1

How to remove a DCOM virus?

Payload is it goes and downloads Trojans from a Russian ip. Microsoft Security Essentials detects access to the Windows Temp folder, but how do I remove the DCOM server virus?

Tamara Wijsman
  • 57,083
  • 27
  • 185
  • 256
abmv
  • 315
  • 1
  • 6
  • 15
  • Next time you report something, include additional information so we can give better instructions in how to clean up your virus. It's completely possible to recover from this without re-installation, but it's rather vague the way your question was stated... – Tamara Wijsman Aug 04 '11 at 12:32

5 Answers5

1

I'm assuming your antivirus solution cannot remove the virus. That being the case, do you have a System Restore point you could utilize?

Mark
  • 3,149
  • 9
  • 36
  • 39
1

Here are some options:

  1. Google for "antivirus online scan" and use a couple of the best-known ones to scan the computer (each takes some hours to complete).
    Some that I like are Trend Micro House Call and Kaspersky Labs Free Virus Scan.
    Please note that they might require you to use Internet Explorer as your browser

  2. Use a rescue live-CD virus scanner : I like best Avira AntiVir Rescue System because it gets updated several times a day and so the download CD is up-to-date. As a boot CD it doesn't use Windows, so your virus can't block it.

harrymc
  • 455,459
  • 31
  • 526
  • 924
  • don't think this would work tried mse – abmv Jan 13 '10 at 18:35
  • 1
    Not all antiviruses are equal. If you would like to avoid reinstalling Windows, try as many as it takes to clean your computer. Some to try are MBAM, Avast and Spybot S&D. – harrymc Jan 13 '10 at 20:53
  • 1
    I'm not sure if an "antivirus online scan" search is really a safe solution to give. Many fake antivirus are popping on such results. – Gnoupi Jan 13 '10 at 21:41
1

A DCOM Server is just an EXE somewhere. If it's configured to run as a Service, it'll be in the Services section of the Computer Management MMC tool found in Control Panel > Administrative Tools.

If you find that it is indeed a rogue service, you can use the following command line:

SC delete service_name

JBRWilkinson
  • 142
  • 6
1

Today's anti-virus tools are a long way behind the explosion of Russian trojans. They're unlikely to be able to clean it up, and even if it looks like they did, how do you know there's not still a rootkit left behind that you can't see?

No: unless you have the technical knowledge and experience to analyse the infection yourself, the only safe route once a machine has been compromised is to reinstall the OS.

bobince
  • 9,716
  • 2
  • 21
  • 18
  • I will format today sad its Windows 7 – abmv Jan 14 '10 at 06:24
  • @abmv: There exist rootkit scanners for that purpose, and it's [not true](http://www.symantec.com/business/security_response/landing/threats.jsp) that anti-virus tools are way behind. Analysing the infection becomes an ease with Sysinternals Tools like Process Explorer, Process Monitor and AutoRuns and rootkits become an ease with RootKitRevealer, GMER and similar software... – Tamara Wijsman Aug 04 '11 at 12:29
0

This is Server Launcher Issues Signs are: Getting Blue screen error,
Dump system performance, Some unwanted file will be create on root of hard drive.

There are two steps: Implement anti-malware software and Empty Windows Registry

Read Troubleshooting - https://www.solvusoft.com/en/malware/viruses/troj-dcom-ai/

Mellisasha Rapova
  • 36
  • 3
  • Whilst this may theoretically answer the question, [it would be preferable](//meta.stackoverflow.com/q/8259) to include the essential parts of the answer here, and provide the link for reference. – bertieb May 23 '19 at 07:22