Free Republic
Browse · Search
General/Chat
Topics · Post Article

Skip to comments.

OMG100an0.exe trojan downloader--how do I kill it
Girlfriend's Son's computer ^ | 12/2/12 | Rebelbase

Posted on 12/02/2012 10:10:04 AM PST by Rebelbase

Girlfriend's son's computer has picked up a Trojan named OMG1000.exe. Windows firwall picks up the request to allow this program to access so it can be stopped there.

I've run malware bytes and Avira scans, no luck in killing it.

Hijack This doesn't find it.

I've done all the scans and virus software updates from Safe Mode.

Google doesn't offer much help.

Anyone have knowledge on how to kill this one?


TOPICS: Computers/Internet
KEYWORDS: computervirus; getamac; malware
Any help is appreciated!
1 posted on 12/02/2012 10:10:07 AM PST by Rebelbase
[ Post Reply | Private Reply | View Replies]

To: Rebelbase

Don’t know how the title got hosed. Correct file name for this trojan is OMG1000.exe.


2 posted on 12/02/2012 10:11:13 AM PST by Rebelbase
[ Post Reply | Private Reply | To 1 | View Replies]

To: Rebelbase

Go to http://avg.com and download the free version, it seems to clean just about everything.


3 posted on 12/02/2012 10:14:11 AM PST by Free America52 (The White guys are getting pissed off. We beat Hitler Hirohito and Krushchev. Obama will be easy.)
[ Post Reply | Private Reply | To 2 | View Replies]

To: Rebelbase
Install Linux. ;)

/johnny

4 posted on 12/02/2012 10:14:44 AM PST by JRandomFreeper (Gone Galt)
[ Post Reply | Private Reply | To 1 | View Replies]

To: Rebelbase
Restore Windows to a previous point in time before the infection occurred.

http://technet.microsoft.com/en-us/library/bb457025.aspx

5 posted on 12/02/2012 10:15:21 AM PST by E. Pluribus Unum (Labor unions are the Communist Party of the USA.)
[ Post Reply | Private Reply | To 1 | View Replies]

To: Rebelbase
http://www.tekrum.net/19/kill-windows-trojan-viruses-effectively-using-linux/
6 posted on 12/02/2012 10:18:56 AM PST by Bikkuri (Hope for Conservative push in the next 2-4 years..........)
[ Post Reply | Private Reply | To 1 | View Replies]

To: Rebelbase

https://www.drwebhk.com/en/virus_techinfo/Trojan.DownLoader7.24299.html


7 posted on 12/02/2012 10:20:05 AM PST by HangnJudge
[ Post Reply | Private Reply | To 1 | View Replies]

To: Rebelbase

Down losd Avast and do a boot scan.


8 posted on 12/02/2012 10:20:26 AM PST by RetSignman ("A Republic if you can keep it"....)
[ Post Reply | Private Reply | To 1 | View Replies]

To: Rebelbase
From a site that purports to offer solutions to virus infections (Dr. Web Anti-Virus): Trojan.DownLoader7.24299 ------------------------- Malicious functions: Creates and executes the following: %TEMP%\omg1000.exe %TEMP%\omg1000.exe (downloaded from the Internet) Executes the following: \ping.exe -n 3 -w 250 127.0.0.1 \cmd.exe /c %TEMP%\afgstyw.bat Modifies file system : Creates the following files: %TEMP%\omg1000.exe %TEMP%\afgstyw.bat %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\U98D4X8H\whatismyip[1].2387591943 %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\checkip.dyndns[1].0357167227 %TEMP%\~ip.tmp Deletes the following files: %TEMP%\~ip.tmp Deletes itself. Network activity: Connects to: 'fr######eaming.zapto.org':80 'fr######eaming.hopto.org':80 'ch####p.dyndns.org':80 'www.wh###smyip.com':80 TCP: HTTP GET requests: fr######eaming.zapto.org/videos/sky3/skydl.php?ci############################################################# fr######eaming.hopto.org/videos/sky2/skydl.php?ci########################################################### ch####p.dyndns.org/?rn######################################### www.wh###smyip.com/?rn######################################### UDP: DNS ASK fr######eaming.zapto.org DNS ASK fr######eaming.hopto.org DNS ASK ch####p.dyndns.org DNS ASK www.wh###smyip.com
9 posted on 12/02/2012 10:21:10 AM PST by RitchieAprile (the obsteperous gentleman..)
[ Post Reply | Private Reply | To 1 | View Replies]

