TechSpot

New_mak.exe and autorun.inf

By grahambek
Feb 8, 2008
  1. I have a server that has two files on a share that I cannot delete: autorun.inf and new_mak.exe. I think they came from a USB drive that first infected a desktop and then by extension the file share. I have scanned the drive with Trend Client/Server, Trend On-line scanner, Ad-Aware, Live One Care on-line, Trojan Hunter, CWShredder and Stinger, and nothing identifies these files as malware. If I delete them, however, they come right back in about 5 seconds.

    I've scanned in safe mode as well.

    I could really use some help. So far the files don't seem to be doing anything bad, but I know they are a trojan yet can't find the source. Could it be YWEED1.exe?

    This post won't let me add my HiJackThis file. Maybe it will as a continuation of the thread.
     

    Attached Files:

  2. mkenya

    mkenya TS Rookie

    Hi,
    Just experienced the same issue, and my hard disk started making some funny noise. You can delete the "new_mak.exe", by first stopping the process, through the Task Manager. The files are most likely located in all your root drives.
    Whatever it is, its very harmful, hogged my Memory and CPU usage was pretty up until I deleted the files. Remember to remove the autorun file also.
     
  3. kritius

    kritius TS Guru Posts: 2,084

    Your HiJackThis is out of date, get the latest version HERE.

    You must also remember to run it from its own folder incase it needs to make any backups.

    I would also recommend that you follow all the steps HERE because there are several things in your log that do not look good.

    Post back in here with the three requested logs and dont forget to follow all the steps exactly.
     
  4. jobeard

    jobeard TS Ambassador Posts: 9,311   +617

    You're running Windows 2000 SP2

    this is the Microsoft version of Java which was in non-compliance with the Sun Micro License
    C:\Program Files\jvm\bin\java.exe
    the official Java Download is here

    unless you actually need SNMP, then you ougth to disable
    C:\WINDOWS\System32\snmp.exe
    if you don't known what snmp is, then you don't need it :)

    all these entries look bogus
    O1 - Hosts: 63.240.6.25 MI8NYCMAIL01 I8NYCMAIL01.MI8.COM​
    use this link to replace the HOSTS file (be sure to mark it R/O once it's saved).
     
  5. y2kmasai

    y2kmasai TS Rookie

    New_mak.exe

    The best way to remove the virus is to know how it works. visit this link to know how .... That site will show you how to remove the New_mak.exe virus and return your machine back to your original state. to access the site google Ray Nyumu
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...