Posted on 12/02/2012 10:10:04 AM PST by Rebelbase
Girlfriend's son's computer has picked up a Trojan named OMG1000.exe. Windows firwall picks up the request to allow this program to access so it can be stopped there.
I've run malware bytes and Avira scans, no luck in killing it.
Hijack This doesn't find it.
I've done all the scans and virus software updates from Safe Mode.
Google doesn't offer much help.
Anyone have knowledge on how to kill this one?
Got to watch it.. Some websites off free download but it will cost you to remove the malware software!!!
http://www.avira.com/en/avira-free-antivirus#tab2
I have been using this one for years!!!!
Bookmark
When all else fails, use this: http://www.surfright.nl/en/hitmanpro/
I was about ready to reformat my hard drive when I stumbled across this. Good luck
At McAffee world headquarters, research has been proceeding to develop a line of automation products that establishes new standards for quality and technological leadership in virus and malware removal excellence. With customer success as our primary focus, work has been proceeding on the crudely conceived idea of a virus/malware removal tool that would not only provide inverse reactive current for use in unilateral phase detractors, but would also be capable of automatically synchronizing cardinal grammeters.
Such an instrument comprised of Reliance operating system deviance detectors, Allen-Bradley software controls, and all monitored by Rockwell First Step Detection Software is McAffee’s new product offering the Retro-Encabulator.
Now basically the only new principle involved is that instead of power being generated by the relative motion of conductors and fluxes to establish bimodal detection of a virus, it’s produced by the modial interaction of magneto reluctance and capacitive duractance. The original machine had a base plate of pre-famulated amulite surmounted by a malleable logarithmic casing in such a way that the two spurving bearings ran in a direct line with the panametric fan.
The line-up consisted simply of six hydrocoptic marzul vanes so fitted to the ambaphascient lunar wain shaft that side fumbling was effectively prevented. The main winding was of the normal lotus-odeltoid type placed in panendurmic semi-bulloid slots of the stator, every seventh conductor being connected by a non-reversible tremmy pipe to the differential girdle spring on the up-end of the grammeters.
Moreover, whenever fluorescent square motion is required, it may also be employed in conjunction with the drawn reciprocation dingle arm, to reduce sinusoidal depleneration.
The retro-encabulator has now reached a high level of development, and it’s being successfully used in the operation of Milford trunnions. It’s available soon, wherever McAfee products are being sold.
What is the name of the program the virus is running? Boot to Safe mode, delete the file, create a text file in the same location with the same name and set it to read-only.
Go into Regedit and check Windows/Currentversion/Run and delete the program that loads the virus. Make sure you check all CurrentVersion runs. Take anything out of Startup that looks goofy.
I assume you know but others will not. HijackThis only reports what is there. You need to read the output or have someone read it for you.
That's ridiculous. What did you do to it?
What I had to do was reinstall explorer.exe from an install disc. Once I did that it fixed the problem.
You can copy over from your install cd (the following assumes your cd is drive d:)
start\run(type and hit ok) cmd (to get command window)
expand d:\i386\explorer.ex_ c:\Windows\explorer.exe -----------------------------
or you can copy over windows system files with the following
Insert your Windows Installation CD. Type "sfc /scannow" in the command prompt and hit "Enter." This will check your Windows protected files like "Explorer.exe" and repair them using the Windows Installation CD.
Another trick I do is do a search of files that have been modified within the last day....usually all of the files associated with the virus should appear, and usually they should all have the same timestamp. That at least will give you an idea of the files associated with the virus....BUT DO NOT delete any files unless you know what you are doing.
McAfee has some killer products.
touche’
I have had good luck using malwarebytes, but sometimes you need to run it in safemode. Once its done its thing in safemode, I then switch back to normal mode and run it again.
The file OMG1000.EXE is malware related. You must delete the file OMG1000.EXE immediately! Delete the file OMG1000.EXE without delay! Kill the process OMG1000.EXE and remove OMG1000.EXE from the Windows startup. Malware Analysis of OMG1000.EXE Full path on a computer: %TEMP%\OMG1000.EXE
The best free expert advice is on bleepingcomputer
Yep, bleepingcomputer.com has rescued my dumb butt a few times. Always works.
See if you can run msconfig from the start menu. (type where it says “search programs and files”)
If you can run msconfig, look in the startup tab to see if the program is listed. If it is, uncheck it and then go into the explorer, and delete the program.
If it isn’t there, try some of the other tabs. If it doesn’t show on them, try some of the other suggestions.
Bookmark.
Ran scans of a variety of anti-virus and malware software with no success but killed it anyway:
The windows installation warning message gave the path to the temp folder where the virus was stored; I went there and didn’t see it listed and deleted every file in the folder and emptied the waste basket.
The installation warning has not shown up in over a 1/2 dozen boot-ups since.
Thanks to everyone for their input.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.