Virus @#$%&! :: SOLVED!
-
At the end I've used AVIRA boot CD to delete the file. Now everything is back to normal! :thumbsup: The original post: Ahhh! the best way to start a monday... It seems that one computer has been infected with a virus that allows you to log in and then, after 2 or 3 seconds it shows a dialog app that only asks for money, and it makes it impossible to get access to the operating system as Ctrl+Alt+Supr, Ctrl+Esc... are not working. During those sterting seconds I've managed to launch the task manager and I've seen a process named "jork-0-typ-col.exe" that definitely shouldn't be there. I've tried without luck to remove that process. MSE has miserably failed this time, I'm downloading AVIRA (the recovery tool) but as my internet speed is so fast I will have 45 minutes before getting it and I was wondering if you would try something else... Thank you in advance! :thumbsup:
[www.tamautomation.com] Robots, CNC and PLC machines for grinding and polishing.
-
Try: Safe mode -> MSConfig -> Startup -> then kill all but MS stuff. Might work, but no money-back guarantee!
It is not possible to get into safe-mode...when I try that the computer restarts automatically... X| + :(( Thank you for the hint though...
[www.tamautomation.com] Robots, CNC and PLC machines for grinding and polishing.
-
At the end I've used AVIRA boot CD to delete the file. Now everything is back to normal! :thumbsup: The original post: Ahhh! the best way to start a monday... It seems that one computer has been infected with a virus that allows you to log in and then, after 2 or 3 seconds it shows a dialog app that only asks for money, and it makes it impossible to get access to the operating system as Ctrl+Alt+Supr, Ctrl+Esc... are not working. During those sterting seconds I've managed to launch the task manager and I've seen a process named "jork-0-typ-col.exe" that definitely shouldn't be there. I've tried without luck to remove that process. MSE has miserably failed this time, I'm downloading AVIRA (the recovery tool) but as my internet speed is so fast I will have 45 minutes before getting it and I was wondering if you would try something else... Thank you in advance! :thumbsup:
[www.tamautomation.com] Robots, CNC and PLC machines for grinding and polishing.
Joan Murt wrote:
I've tried without luck to remove that process.
Try this: When logged in, just kill the power (DO NOT SHUTDOWN!). Restart in safe-mode, clean up the 'non-PnP' driver in device manager. Then try delete those pesky exe files. Then reboot.
-
At the end I've used AVIRA boot CD to delete the file. Now everything is back to normal! :thumbsup: The original post: Ahhh! the best way to start a monday... It seems that one computer has been infected with a virus that allows you to log in and then, after 2 or 3 seconds it shows a dialog app that only asks for money, and it makes it impossible to get access to the operating system as Ctrl+Alt+Supr, Ctrl+Esc... are not working. During those sterting seconds I've managed to launch the task manager and I've seen a process named "jork-0-typ-col.exe" that definitely shouldn't be there. I've tried without luck to remove that process. MSE has miserably failed this time, I'm downloading AVIRA (the recovery tool) but as my internet speed is so fast I will have 45 minutes before getting it and I was wondering if you would try something else... Thank you in advance! :thumbsup:
[www.tamautomation.com] Robots, CNC and PLC machines for grinding and polishing.
-
At the end I've used AVIRA boot CD to delete the file. Now everything is back to normal! :thumbsup: The original post: Ahhh! the best way to start a monday... It seems that one computer has been infected with a virus that allows you to log in and then, after 2 or 3 seconds it shows a dialog app that only asks for money, and it makes it impossible to get access to the operating system as Ctrl+Alt+Supr, Ctrl+Esc... are not working. During those sterting seconds I've managed to launch the task manager and I've seen a process named "jork-0-typ-col.exe" that definitely shouldn't be there. I've tried without luck to remove that process. MSE has miserably failed this time, I'm downloading AVIRA (the recovery tool) but as my internet speed is so fast I will have 45 minutes before getting it and I was wondering if you would try something else... Thank you in advance! :thumbsup:
[www.tamautomation.com] Robots, CNC and PLC machines for grinding and polishing.
-
At the end I've used AVIRA boot CD to delete the file. Now everything is back to normal! :thumbsup: The original post: Ahhh! the best way to start a monday... It seems that one computer has been infected with a virus that allows you to log in and then, after 2 or 3 seconds it shows a dialog app that only asks for money, and it makes it impossible to get access to the operating system as Ctrl+Alt+Supr, Ctrl+Esc... are not working. During those sterting seconds I've managed to launch the task manager and I've seen a process named "jork-0-typ-col.exe" that definitely shouldn't be there. I've tried without luck to remove that process. MSE has miserably failed this time, I'm downloading AVIRA (the recovery tool) but as my internet speed is so fast I will have 45 minutes before getting it and I was wondering if you would try something else... Thank you in advance! :thumbsup:
[www.tamautomation.com] Robots, CNC and PLC machines for grinding and polishing.
