OLMARIK.TDL4.TROJAN

Discussion in 'ESET Smart Security' started by silversurferWV, Jul 18, 2012.

Thread Status:
Not open for further replies.
  1. silversurferWV

    silversurferWV Registered Member

    Joined:
    Jun 5, 2006
    Posts:
    26
    ESET tells me that my computer is infected with OLMARIK.TDL4.TROJAN. The ESET message also states that it is unable to clean the infection. A couple of questions.

    (1) How do I get rid of OLMARIK.TDL4?

    (2) How did this thing sneak past my ESET defenses?
     
  2. Janus

    Janus Registered Member

    Joined:
    Jan 2, 2012
    Posts:
    588
    Location:
    Europe - Denmark .
    Hi silversurferWV
    Eset has a stand alone tool for Olmarik Tdl4, just go down the list and you will find it. Remember to backup your documents before trying to disinfect your system.
    Link: Stand-alone malware removal tools
    HTH :)
     
  3. FanJ

    FanJ Updates Team

    Joined:
    Feb 9, 2002
    Posts:
    2,564
  4. silversurferWV

    silversurferWV Registered Member

    Joined:
    Jun 5, 2006
    Posts:
    26
    Thanks for guiding me to the removal tool.

    I ran the tool, and it reported that OLMARIK.TDL4 did not exist on my computer. However, the following scan did show it.

    What's up with that?

    Perhaps I should try the other suggestion to contact customer service.
     
  5. Janus

    Janus Registered Member

    Joined:
    Jan 2, 2012
    Posts:
    588
    Location:
    Europe - Denmark .
    Hi silversurferWV
    I think that you should follow the advice given from FanJ, and as you write, contact customer care. Use the link given in the post above. (post 3)
    Best Regards :)
     
    Last edited: Jul 19, 2012
  6. silversurferWV

    silversurferWV Registered Member

    Joined:
    Jun 5, 2006
    Posts:
    26
    Sent a note to ESET using the link provided in Post 3. Awaiting a response as of this writing.
     
  7. silversurferWV

    silversurferWV Registered Member

    Joined:
    Jun 5, 2006
    Posts:
    26
    ESET customer service initially asked me to run their stand-alone OLMARIK killer. Of course that did not do the job.

    ESET then asked me to download Kapersky's TDSSKILLER file and run it.

    Did that and it found a hidden Akami file along with the OLMARIK trojan. Asked the program to delete the Akami and to "cure" the OLMARIK.

    Ran my ESET scan afterward and no threats were detected so it appears that my problems are over.

    Now, why in the heck was a Kapersky product able to clean this infection but my faithful ESET was not? This is the first time I've been disappointed by ESET and I've been a customer for several years.

    I'm not blaming ESET for letting this OLMARIK thing into my computer because I may have shot myself in the foot a few weeks ago. My WinZip license informed me that an update was available to version 16.5. Tried to download it but ESET absolutely refused to let me do that because it sensed a dire theat.

    What the heck I say. WinZip is surely trustworthy. Disabled ESET and downloaded the WinZip update anway. It's quite possible that the OLMARIK thing sneaked in during this time. Lesson learned.
     
  8. Ego_Dekker

    Ego_Dekker Registered Member

    Joined:
    Aug 22, 2010
    Posts:
    97
    Location:
    Russia
    For historical reasons, ESET always had issues with malware cleaning/deleting. Even standalone malware removal tools are outdated.
     
  9. silversurferWV

    silversurferWV Registered Member

    Joined:
    Jun 5, 2006
    Posts:
    26
    Sure hate to hear that. I've held ESET in high regard for a long, long time. Not that I'm an expert in computer securtiy. it's just that the various comparisons of the AV products found on the Web seem to rank ESET right up there at or near the top.

    Now my confidence is shattered. Perhaps I need to consider Kaspersky when my ESET license expires next year.
     
  10. zfactor

    zfactor Registered Member

    Joined:
    Mar 10, 2005
    Posts:
    6,012
    Location:
    on my zx10-r
    while eset does have some issues with cleaning at times.. i find it stops stuff. therefore i dont need it to clean. if the system isnt infected then as long as it keeps it clean im good. i do agree it needs to be improved when it comes to cleaning but i have yet to have a issue with it.

    the stand alone rouge tool works very well if you have a rouge. i used to be a kaspersky user and honestly it was more of a headache than anything else and was way to over sensitive detecting things i know should not have been. anyhow i will honestly tell you eset is still great its just not the top at cleaning but after being a kaspersky user and a beta tester its not the best at cleaning either imo. it will do a bit better job than eset but its still not a fail safe.

    as posted previously i like dr web cure it for a scan once in a while and ive seen it actually remove rootkits etc it works very well but i dont like there real time av as much. and malwarebytes is a essential tool imo to have for times when its needed.
     
  11. silversurferWV

    silversurferWV Registered Member

    Joined:
    Jun 5, 2006
    Posts:
    26
    Thanks for sharing your thoughts and experience. You've given me renewed confidence in my beloved ESET.

    I ran Dr. Web per your suggestion. It turned up nothing at all, so I'm thinking that my computer may be in the clear for now.

    Also have MalwareBytes installed. It did not seem to help during my recent frustrations. And now for the first time ever it's finding a SVCHOST it claims is a threat. Ask it to remove this so called threat but it comes right back on the next scan. My research indicates that SVCHOST is not a threat at all.
     
  12. FanJ

    FanJ Updates Team

    Joined:
    Feb 9, 2002
    Posts:
    2,564
    Hi silversurferWV,

    If you would allow me a general remark, it is always good to post your exact Windows version, the exact version of your Eset program, and the lines from the logs of the scanners where they list something suspicous (that would be in your case of Eset, TDSSKiler and MBAM). ;)
     
  13. silversurferWV

    silversurferWV Registered Member

    Joined:
    Jun 5, 2006
    Posts:
    26
    Point well taken. I will do so in the future.
     
  14. silversurferWV

    silversurferWV Registered Member

    Joined:
    Jun 5, 2006
    Posts:
    26
    Windows 7 Ultimate 64 bit
    ESET 5.2.9.1

    Today's MalwareBytes log:

    Agent: Trojan Agent
    Category: File
    Item: C:\Windosw\svchost.exe
     
  15. mick92z

    mick92z Registered Member

    Joined:
    Apr 27, 2007
    Posts:
    499
    Location:
    Nottingham
    It most certainly is , when its running from C:\Windows\svchost.exe

    silversurferWV, don't waste your time trying to remove malware yourself. You will/have waste/d hours if not days trying.
    Go to a professional malware removal forum. They will get your machine back to normal. Try here, http://www.geekstogo.com/forum/ Security > malware removal > Malware and Spyware Cleaning Guide ( watch the video )
    create an account, try and run the OTL, and post your log. Then be patient,
    In future don't waste your money , or put your faith in anti virus programs. Use programs like Sandboxie. Also if you don't know how, learn how to create images of your machine, so you can revert to a clean one in half an hour
     
    Last edited: Jul 21, 2012
  16. FanJ

    FanJ Updates Team

    Joined:
    Feb 9, 2002
    Posts:
    2,564
    mick92z,
    Your link to geekstogo is broken.

    Surely, my advice would also be for silversurferWV to go to one of the dedicated forums where they do OTL analysis etc, or contact again Eset Customer Care and send them an Eset SysInspector Log. Actually I wonder whether Eset Customer Care didn't ask silversurferWV for it already.
     
  17. siljaline

    siljaline Former Poster

    Joined:
    Jun 29, 2003
    Posts:
    6,619
    Getting more to the point, if any of the ESET stand-alone removal tools failed to work as advertised, clearly point this out so ESET can investigate why this occurred.

    This is the main support portal for ESET Products, ESET will investigate this failure to perform issue as they are redundant if they fail to function.
     
  18. lodore

    lodore Registered Member

    Joined:
    Jun 22, 2006
    Posts:
    9,006
    Eset sysrescue can be used to clean threats when the installed eset cant. rootkits are hard to clean when they are active.
     
  19. silversurferWV

    silversurferWV Registered Member

    Joined:
    Jun 5, 2006
    Posts:
    26
    Just to update you on this situation I'm being helped by a Mr. Whitehat from the Geeks to Go Web site. Unfortunately, there has been no solution to my problem as of yet after over a week of following Mr. Whitehat's instructions. Not complaining mind you, after all this person is trying to help me, and I'm most grateful for his efforts. In the meantime I'm still infected with Trojan.Agent C:\Windows\svchost.exe, and Comcast is still sending me suspected bot notifications from time to time.

    As a side note I clicked on the ESET system rescue tool just to see where it was headed with no intention of actually running it to completion at this time. It could not find AIK on my computer and offered a link to download it. It turns out that the link was for Vista computers and not Windows 7. However, I was able to find the AIK download for W7, and will make use of it later if Mr. Whitehat can't fix my problem.
     
  20. mick92z

    mick92z Registered Member

    Joined:
    Apr 27, 2007
    Posts:
    499
    Location:
    Nottingham
    I've been following your epic battle, and I'm glad to see your finally clean. I was surprised Combofix removed c:\windows\svchost.exe,only for it to return. Just shows you how stubborn some viruses are. Going to these malware forums can take over your life for a while, I sought help there, with a friends infected machine, I was determined not to plug the machine into the internet ( zeroaccess rootkit ) so had to transfer all tools and fixes via flash drive. Its always a good idea to regularly back up all your data, and take images of your machine, then if you run into trouble you can simply restore to a clean image in half an hour :thumb:
    Congrats on your success, the folk on Geekstogo are rather good,aren't they :cool:
     
  21. cfoye

    cfoye Registered Member

    Joined:
    Aug 12, 2012
    Posts:
    1
    Location:
    USA
    I too have been infected with Olmarik.tdl4. After emailing with ESET, their stand alone cleaner failed. Then, upon their suggestion, I attempted to use TDSskiller. This would not even run on my system. ESET has now told me to call their customer service and two days in a row I sat on hold for over an hour, so now I'm looking at forums for assistance.

    Anyone have any ideas? Running Windows 7 64-bit.
     
  22. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    The TDL4 cleaner has just been updated. Please let us know if the latest version 1.6.0.1 detects and removes the variant you're infected with.
     
Thread Status:
Not open for further replies.