parts of the answer here, and provide the link for reference.
– bertieb – 2019-05-23T07:22:51.567
Next time you report something, include additional information so we can give better instructions in how to clean up your virus. It's completely possible to recover from this without re-installation, but it's rather vague the way your question was stated... – Tamara Wijsman – 2011-08-04T12:32:03.763