New_mak.exe and autorun.inf

Status
Not open for further replies.
G

grahambek

I have a server that has two files on a share that I cannot delete: autorun.inf and new_mak.exe. I think they came from a USB drive that first infected a desktop and then by extension the file share. I have scanned the drive with Trend Client/Server, Trend On-line scanner, Ad-Aware, Live One Care on-line, Trojan Hunter, CWShredder and Stinger, and nothing identifies these files as malware. If I delete them, however, they come right back in about 5 seconds.

I've scanned in safe mode as well.

I could really use some help. So far the files don't seem to be doing anything bad, but I know they are a trojan yet can't find the source. Could it be YWEED1.exe?

This post won't let me add my HiJackThis file. Maybe it will as a continuation of the thread.
 

Attachments

  • hijackthis.log
    10 KB · Views: 7
Hi,
Just experienced the same issue, and my hard disk started making some funny noise. You can delete the "new_mak.exe", by first stopping the process, through the Task Manager. The files are most likely located in all your root drives.
Whatever it is, its very harmful, hogged my Memory and CPU usage was pretty up until I deleted the files. Remember to remove the autorun file also.
 
Your HiJackThis is out of date, get the latest version HERE.

You must also remember to run it from its own folder incase it needs to make any backups.

I would also recommend that you follow all the steps HERE because there are several things in your log that do not look good.

Post back in here with the three requested logs and dont forget to follow all the steps exactly.
 
You're running Windows 2000 SP2

this is the Microsoft version of Java which was in non-compliance with the Sun Micro License
C:\Program Files\jvm\bin\java.exe
the official Java Download is here

unless you actually need SNMP, then you ougth to disable
C:\WINDOWS\System32\snmp.exe
if you don't known what snmp is, then you don't need it :)

all these entries look bogus
O1 - Hosts: 63.240.6.25 MI8NYCMAIL01 I8NYCMAIL01.MI8.COM​
use this link to replace the HOSTS file (be sure to mark it R/O once it's saved).
 
New_mak.exe

The best way to remove the virus is to know how it works. visit this link to know how .... That site will show you how to remove the New_mak.exe virus and return your machine back to your original state. to access the site google Ray Nyumu
 
Status
Not open for further replies.

Similar threads

E
I have been taken over by a software called Astanda using XML to Log everything and roaming to an SQL server.
Replies
0
Views
465
eriksnyman1
E
D
PC CPU shipments grew nearly 22% in Q4 amid robust laptop and desktop sales
Replies
1
Views
201
scavengerspc
scavengerspc
Bubbajim
  • Locked
Tech layoffs and share prices don't add up: Cutting costs at financial peaks?
2
Replies
37
Views
723
Endymio
Endymio

Latest posts

Back