To: RetSignman

Correction...downLOAD


10 posted on 12/02/2012 10:22:46 AM PST by RetSignman ("A Republic if you can keep it"....)
[ Post Reply | Private Reply | To 8 | View Replies]

To: Rebelbase

Really? You’ve never heard of Combofix?

Good Grief

http://www.bleepingcomputer.com/download/combofix/


11 posted on 12/02/2012 10:26:29 AM PST by eyedigress ((zOld storm chaser from the west)/?)
[ Post Reply | Private Reply | To 1 | View Replies]

To: sauropod

mark


12 posted on 12/02/2012 10:27:42 AM PST by sauropod (I will not comply)
[ Post Reply | Private Reply | To 1 | View Replies]

To: Rebelbase

First, spank your girlfriend’s son for watching porno, then download one of the free programs suggested, or others which are available and reviewed on cnet.com, run it (them) and install an anti-virus on the machine to run permanently.


13 posted on 12/02/2012 10:32:20 AM PST by Revolting cat! (Bad things are wrong! Ice cream is delicious!)
[ Post Reply | Private Reply | To 1 | View Replies]

To: Rebelbase

Assuming the computer is running vista or later, with another computer download windows defender offline. create a boot dvd or thumb drive and boot from it. Let it scan. It picks up everything including root kits. Surest way to disinfect.

If the computer has XP, but is vista or 7 compatible your good.


14 posted on 12/02/2012 10:32:38 AM PST by waynesa98
[ Post Reply | Private Reply | To 1 | View Replies]

To: Rebelbase

The virus probably makes a restore worthless.

Backup personal Office, photos, music and videos. Load a restore disk to wipe everything,and reinstall Windows. If you don’t have a restore disk and you can’t make one now (likely), contact the computer manufacturer.

The last option is something I’ve done sucessfully in the past. The manufacturer burned a disk for my discontinued machine and mailed it to me.


15 posted on 12/02/2012 10:36:51 AM PST by cicero2k
[ Post Reply | Private Reply | To 1 | View Replies]

To: Rebelbase
Run TDSSkiller, then restart. Then download and run Malwarebytes anti-malware utility. Restart again.

Those two should wipe out most anything.

16 posted on 12/02/2012 10:55:30 AM PST by TonyInOhio
[ Post Reply | Private Reply | To 1 | View Replies]

To: Rebelbase

bkm


17 posted on 12/02/2012 10:58:05 AM PST by skinkinthegrass (Anger a Conservative by telling a lie; Anger a Liberal by telling the truth....RWR 8-)
[ Post Reply | Private Reply | To 1 | View Replies]

To: TonyInOhio; Rebelbase

You beat me to it - - I also recommend Malwarebytes. That service got rid of some very nasty crap on my computer so I went and bought a subscription. Well worth it.


18 posted on 12/02/2012 11:01:40 AM PST by Lancey Howard
[ Post Reply | Private Reply | To 16 | View Replies]

To: Rebelbase

SuperAntiSpyware has provided good results for me when trying to remove difficult malware.

http://www.superantispyware.com/

The free version is fully capable for detecting and removing.
If you run a complete scan and find more than cookies, delete the quarantine and run it again until clean. Might take 3 times.


19 posted on 12/02/2012 11:02:02 AM PST by GOPBiker (Thank a veteran, with a smile, every chance you get. You do more good than you can know.)
[ Post Reply | Private Reply | To 1 | View Replies]

To: Rebelbase

Do what reply 15 says. I gave up on Windows because my machines were rendered useless after 2 years.


20 posted on 12/02/2012 11:03:08 AM PST by Havisham
[ Post Reply | Private Reply | To 1 | View Replies]

To: Rebelbase

Got to watch it.. Some websites off free download but it will cost you to remove the malware software!!!

http://www.avira.com/en/avira-free-antivirus#tab2

I have been using this one for years!!!!


