Malware Removel.. atmclk.exe, dcomcfg.exe

[Pheonix_789]

I keep getting a annoying pop-ups when I am not even surfing the internet, I have downloaded several programs to remove this problem with no success, I have discovered what the malicious programs are and I am having a lot of difficulty removing it, I have used a program called Prevx1 to quarantine them but is there a way to permanently remove them?


-atmclk.exe 10kb
-dcomcfg.exe 10kb


I have used and downloaded the following programs with no sucess:

-Adaware
-Avast home edition
-System mechanic Pro
-Webroot Spywaresweeper
-Prevx1
-XP repairer PRO


Is there a way to remove the problem without reinstalling Windows XP?

 

[trog100]

something else is creating them.. something is causing them to run with a windows or browser start up.. windows wont let u delete files that are in use.. which is a basic problem..

one trick to disable a file u might think is causing problems but arnt sure is to rename it.. or create a new folder and put the file in it.. but again windows in a self protective manner wont often let u do this..

somehow u have to stop them running then delete them and anything associated with them.. plus find out how u got them in the first place..

i use an oem win pe disk for such things.. not much help if u cant lay your hands on a copy.. but i wouldnt be without mine..

trog

 

[cjoyce1980]

try running SpyBot, it has the option of running at windows start up. so it maybe able to remove this malware before it even loads.

http://www.spybot.info/

 

[Thermopylae_480]

Go to Start > Run > Type msconfig > Press enter > Choose "Diagnostic Startup" > Press Ok > Restart computer > attempt to delete files.

Diagnostic startup does not allow internet access. It loads basic programs/drivers that allow the computer to function at it's minimum capacity.

 

[DominicStockford]

I am getting the same malware. Having used Prevx1 to try to remove it, and also started up in safe mode to try to remove it, I have had no success. The programmes are allegedly in jail, according to Prevx1, but one is still active and the files have vanished from view. Have they transmogrified into something else? Anyone any ideas?

 

[DominicStockford]

Update! It only affects one of the user names on the computer. Maybe there is a way I can copy all my email from Outlook over to the Outlook in the other user name and then just close the affected user down? Does anyone know of a way to do that?

 

[Polaris573]

Download Hijack this. Run it and post the log, maybe there is something running at startup that needs to be deleted.

 

[gR3iF]

try to get the stuff away with panda

http://www.pandasoftware.com/downlo...=WWEN-PLTIS6-DES&Idioma=2&Country=DE&sec=down

just use any dates for the formular like:
blub@com.de
öosdh
dsaoidh

and so on^^ test it

 

[usctrojansfan04]

Hey Pheonix_789, I used to have the same problem. Here's the solution:

Please download SmitfraudFix (by S!Ri) (http://siri.urz.free.fr/Fix/SmitfraudFix.zip)
Extract the content (a folder named SmitfraudFix) to your Desktop.

Open the SmitfraudFix folder and double-click smitfraudfix.cmd
Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
Then select option #2 (Clean) - It will find the problem, but will at first not be able to fix it because it is being used by another process. Then allow it to reboot, and SmitfraudFix will appear at start up and clean the annoying buggers.

Note: For me, when SmitfraudFix appeared at start up to clean the malware, it said it had an error cleaning the files. If it does display that, just click ignore and it will delete them once and for all!

 

[Azn Tr14dZ]

And if nothing else works, I always do a clean re/install of Windows XP. My comp used to never shut down and I would have to manually shut it down each time until I did a clean re/install of Windows XP. It took 2 hours but cleaned out everything and works faster. Only do it though if nothing else works.

 

[Mercenary4]

Have you tried MS's Beta: Windows Defender2 or MS's Beta: Windows Live Safety Center? They may work, or not. Never had any infections on my rigs (well except my wifes rig, go figure), but still run these new Beta security software from MS for giggles and grins.

The Windows Defender Beta 2.0 runs before log on, so it may work. Once you do manage to clean out the malware, clean your registery to ensure complete removal.

 

[EveryoneHasItInThem]

The latest release of Prevx1 v.1.2.0.33 will remove this

I would give Prevx1 another try. I tried the latest release v.1.2.0.33 last night and it sorted it perfectly. You should see the clean up list it builds, quite amazing and very thorough. Shows why so many of the products we all use are struggling with this.

According to prevx support there are a number of these nasties out there which some AVs and Antispyware are detecting but failing badly to disinfect and cleanup. This latest release of Prevx1 includes a ton of new clean up techniques. They also said another even more powerful version is hot on the heels. Should be out sometime next week.

Here's the post back from prevx support:

"Thanks for reporting your issues with the removal of ATMCLK.EXE. We're sorry you had problems. Prevx1 detects and disables this infection but where a new user has a prior infection Prevx1 was having difficulty disinfecting and cleaning up. These issues are now fixed in v.1.2.0.33 which shipped for new users late in the day on May 6th. Existing users of v.1.2.0.2 will be receiving an automatic update early Monday.

v.1.2.0.33 includes a lot of new clean up functionality. It has been built to deal with really persistent 'state-of-the-art' spyware and malware infections like Free.Serials, Spy Falcon, Spyware Quake (occasionally these are referred to as you say SmitFraud).

If you de-install v.1.2.0.2 and install Prevx1fresh from the web site then it will sort your problems. Or you could wait for the update kit early next week. Personally, I'd get this thing off now!

As ever let us know if you have any further issues. We are totally committed to giving you the best Antivirus, Antispyware and Anti-malware protection we can.

Regards
Prevx Support"

I am still using the 60 day free trial and this has performed brilliantly for 3 weeks now and support as you can see is fantastic. Might be well worth the $20 to use it long term.

Good luck

 

[nwadel]

I've tried Prevx, doesn't work, it just keeps it in jail but the next day the trojan comes back. Tried the other suggestions, didn't work. Any other ideas?

 

[EveryoneHasItInThem]

Sorry, I got it wrong

Sorry, my fault for wasting your time.

You need run v.1.2.0.34 of Prevx1 not v.1.2.0.33 as I stated in my previous email.

This is currently only available as a fresh download and install (must de-install earlier versions first including v.1.2.0.33). It will then run the advanced cleanup and disinfection which will remove this once and for all.

Also Prevx support say that v.1.2.0.34 will also be available as an upgrade next week.

 

[jcokkinias]

Here's how u do it

Caution. . . Use the Registry Editor at your own risk. If you are not familiar with the registry, take you computer to someone who is.

Open Registry Editor (regedit).

Go to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies
Under this key you should see a key named "explorer" with a sub key named "run".
You can probably deleted the entire "explorer" key, but if you don't feel comfortable doing this you can go into the "run" key and delete the following three string values:
1. dcomcfg.exe
2. kernel32.exe
3. wininet.dll

After u have done this you can reboot and now you can delete these three files:
1. %systemroot%\system32\dcomcfg.exe
2. %systemroot%\system32\atmclk.exe
3. %systemroot%\system32\regperf.exe

Now you are cleaned up, no more popups.

 

[HDguardian]

stop all virus and spyware


Say goodbye to all virus and spyware with
hdguardian
www.hdguardian.com
It worked for me and my friends!

 

[emptymind]

Hey Pheonix_789, I used to have the same problem. Here's the solution:

Please download SmitfraudFix (by S!Ri) (http://siri.urz.free.fr/Fix/SmitfraudFix.zip)
Extract the content (a folder named SmitfraudFix) to your Desktop.

Open the SmitfraudFix folder and double-click smitfraudfix.cmd
Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
Then select option #2 (Clean) - It will find the problem, but will at first not be able to fix it because it is being used by another process. Then allow it to reboot, and SmitfraudFix will appear at start up and clean the annoying buggers.

Note: For me, when SmitfraudFix appeared at start up to clean the malware, it said it had an error cleaning the files. If it does display that, just click ignore and it will delete them once and for all!

Thanks for posting that link, I have been trying for ages to remove that spyware, even Norton 2006 would not see it but what you posted worked 100%

Many Thanks

 

[JVansia]

I Have a solution!

