OLMARIK.TDL4.TROJAN

[silversurferWV]

ESET tells me that my computer is infected with OLMARIK.TDL4.TROJAN. The ESET message also states that it is unable to clean the infection. A couple of questions.

(1) How do I get rid of OLMARIK.TDL4?

(2) How did this thing sneak past my ESET defenses?

[Janus]

Hi silversurferWV
Eset has a stand alone tool for Olmarik Tdl4, just go down the list and you will find it. Remember to backup your documents before trying to disinfect your system.
Link: Stand-alone malware removal tools
HTH

[FanJ]

In addition to the advice from Janus in case you are not very familiar with computers, contact Customer Care:
http://www.eset.com/us/support/contact

[silversurferWV]

Thanks for guiding me to the removal tool.

I ran the tool, and it reported that OLMARIK.TDL4 did not exist on my computer. However, the following scan did show it.

What's up with that?

Perhaps I should try the other suggestion to contact customer service.

[Janus]

Quote:

Originally Posted by silversurferWV

Thanks for guiding me to the removal tool.

I ran the tool, and it reported that OLMARIK.TDL4 did not exist on my computer. However, the following scan did show it.

What's up with that?

Perhaps I should try the other suggestion to contact customer service.

Hi silversurferWV
I think that you should follow the advice given from FanJ, and as you write, contact customer care. Use the link given in the post above. (post 3)
Best Regards

[silversurferWV]

Sent a note to ESET using the link provided in Post 3. Awaiting a response as of this writing.

[silversurferWV]

ESET customer service initially asked me to run their stand-alone OLMARIK killer. Of course that did not do the job.

ESET then asked me to download Kapersky's TDSSKILLER file and run it.

Did that and it found a hidden Akami file along with the OLMARIK trojan. Asked the program to delete the Akami and to "cure" the OLMARIK.

Ran my ESET scan afterward and no threats were detected so it appears that my problems are over.

Now, why in the heck was a Kapersky product able to clean this infection but my faithful ESET was not? This is the first time I've been disappointed by ESET and I've been a customer for several years.

I'm not blaming ESET for letting this OLMARIK thing into my computer because I may have shot myself in the foot a few weeks ago. My WinZip license informed me that an update was available to version 16.5. Tried to download it but ESET absolutely refused to let me do that because it sensed a dire theat.

What the heck I say. WinZip is surely trustworthy. Disabled ESET and downloaded the WinZip update anway. It's quite possible that the OLMARIK thing sneaked in during this time. Lesson learned.

[Ego_Dekker]

For historical reasons, ESET always had issues with malware cleaning/deleting. Even standalone malware removal tools are outdated.

[silversurferWV]

Sure hate to hear that. I've held ESET in high regard for a long, long time. Not that I'm an expert in computer securtiy. it's just that the various comparisons of the AV products found on the Web seem to rank ESET right up there at or near the top.

Now my confidence is shattered. Perhaps I need to consider Kaspersky when my ESET license expires next year.

[zfactor]

while eset does have some issues with cleaning at times.. i find it stops stuff. therefore i dont need it to clean. if the system isnt infected then as long as it keeps it clean im good. i do agree it needs to be improved when it comes to cleaning but i have yet to have a issue with it.

the stand alone rouge tool works very well if you have a rouge. i used to be a kaspersky user and honestly it was more of a headache than anything else and was way to over sensitive detecting things i know should not have been. anyhow i will honestly tell you eset is still great its just not the top at cleaning but after being a kaspersky user and a beta tester its not the best at cleaning either imo. it will do a bit better job than eset but its still not a fail safe.

as posted previously i like dr web cure it for a scan once in a while and ive seen it actually remove rootkits etc it works very well but i dont like there real time av as much. and malwarebytes is a essential tool imo to have for times when its needed.

[silversurferWV]

Thanks for sharing your thoughts and experience. You've given me renewed confidence in my beloved ESET.

I ran Dr. Web per your suggestion. It turned up nothing at all, so I'm thinking that my computer may be in the clear for now.

Also have MalwareBytes installed. It did not seem to help during my recent frustrations. And now for the first time ever it's finding a SVCHOST it claims is a threat. Ask it to remove this so called threat but it comes right back on the next scan. My research indicates that SVCHOST is not a threat at all.

[FanJ]

Hi silversurferWV,

If you would allow me a general remark, it is always good to post your exact Windows version, the exact version of your Eset program, and the lines from the logs of the scanners where they list something suspicous (that would be in your case of Eset, TDSSKiler and MBAM).

[silversurferWV]

Point well taken. I will do so in the future.

[silversurferWV]

Windows 7 Ultimate 64 bit
ESET 5.2.9.1

Today's MalwareBytes log:

Agent: Trojan Agent
Category: File
Item: C:\Windosw\svchost.exe

[mick92z]

Quote:

Originally Posted by silversurferWV

My research indicates that SVCHOST is not a threat at all.

It most certainly is , when its running from C:\Windows\svchost.exe

silversurferWV, don't waste your time trying to remove malware yourself. You will/have waste/d hours if not days trying.
Go to a professional malware removal forum. They will get your machine back to normal. Try here, http://www.geekstogo.com/forum/ Security > malware removal > Malware and Spyware Cleaning Guide ( watch the video )
create an account, try and run the OTL, and post your log. Then be patient,
In future don't waste your money , or put your faith in anti virus programs. Use programs like Sandboxie. Also if you don't know how, learn how to create images of your machine, so you can revert to a clean one in half an hour

[FanJ]

Quote:

Originally Posted by mick92z

It most certainly is , when its running from C:\Windows\svchost.exe

silversurferWV, don't waste your time trying to remove malware yourself. You will/have waste/d hours if not days trying.
Go to a professional malware removal forum. They will get your machine back to normal. Try here, http://www.geekstogo.com/forum/topic...leaning-guide/ create an account, try and run the OTL, and post your log. Then be patient,

mick92z,
Your link to geekstogo is broken.

Surely, my advice would also be for silversurferWV to go to one of the dedicated forums where they do OTL analysis etc, or contact again Eset Customer Care and send them an Eset SysInspector Log. Actually I wonder whether Eset Customer Care didn't ask silversurferWV for it already.

[siljaline]

Getting more to the point, if any of the ESET stand-alone removal tools failed to work as advertised, clearly point this out so ESET can investigate why this occurred.

This is the main support portal for ESET Products, ESET will investigate this failure to perform issue as they are redundant if they fail to function.

[lodore]

Eset sysrescue can be used to clean threats when the installed eset cant. rootkits are hard to clean when they are active.

[silversurferWV]

Just to update you on this situation I'm being helped by a Mr. Whitehat from the Geeks to Go Web site. Unfortunately, there has been no solution to my problem as of yet after over a week of following Mr. Whitehat's instructions. Not complaining mind you, after all this person is trying to help me, and I'm most grateful for his efforts. In the meantime I'm still infected with Trojan.Agent C:\Windows\svchost.exe, and Comcast is still sending me suspected bot notifications from time to time.

As a side note I clicked on the ESET system rescue tool just to see where it was headed with no intention of actually running it to completion at this time. It could not find AIK on my computer and offered a link to download it. It turns out that the link was for Vista computers and not Windows 7. However, I was able to find the AIK download for W7, and will make use of it later if Mr. Whitehat can't fix my problem.

[mick92z]

Quote:

Originally Posted by silversurferWV

Just to update you on this situation I'm being helped by a Mr. Whitehat from the Geeks to Go Web site.

I've been following your epic battle, and I'm glad to see your finally clean. I was surprised Combofix removed c:\windows\svchost.exe,only for it to return. Just shows you how stubborn some viruses are. Going to these malware forums can take over your life for a while, I sought help there, with a friends infected machine, I was determined not to plug the machine into the internet ( zeroaccess rootkit ) so had to transfer all tools and fixes via flash drive. Its always a good idea to regularly back up all your data, and take images of your machine, then if you run into trouble you can simply restore to a clean image in half an hour
Congrats on your success, the folk on Geekstogo are rather good,aren't they

[cfoye]

I too have been infected with Olmarik.tdl4. After emailing with ESET, their stand alone cleaner failed. Then, upon their suggestion, I attempted to use TDSskiller. This would not even run on my system. ESET has now told me to call their customer service and two days in a row I sat on hold for over an hour, so now I'm looking at forums for assistance.

Anyone have any ideas? Running Windows 7 64-bit.

[Marcos]

The TDL4 cleaner has just been updated. Please let us know if the latest version 1.6.0.1 detects and removes the variant you're infected with.