21 posted on 12/02/2012 11:22:28 AM PST by tallyhoe
[ Post Reply | Private Reply | To 1 | View Replies]

To: Rebelbase

Bookmark


22 posted on 12/02/2012 11:24:42 AM PST by Newtoidaho (Fight organized crime. Vote out all incumbent Democrats!)
[ Post Reply | Private Reply | To 1 | View Replies]

To: Rebelbase

When all else fails, use this: http://www.surfright.nl/en/hitmanpro/

I was about ready to reformat my hard drive when I stumbled across this. Good luck


23 posted on 12/02/2012 11:30:02 AM PST by Arthurio
[ Post Reply | Private Reply | To 1 | View Replies]

To: Rebelbase

At McAffee world headquarters, research has been proceeding to develop a line of automation products that establishes new standards for quality and technological leadership in virus and malware removal excellence. With customer success as our primary focus, work has been proceeding on the crudely conceived idea of a virus/malware removal tool that would not only provide inverse reactive current for use in unilateral phase detractors, but would also be capable of automatically synchronizing cardinal grammeters.

Such an instrument comprised of Reliance operating system deviance detectors, Allen-Bradley software controls, and all monitored by Rockwell First Step Detection Software is McAffee’s new product offering the Retro-Encabulator.

Now basically the only new principle involved is that instead of power being generated by the relative motion of conductors and fluxes to establish bimodal detection of a virus, it’s produced by the modial interaction of magneto reluctance and capacitive duractance. The original machine had a base plate of pre-famulated amulite surmounted by a malleable logarithmic casing in such a way that the two spurving bearings ran in a direct line with the panametric fan.

The line-up consisted simply of six hydrocoptic marzul vanes so fitted to the ambaphascient lunar wain shaft that side fumbling was effectively prevented. The main winding was of the normal lotus-odeltoid type placed in panendurmic semi-bulloid slots of the stator, every seventh conductor being connected by a non-reversible tremmy pipe to the differential girdle spring on the up-end of the grammeters.

Moreover, whenever fluorescent square motion is required, it may also be employed in conjunction with the drawn reciprocation dingle arm, to reduce sinusoidal depleneration.
The retro-encabulator has now reached a high level of development, and it’s being successfully used in the operation of Milford trunnions. It’s available soon, wherever McAfee products are being sold.


24 posted on 12/02/2012 11:32:09 AM PST by RBStealth
[ Post Reply | Private Reply | To 1 | View Replies]

To: Rebelbase

What is the name of the program the virus is running? Boot to Safe mode, delete the file, create a text file in the same location with the same name and set it to read-only.

Go into Regedit and check Windows/Currentversion/Run and delete the program that loads the virus. Make sure you check all CurrentVersion runs. Take anything out of Startup that looks goofy.

I assume you know but others will not. HijackThis only reports what is there. You need to read the output or have someone read it for you.


25 posted on 12/02/2012 11:33:14 AM PST by AppyPappy (If you really want to annoy someone, point out something obvious that they are trying hard to ignore)
[ Post Reply | Private Reply | To 1 | View Replies]

To: Havisham
I gave up on Windows because my machines were rendered useless after 2 years.

That's ridiculous. What did you do to it?

26 posted on 12/02/2012 11:35:52 AM PST by Future Snake Eater (CrossFit.com)
[ Post Reply | Private Reply | To 20 | View Replies]

To: Rebelbase
I've had it happen where restore, running malewarebytes and even Combofix couldn't solve the problem. The clue to solving the problem was that the trojan was try to access another site and being blocked and eset nod32 was showing that it was explorer.exe that was try to contact an external site.

What I had to do was reinstall explorer.exe from an install disc. Once I did that it fixed the problem.

You can copy over from your install cd (the following assumes your cd is drive d:)

start\run(type and hit ok) cmd (to get command window)

expand d:\i386\explorer.ex_ c:\Windows\explorer.exe -----------------------------

or you can copy over windows system files with the following

Insert your Windows Installation CD. Type "sfc /scannow" in the command prompt and hit "Enter." This will check your Windows protected files like "Explorer.exe" and repair them using the Windows Installation CD.

27 posted on 12/02/2012 11:39:13 AM PST by vbmoneyspender
[ Post Reply | Private Reply | To 1 | View Replies]

To: AppyPappy

Another trick I do is do a search of files that have been modified within the last day....usually all of the files associated with the virus should appear, and usually they should all have the same timestamp. That at least will give you an idea of the files associated with the virus....BUT DO NOT delete any files unless you know what you are doing.


28 posted on 12/02/2012 11:41:13 AM PST by dfwgator
[ Post Reply | Private Reply | To 25 | View Replies]

To: RBStealth

McAfee has some killer products.


29 posted on 12/02/2012 11:45:18 AM PST by Lancey Howard
[ Post Reply | Private Reply | To 24 | View Replies]

To: Lancey Howard

touche’


30 posted on 12/02/2012 11:48:39 AM PST by RBStealth
[ Post Reply | Private Reply | To 29 | View Replies]

To: Rebelbase

I have had good luck using malwarebytes, but sometimes you need to run it in safemode. Once its done its thing in safemode, I then switch back to normal mode and run it again.


31 posted on 12/02/2012 12:25:22 PM PST by backtobasics
[ Post Reply | Private Reply | To 1 | View Replies]

To: Rebelbase
http://greatis.com/blog/how-to-remove-malware/omg1000-exe.htm

The file OMG1000.EXE is malware related.
You must delete the file OMG1000.EXE immediately!
Delete the file OMG1000.EXE without delay!
Kill the process OMG1000.EXE and remove OMG1000.EXE from the Windows startup.
Malware Analysis of OMG1000.EXE
Full path on a computer: %TEMP%\OMG1000.EXE

32 posted on 12/02/2012 1:14:21 PM PST by rawcatslyentist ("Behold, I am against you, O arrogant one," Jeremiah 50:31)
[ Post Reply | Private Reply | To 1 | View Replies]

To: Rebelbase

The best free expert advice is on bleepingcomputer


33 posted on 12/02/2012 2:34:34 PM PST by Mount Athos (A Giant luxury mega-mansion for Gore, a Government Green EcoShack made of poo for you)
[ Post Reply | Private Reply | To 1 | View Replies]

To: Mount Athos

Yep, bleepingcomputer.com has rescued my dumb butt a few times. Always works.


34 posted on 12/02/2012 5:07:39 PM PST by rightly_dividing (Left behind; 4 Americans in Libya)
[ Post Reply | Private Reply | To 33 | View Replies]

To: Rebelbase

See if you can run msconfig from the start menu. (type where it says “search programs and files”)

If you can run msconfig, look in the startup tab to see if the program is listed. If it is, uncheck it and then go into the explorer, and delete the program.

If it isn’t there, try some of the other tabs. If it doesn’t show on them, try some of the other suggestions.


35 posted on 12/02/2012 6:00:26 PM PST by Conan the Librarian (The Best in Life is to crush my enemies, see them driven before me, and the Dewey Decimal System)
[ Post Reply | Private Reply | To 1 | View Replies]

To: Rebelbase

Bookmark.


36 posted on 12/02/2012 6:07:07 PM PST by The Cajun (Sarah Palin, Mark Levin......Nuff said.)
[ Post Reply | Private Reply | To 1 | View Replies]

To: All

Ran scans of a variety of anti-virus and malware software with no success but killed it anyway:

The windows installation warning message gave the path to the temp folder where the virus was stored; I went there and didn’t see it listed and deleted every file in the folder and emptied the waste basket.

The installation warning has not shown up in over a 1/2 dozen boot-ups since.

Thanks to everyone for their input.


37 posted on 12/10/2012 5:07:41 AM PST by Rebelbase
[ Post Reply | Private Reply | To 1 | View Replies]

Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.

Free Republic
Browse · Search
General/Chat
Topics · Post Article

FreeRepublic, LLC, PO BOX 9771, FRESNO, CA 93794
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson