How to remove a DCOM virus?
Payload is it goes and downloads Trojans from a Russian ip. Microsoft Security Essentials detects access to the Windows Temp folder, but how do I remove the DCOM server virus?
Asked
Active
Viewed 4,305 times
5 Answers
1
I'm assuming your antivirus solution cannot remove the virus. That being the case, do you have a System Restore point you could utilize?
Mark
- 3,177
1
Here are some options:
Google for "antivirus online scan" and use a couple of the best-known ones to scan the computer (each takes some hours to complete).
Some that I like are Trend Micro House Call and Kaspersky Labs Free Virus Scan.
Please note that they might require you to use Internet Explorer as your browserUse a rescue live-CD virus scanner : I like best Avira AntiVir Rescue System because it gets updated several times a day and so the download CD is up-to-date. As a boot CD it doesn't use Windows, so your virus can't block it.
harrymc
- 498,455
1
A DCOM Server is just an EXE somewhere. If it's configured to run as a Service, it'll be in the Services section of the Computer Management MMC tool found in Control Panel > Administrative Tools.
If you find that it is indeed a rogue service, you can use the following command line:
SC delete service_name
JBRWilkinson
- 142
1
Today's anti-virus tools are a long way behind the explosion of Russian trojans. They're unlikely to be able to clean it up, and even if it looks like they did, how do you know there's not still a rootkit left behind that you can't see?
No: unless you have the technical knowledge and experience to analyse the infection yourself, the only safe route once a machine has been compromised is to reinstall the OS.
bobince
- 10,096
0
This is Server Launcher Issues
Signs are:
Getting Blue screen error,
Dump system performance,
Some unwanted file will be create on root of hard drive.
There are two steps: Implement anti-malware software and Empty Windows Registry
Read Troubleshooting - https://www.solvusoft.com/en/malware/viruses/troj-dcom-ai/
