OMG100an0.exe trojan downloader--how do I kill it

Girlfriend's Son's computer ^ | 12/2/12 | Rebelbase

[Rebelbase]

Girlfriend's son's computer has picked up a Trojan named OMG1000.exe. Windows firwall picks up the request to allow this program to access so it can be stopped there.

I've run malware bytes and Avira scans, no luck in killing it.

Hijack This doesn't find it.

I've done all the scans and virus software updates from Safe Mode.

Google doesn't offer much help.

Anyone have knowledge on how to kill this one?

[Rebelbase]

Any help is appreciated!

[Rebelbase]

Don’t know how the title got hosed. Correct file name for this trojan is OMG1000.exe.

[Free America52]

Go to http://avg.com and download the free version, it seems to clean just about everything.

[JRandomFreeper]

Install Linux. ;)

/johnny

[E. Pluribus Unum]

Restore Windows to a previous point in time before the infection occurred.

http://technet.microsoft.com/en-us/library/bb457025.aspx

[Bikkuri]

http://www.tekrum.net/19/kill-windows-trojan-viruses-effectively-using-linux/

[HangnJudge]

https://www.drwebhk.com/en/virus_techinfo/Trojan.DownLoader7.24299.html

[RetSignman]

Down losd Avast and do a boot scan.

[RitchieAprile]

From a site that purports to offer solutions to virus infections (Dr. Web Anti-Virus): Trojan.DownLoader7.24299 ------------------------- Malicious functions: Creates and executes the following: %TEMP%\omg1000.exe %TEMP%\omg1000.exe (downloaded from the Internet) Executes the following: \ping.exe -n 3 -w 250 127.0.0.1 \cmd.exe /c %TEMP%\afgstyw.bat Modifies file system : Creates the following files: %TEMP%\omg1000.exe %TEMP%\afgstyw.bat %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\U98D4X8H\whatismyip[1].2387591943 %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\checkip.dyndns[1].0357167227 %TEMP%\~ip.tmp Deletes the following files: %TEMP%\~ip.tmp Deletes itself. Network activity: Connects to: 'fr######eaming.zapto.org':80 'fr######eaming.hopto.org':80 'ch####p.dyndns.org':80 'www.wh###smyip.com':80 TCP: HTTP GET requests: fr######eaming.zapto.org/videos/sky3/skydl.php?ci############################################################# fr######eaming.hopto.org/videos/sky2/skydl.php?ci########################################################### ch####p.dyndns.org/?rn######################################### www.wh###smyip.com/?rn######################################### UDP: DNS ASK fr######eaming.zapto.org DNS ASK fr######eaming.hopto.org DNS ASK ch####p.dyndns.org DNS ASK www.wh###smyip.com

[RetSignman]

Correction...downLOAD

[eyedigress]

Really? You’ve never heard of Combofix?

Good Grief

http://www.bleepingcomputer.com/download/combofix/

[sauropod]

mark

[Revolting cat!]

First, spank your girlfriend’s son for watching porno, then download one of the free programs suggested, or others which are available and reviewed on cnet.com, run it (them) and install an anti-virus on the machine to run permanently.

[waynesa98]

Assuming the computer is running vista or later, with another computer download windows defender offline. create a boot dvd or thumb drive and boot from it. Let it scan. It picks up everything including root kits. Surest way to disinfect.

If the computer has XP, but is vista or 7 compatible your good.

[cicero2k]

The virus probably makes a restore worthless.

Backup personal Office, photos, music and videos. Load a restore disk to wipe everything,and reinstall Windows. If you don’t have a restore disk and you can’t make one now (likely), contact the computer manufacturer.

The last option is something I’ve done sucessfully in the past. The manufacturer burned a disk for my discontinued machine and mailed it to me.

[TonyInOhio]

Run TDSSkiller, then restart. Then download and run Malwarebytes anti-malware utility. Restart again.

Those two should wipe out most anything.

[skinkinthegrass]

bkm

[Lancey Howard]

You beat me to it - - I also recommend Malwarebytes. That service got rid of some very nasty crap on my computer so I went and bought a subscription. Well worth it.

[GOPBiker]

SuperAntiSpyware has provided good results for me when trying to remove difficult malware.

http://www.superantispyware.com/

The free version is fully capable for detecting and removing.
If you run a complete scan and find more than cookies, delete the quarantine and run it again until clean. Might take 3 times.

[Havisham]

Do what reply 15 says. I gave up on Windows because my machines were rendered useless after 2 years.