Hey guys, ok this virus/spyware has been a major annoyance but i think i've found a way to get rid of it. atmclk.exe and dcomcfg/exe were sitting comfortable in my C:\WINDOWS\System32 directory, trying to directly delete them was hopeless as they would either regenerate each other or would say that these files are locked and so windows could not delete them, so i figured there must be some software out there that lets you delete locked files...and there is.

Download any good program to delete locked files upon rebooting ur comp, enter the 2 bastards above and voila its off ur comp. Just FYI its likely that there are other things on ur comp that would like to see those files back on ur C:\\ so i'd advise doing full anti-virus, spyware and adware scans as soon as the files have been deleted. The software i used was EMCO MoveOnBoot and has seemed to work wonders....however when i update my msn messender, the files seem to come back and i had to delete them again, but so far, no sign of them and its been a few days. Was so relieved to get red of that damned yellow triangle! Hope it works for you to! - Jugal Vansia.

 

[trog100]

the remove on boot software is a good idea.. it gets around the windows not letting u delete a file while its in use factor very well..

the only real downside is u have to know exactly what files to aim it at.. if u do its clever idea..

trog

 

[GroundMeat]

The files are launched by the registry..

[This is just a copy from another board: Original Post]

Hi demerzel. Please download SmitfraudFix (by S!Ri)
Extract the content (a folder named SmitfraudFix) to your Desktop.

Open the SmitfraudFix folder and double-click smitfraudfix.cmd
Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present). [EDIT] if you restart in safe mode and run this program, you can clean the system, however it can take a long time to clean up depending on your system and the infection level[/EDIT]

Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.

[This is just a copy from another board: Original Post]

 

[Comporit]

My Comp is Safe

Hey Pheonix_789, I used to have the same problem. Here's the solution:

Please download SmitfraudFix (by S!Ri) (http://siri.urz.free.fr/Fix/SmitfraudFix.zip)
Extract the content (a folder named SmitfraudFix) to your Desktop.

Open the SmitfraudFix folder and double-click smitfraudfix.cmd
Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
Then select option #2 (Clean) - It will find the problem, but will at first not be able to fix it because it is being used by another process. Then allow it to reboot, and SmitfraudFix will appear at start up and clean the annoying buggers.

Note: For me, when SmitfraudFix appeared at start up to clean the malware, it said it had an error cleaning the files. If it does display that, just click ignore and it will delete them once and for all!

I was so desperate, I googled the name of dcomcfg.exe file! This forum came up and thanks to usctrojansfan04, I can go to sleep and have my computer for another day. The thought of reformatting was horrible.

Thanks, usctrojansfan04!

 

[Tatty_Two]

Also, and perhaps an easier way is load windows in "safe mode", then it will load with minimal drivers, you should then be able to go into Windows explorer and delete the little monsters as their associated files should not be running, then just re-boot normally, it has worked for me in the past.

 

[Comporit]

Also, and perhaps an easier way is load windows in "safe mode", then it will load with minimal drivers, you should then be able to go into Windows explorer and delete the little monsters as their associated files should not be running, then just re-boot normally, it has worked for me in the past.

Thanks. Actually, I did that and the buggers wouldn't budge. Then, I restored my system to a month ago and THAT didn't help. I SAW the files in the directory and couldn't get them out...I'm relieved and am glad I found this forum.

 

[trog100]

i have been useing a little proggy i have carried from system to system for some some years called StartMgr.exe..

it just lists the things that start up with windows and easily lets u switch them on or off..

the secret is to switch off all the junk u dont want or need and then keep a regular eye on what does start up.. if u see something new appear and u dont know for sure exactly what it is.. be suspicious..

after a while u can just look at it and know exactly what should be running and what shouldnt..

i have about ten items listed in my start manager and i know exactly what each one is.. if u dont prune this start up list on a regular basis tons of extra junk gets fired up with windows and most of it u dont need.. the malware and virus crap gets hidden amonst the junk.. clean out the junk and its easy to spot..

trog

 

[gygabite]

Aw, i have atmclk.exe , too, but none of your tipps helped me, so the only chance i have is to format C: