Skip to comments.OMG100an0.exe trojan downloader--how do I kill it
Posted on 12/02/2012 10:10:04 AM PST by Rebelbase
Girlfriend's son's computer has picked up a Trojan named OMG1000.exe. Windows firwall picks up the request to allow this program to access so it can be stopped there.
I've run malware bytes and Avira scans, no luck in killing it.
Hijack This doesn't find it.
I've done all the scans and virus software updates from Safe Mode.
Google doesn't offer much help.
Anyone have knowledge on how to kill this one?
Don’t know how the title got hosed. Correct file name for this trojan is OMG1000.exe.
Go to http://avg.com and download the free version, it seems to clean just about everything.
Down losd Avast and do a boot scan.
Really? You’ve never heard of Combofix?
First, spank your girlfriend’s son for watching porno, then download one of the free programs suggested, or others which are available and reviewed on cnet.com, run it (them) and install an anti-virus on the machine to run permanently.
Assuming the computer is running vista or later, with another computer download windows defender offline. create a boot dvd or thumb drive and boot from it. Let it scan. It picks up everything including root kits. Surest way to disinfect.
If the computer has XP, but is vista or 7 compatible your good.
The virus probably makes a restore worthless.
Backup personal Office, photos, music and videos. Load a restore disk to wipe everything,and reinstall Windows. If you don’t have a restore disk and you can’t make one now (likely), contact the computer manufacturer.
The last option is something I’ve done sucessfully in the past. The manufacturer burned a disk for my discontinued machine and mailed it to me.
Those two should wipe out most anything.
You beat me to it - - I also recommend Malwarebytes. That service got rid of some very nasty crap on my computer so I went and bought a subscription. Well worth it.
SuperAntiSpyware has provided good results for me when trying to remove difficult malware.
The free version is fully capable for detecting and removing.
If you run a complete scan and find more than cookies, delete the quarantine and run it again until clean. Might take 3 times.
Do what reply 15 says. I gave up on Windows because my machines were rendered useless after 2 years.
Got to watch it.. Some websites off free download but it will cost you to remove the malware software!!!
I have been using this one for years!!!!
When all else fails, use this: http://www.surfright.nl/en/hitmanpro/
I was about ready to reformat my hard drive when I stumbled across this. Good luck
At McAffee world headquarters, research has been proceeding to develop a line of automation products that establishes new standards for quality and technological leadership in virus and malware removal excellence. With customer success as our primary focus, work has been proceeding on the crudely conceived idea of a virus/malware removal tool that would not only provide inverse reactive current for use in unilateral phase detractors, but would also be capable of automatically synchronizing cardinal grammeters.
Such an instrument comprised of Reliance operating system deviance detectors, Allen-Bradley software controls, and all monitored by Rockwell First Step Detection Software is McAffee’s new product offering the Retro-Encabulator.
Now basically the only new principle involved is that instead of power being generated by the relative motion of conductors and fluxes to establish bimodal detection of a virus, it’s produced by the modial interaction of magneto reluctance and capacitive duractance. The original machine had a base plate of pre-famulated amulite surmounted by a malleable logarithmic casing in such a way that the two spurving bearings ran in a direct line with the panametric fan.
The line-up consisted simply of six hydrocoptic marzul vanes so fitted to the ambaphascient lunar wain shaft that side fumbling was effectively prevented. The main winding was of the normal lotus-odeltoid type placed in panendurmic semi-bulloid slots of the stator, every seventh conductor being connected by a non-reversible tremmy pipe to the differential girdle spring on the up-end of the grammeters.
Moreover, whenever fluorescent square motion is required, it may also be employed in conjunction with the drawn reciprocation dingle arm, to reduce sinusoidal depleneration.
The retro-encabulator has now reached a high level of development, and its being successfully used in the operation of Milford trunnions. It’s available soon, wherever McAfee products are being sold.
What is the name of the program the virus is running? Boot to Safe mode, delete the file, create a text file in the same location with the same name and set it to read-only.
Go into Regedit and check Windows/Currentversion/Run and delete the program that loads the virus. Make sure you check all CurrentVersion runs. Take anything out of Startup that looks goofy.
I assume you know but others will not. HijackThis only reports what is there. You need to read the output or have someone read it for you.
That's ridiculous. What did you do to it?
What I had to do was reinstall explorer.exe from an install disc. Once I did that it fixed the problem.
You can copy over from your install cd (the following assumes your cd is drive d:)
start\run(type and hit ok) cmd (to get command window)
expand d:\i386\explorer.ex_ c:\Windows\explorer.exe -----------------------------
or you can copy over windows system files with the following
Insert your Windows Installation CD. Type "sfc /scannow" in the command prompt and hit "Enter." This will check your Windows protected files like "Explorer.exe" and repair them using the Windows Installation CD.
Another trick I do is do a search of files that have been modified within the last day....usually all of the files associated with the virus should appear, and usually they should all have the same timestamp. That at least will give you an idea of the files associated with the virus....BUT DO NOT delete any files unless you know what you are doing.
McAfee has some killer products.
I have had good luck using malwarebytes, but sometimes you need to run it in safemode. Once its done its thing in safemode, I then switch back to normal mode and run it again.
The file OMG1000.EXE is malware related. You must delete the file OMG1000.EXE immediately! Delete the file OMG1000.EXE without delay! Kill the process OMG1000.EXE and remove OMG1000.EXE from the Windows startup. Malware Analysis of OMG1000.EXE Full path on a computer: %TEMP%\OMG1000.EXE
The best free expert advice is on bleepingcomputer
Yep, bleepingcomputer.com has rescued my dumb butt a few times. Always works.
See if you can run msconfig from the start menu. (type where it says “search programs and files”)
If you can run msconfig, look in the startup tab to see if the program is listed. If it is, uncheck it and then go into the explorer, and delete the program.
If it isn’t there, try some of the other tabs. If it doesn’t show on them, try some of the other suggestions.
Ran scans of a variety of anti-virus and malware software with no success but killed it anyway:
The windows installation warning message gave the path to the temp folder where the virus was stored; I went there and didn’t see it listed and deleted every file in the folder and emptied the waste basket.
The installation warning has not shown up in over a 1/2 dozen boot-ups since.
Thanks to everyone for their input.