Olmarik Trojan

By marjustdoit
May 5, 2010
  1. Hi! I have the following problem: Some days ago I was using Firefox when a popup came and I made the big mistake of clicking okay. NOD32 discovered the Olmarik trojan in my computer and wasn´t able to delete it. After that, a lot of weird things started to happen to my computer... First, a window sometimes appears when I am on the internet asking me if I want to download a file. Of course I always put not to download it. Second, NOD32 is blocking some URLs every hour... Third, Host Process for Windows Services often stops working and after that an error message of windows appears saying there was an error. Fourth, after Host Pocess stops working, the taskbar changes it is color to a soft grey instead of the normal grey of Windows Vista.

    I attach the log of SUPERAntiSpyware, Malwarebytes and MGTools. I tried to use ComboFix several times and it first appears a windows that it says that it needs to reboot the computer, because it found something and after rebooting approx. 3 times a windows shutted down and a blue screen appears that says: IRQL_NOT_LESS_OR_EQUAL and the normal message of windows asking you if it is the first time this screen appears and to contact someone if its not the first time... I tried to use RootRepeal and it crashed as well. This is the log of the error:

    Windows Version: Windows Vista SP2
    Exception Code: 0xc0000005
    Exception Address: 0x004cbf6b
    Attempt to read from address: 0x00000004

    Thanks for your help and I would appreciate if you answer ASAP, because I think the trojan is installing more things in my computer...

    Attached Files:

  2. Broni

    Broni Malware Annihilator Posts: 54,258   +383

  3. marjustdoit

    marjustdoit TS Rookie Topic Starter

    I attach the files.

    (I already attached the Malwarebytes Anti-Malware log)


    Attached Files:

  4. Broni

    Broni Malware Annihilator Posts: 54,258   +383

    Please download ComboFix from Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    1. Please, never rename Combofix unless instructed.
    2. Close any open browsers.
    3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
      • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
      • Close any open browsers.
      • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
      • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    4. Double click on combofix.exe & follow the prompts.
    5. When finished, it will produce a report for you.
    6. Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review.
    **Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

    Make sure, you re-enable your security programs, when you're done with Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

    Download HijackThis:
    by clicking on Installer under Version 2.0.4
    Install, and run it.
    Post HijackTHis log.
    Do NOT attempt to fix anything!

    NOTE. If you're using Vista, or 7, right click on HijackThis, and click Run as Administrator
Topic Status:
Not open for further replies.

Similar Topics

Add your comment to this article

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...