This video might be useful. Malware Hunting with the SysInternals Tools[^]. It has several techniques for dealing with such infections.
Henry Minute Girl: (staring) "Why do you need an icy cucumber?" “I want to report a fraud. The government is lying to us all.” I wouldn't let CG touch my Abacus! When you're wrestling a gorilla, you don't stop when you're tired, you stop when the gorilla is. Cogito ergo thumb - Sucking my thumb helps me to think.
-
At the end I've used AVIRA boot CD to delete the file. Now everything is back to normal! :thumbsup: The original post: Ahhh! the best way to start a monday... It seems that one computer has been infected with a virus that allows you to log in and then, after 2 or 3 seconds it shows a dialog app that only asks for money, and it makes it impossible to get access to the operating system as Ctrl+Alt+Supr, Ctrl+Esc... are not working. During those sterting seconds I've managed to launch the task manager and I've seen a process named "jork-0-typ-col.exe" that definitely shouldn't be there. I've tried without luck to remove that process. MSE has miserably failed this time, I'm downloading AVIRA (the recovery tool) but as my internet speed is so fast I will have 45 minutes before getting it and I was wondering if you would try something else... Thank you in advance! :thumbsup:
[www.tamautomation.com] Robots, CNC and PLC machines for grinding and polishing.
Is it a laptop ? If not, then simply mount the disk on another computer, delete the executable. You have to access the registry to clean all the Run/RunOnce entries, as well as msconfig to disable the services. Then you can run the antivirus to kill the thing.
-
Probably search for that filename on your drive, and on your registry? Then delete?
Signature construction in progress. Sorry for the inconvenience.
Can't do that... I get locked from accessing the OS after 2 seconds... Anyway already solved, avira system rescue worked like charm. :thumbsup:
[www.tamautomation.com] Robots, CNC and PLC machines for grinding and polishing.
-
Joan Murt wrote:
I've tried without luck to remove that process.
Try this: When logged in, just kill the power (DO NOT SHUTDOWN!). Restart in safe-mode, clean up the 'non-PnP' driver in device manager. Then try delete those pesky exe files. Then reboot.
To add more joy to the issue this won't work as it seems it asks for running the STPD (Daemon tools lite) and any of the options given (cancel/allow) gives the same result... restarting the computer. X| Anyway it's been solved, I've been using AVIRA rescue cdrom and it has been :thumbsup: Thank you for your suggestion!
[www.tamautomation.com] Robots, CNC and PLC machines for grinding and polishing.
-
If the process comes back after killing it, its getting started by another process. Trick is to kill both at the same time. Have you got sysinternals tools on your box?
Probably you are right, but I've not seen any other strange process running there... I don't have sysinternals... (only heard of it, I'll take a deeper look to see what offers). Anyway it's been solved, I've used AVIRA rescue cdrom and it has been :thumbsup: Thank you for your suggestion!
[www.tamautomation.com] Robots, CNC and PLC machines for grinding and polishing.
-
I've used AVIRA rescue cdrom and it has been :thumbsup: It is a linux boot environment with the latest virus definitions. Meanwhile I've been using it I've been downloading UBUNTU... but now I can cancel the download. Thank you for your suggestion!
[www.tamautomation.com] Robots, CNC and PLC machines for grinding and polishing.
-
To add more joy to the issue this won't work as it seems it asks for running the STPD (Daemon tools lite) and any of the options given (cancel/allow) gives the same result... restarting the computer. X| Anyway it's been solved, I've been using AVIRA rescue cdrom and it has been :thumbsup: Thank you for your suggestion!
[www.tamautomation.com] Robots, CNC and PLC machines for grinding and polishing.
Wait! Your computer prompts when you rip out the power cable? (Yes, that is what I meant, some virii write startup entries on a clean shutdown)
-
This video might be useful. Malware Hunting with the SysInternals Tools[^]. It has several techniques for dealing with such infections.
Henry Minute Girl: (staring) "Why do you need an icy cucumber?" “I want to report a fraud. The government is lying to us all.” I wouldn't let CG touch my Abacus! When you're wrestling a gorilla, you don't stop when you're tired, you stop when the gorilla is. Cogito ergo thumb - Sucking my thumb helps me to think.
It's been solved, I've been using AVIRA rescue cdrom and it has been :thumbsup: I'll take a look at this software... Thank you for your suggestion!
[www.tamautomation.com] Robots, CNC and PLC machines for grinding and polishing.
-
Is it a laptop ? If not, then simply mount the disk on another computer, delete the executable. You have to access the registry to clean all the Run/RunOnce entries, as well as msconfig to disable the services. Then you can run the antivirus to kill the thing.
Good option if all other things fail, I've been successful with AVIRA system rescue cdrom, I would have tried a linux live cd and the last option would be this one (well the one before last, the last one is to reinstall windows....). thank you for the suggestion! :thumbsup:
[www.tamautomation.com] Robots, CNC and PLC machines for grinding and polishing.
-
At the end I've used AVIRA boot CD to delete the file. Now everything is back to normal! :thumbsup: The original post: Ahhh! the best way to start a monday... It seems that one computer has been infected with a virus that allows you to log in and then, after 2 or 3 seconds it shows a dialog app that only asks for money, and it makes it impossible to get access to the operating system as Ctrl+Alt+Supr, Ctrl+Esc... are not working. During those sterting seconds I've managed to launch the task manager and I've seen a process named "jork-0-typ-col.exe" that definitely shouldn't be there. I've tried without luck to remove that process. MSE has miserably failed this time, I'm downloading AVIRA (the recovery tool) but as my internet speed is so fast I will have 45 minutes before getting it and I was wondering if you would try something else... Thank you in advance! :thumbsup:
[www.tamautomation.com] Robots, CNC and PLC machines for grinding and polishing.
-
The only way of ever truly knowing your machine is clean after that is to reinstall the OS. That is what I do most of the time.
=====
\ | /
\|/
|
|-----|
| |
|_ |
_) | /
_) __/_
_) ____
| /|
| / |
| |
|-----|
|===
Yes, of course, but spending 7 hours to get the computer ready again... that's a nightmare... 7 hours due to the incredibly astonishing blazing fast internet speed that takes ages to download all the updates... :zzz:
[www.tamautomation.com] Robots, CNC and PLC machines for grinding and polishing.
-
At the end I've used AVIRA boot CD to delete the file. Now everything is back to normal! :thumbsup: The original post: Ahhh! the best way to start a monday... It seems that one computer has been infected with a virus that allows you to log in and then, after 2 or 3 seconds it shows a dialog app that only asks for money, and it makes it impossible to get access to the operating system as Ctrl+Alt+Supr, Ctrl+Esc... are not working. During those sterting seconds I've managed to launch the task manager and I've seen a process named "jork-0-typ-col.exe" that definitely shouldn't be there. I've tried without luck to remove that process. MSE has miserably failed this time, I'm downloading AVIRA (the recovery tool) but as my internet speed is so fast I will have 45 minutes before getting it and I was wondering if you would try something else... Thank you in advance! :thumbsup:
[www.tamautomation.com] Robots, CNC and PLC machines for grinding and polishing.
Boot into Safe Mode (keep pressing F8 while Window is initially loading, before you se the Windows logo). Once in the Malware shouldn't be running and you will be able to find and kill the file. I would also dowload McAfee Stinger and run it. If Safe Mode doesn't work, boot into Hiren's Boot CD and launch Mini XP or run Knoppix, Ubuntu or one of the many Linux Boot CD. Many of them come with an AntiVirus built in you can update the definitions and run. Just thought of BitDefender or Kaspersky Boot CD that you can donload, burn, run and they allow you to update the virus definitions before running.
Michael Martin Australia "I controlled my laughter and simple said "No,I am very busy,so I can't write any code for you". The moment they heard this all the smiling face turned into a sad looking face and one of them farted. So I had to leave the place as soon as possible." - Mr.Prakash One Fine Saturday. 24/04/2004
-
Boot into Safe Mode (keep pressing F8 while Window is initially loading, before you se the Windows logo). Once in the Malware shouldn't be running and you will be able to find and kill the file. I would also dowload McAfee Stinger and run it. If Safe Mode doesn't work, boot into Hiren's Boot CD and launch Mini XP or run Knoppix, Ubuntu or one of the many Linux Boot CD. Many of them come with an AntiVirus built in you can update the definitions and run. Just thought of BitDefender or Kaspersky Boot CD that you can donload, burn, run and they allow you to update the virus definitions before running.
Michael Martin Australia "I controlled my laughter and simple said "No,I am very busy,so I can't write any code for you". The moment they heard this all the smiling face turned into a sad looking face and one of them farted. So I had to leave the place as soon as possible." - Mr.Prakash One Fine Saturday. 24/04/2004
Hello Martin! thank you for your post, at the end I've done something similar, I've used the Boot CD from AVIRA to get the file deleted. Now that computer is again working without issues! :cool: Thank you for your hints! :thumbsup:
[www.tamautomation.com] Robots, CNC and PLC machines for grinding and polishing.