Malware Removel.. atmclk.exe, dcomcfg.exe

[mengel]

ATMCLK file

Thanks for this useful advice... you really saved the day for me since I was getting more and more frustrated with the pop-ups, etc. Against my better judgement and expecting even more problems, I downloaded the SmitfraudFix - what a breeze.

Thanks usctrojansfan04

Hey Pheonix_789, I used to have the same problem. Here's the solution:

Please download SmitfraudFix (by S!Ri) (http://siri.urz.free.fr/Fix/SmitfraudFix.zip)
Extract the content (a folder named SmitfraudFix) to your Desktop.

Open the SmitfraudFix folder and double-click smitfraudfix.cmd
Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
Then select option #2 (Clean) - It will find the problem, but will at first not be able to fix it because it is being used by another process. Then allow it to reboot, and SmitfraudFix will appear at start up and clean the annoying buggers.

Note: For me, when SmitfraudFix appeared at start up to clean the malware, it said it had an error cleaning the files. If it does display that, just click ignore and it will delete them once and for all!

 

[gt4awd]

Had tons of problems...

I have had the computer I am using right now for over five years without getting even one spyware/malware/trojan. The reason is because I would use Nortan Firewall and have all browser fuctions, scripts, active x, etc... on prompt status. In your IE settings or whatever browser you use set active scripting to prompt, and never allow scripts on a site you do not trust. Active scripting is what allows those spyware/maleware/trojans/worms to be installed on your system when visiting a malicious website. These will mostly be hacking, and porno websites.
I recently got DSL after using slow 56k forever and decided I did not want to leave active scripting on prompt because it was slowing loading times down, and getting annoying to click all the time. After I few days I forgot all about it, visited a free porn site, and had this malware installed onto my computer. It does not fully install or run until you restart, and during the same day I ran windows update. After restarting and seeing the two new icon's on the desktop, and then seeing the popup window stating my security was compromised. I decided it must be one of the updates that were installed.
After searching the new process names that I found, I realized it was malware. I was updating to SP2 at the time though, and it was going very slow... I think this malware might actually start to slow down your computer. I decided to exit the SP2 installation while it was installing, run the "SmitfraudFix" program, and then restarted the SP2 install. That was a bad idea, and when I restarted the computer it just constantly restarted over, and over. I found that the OS was completely currupt, and no special boot options could get into the OS.
Not having a Windows XP cd at the time, I had no way of fixing the computer. A week or so later I bought my new computer, which came with a XP cd. After running the "repair" mode on XP install the computer got into windows explorer but was unable to load the desktop, or display any GUI's at all except for Windows Task Manager. You will get the error ' File: "RTL8139.sys" on RTL8139/810X Family Fast Ethernet NIC Driver Disk is needed. ' or something very similar about Ethernet while running the repair mode (when it is installing drivers) and also when windows loads.
After windows not properly loading the first time, I restarted and ran the repair mode agian. The second time around fixed the problem, and windows loaded properly. After you get into windows it will load drivers depending on what is connected to the computer. For instance your mouse will not work at first, and you will see a dialogue box saying drivers are being installed (if it is a USB mouse). After that windows will automatically restart, and your almost ready. Now you have to reinstall the Ethernet NIC Driver.
To do this put in the windows XP cd, and go to Start/Search, search on the cd for the ".sys" file the error says you need. Once it finds the file, right click on it, copy the file, and paste it in the "C:\windows\system32\Drivers" folder. Now go to My computer, Properties, Hardware Device Manager, Network Adapters, Update Driver. Click "No. Not at this time." for the Automatic Update search, click "Install from a list or specific location", and then "Do not search. I will choose file to install".
In the Network adapter box select the name of your Adapter. Mine had two listed, the "RTL8139 Family Fast Ethernet" and another that was the same but had "RTL8139/810X". The 810X was for SP2, which obviously completely messed up, and isnt even enabled on my computer. There must still be a lot of its files though, but for now windows is working properly.
After doing that your computer will be fixed. To avoid all this though dont exit SP2 while it is installing . None of the problems listed above were due to the "SmitfraudFix" program, and the program did remove the malware. It took me almost two weeks to see if it worked though. . So if your stuck with a computer that just constantly restarts this post should help you fix it I guess. Sorry it is so long, and thanks to these forums for helping me remove the malware. Also, big thanks to the programmer of the "SmitfraudFix".

 

[avt]

atmclk.exe , dcomcg.exe
Answer is:-

smitfraudfix -zip file- http://siri.urz.free.fr/Fix/SmitfraudFix.zip

Just doule clikc the SmitfraudFix.cmd and follow the prompts

 

[c0mput3rg33k]

Thanks usctrojansfan04 - I had the same problem and SmitfraudFix was the only thing that worked. I run my own IT business and this program will definitely be on my utility disk. Thanks Heaps.

Hey Pheonix_789, I used to have the same problem. Here's the solution:

Please download SmitfraudFix (by S!Ri) (http://siri.urz.free.fr/Fix/SmitfraudFix.zip)
Extract the content (a folder named SmitfraudFix) to your Desktop.

Open the SmitfraudFix folder and double-click smitfraudfix.cmd
Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
Then select option #2 (Clean) - It will find the problem, but will at first not be able to fix it because it is being used by another process. Then allow it to reboot, and SmitfraudFix will appear at start up and clean the annoying buggers.

Note: For me, when SmitfraudFix appeared at start up to clean the malware, it said it had an error cleaning the files. If it does display that, just click ignore and it will delete them once and for all!

 

[pbjoerke]

I have had problems with atmclk.exe, regperp.exe and dcomcfg.exe for some days.
The most terrible and annoying spyware I have met.
I started with the tips about PREVX, as it sounded easy and capable. I never got it working though. It started with an error about C++. When continuing I had to click OK on about 10 error messages. (I never have these problems with all other programs I have installed)
I gave up and tried the SmitfraudFix instead. I worked very well without running in safe mode. My IE works smoother in than it does before the latest fraud. The only thing happened was that my background image was reset to default.
So, I agree with many people here, Thanks to the author of Smitfraud.

 

[hellorsanjeev]

Excellent Tool

Oh Cool ! I luv to see it again and again. I spent almost 2 days to get ride of these errors like atmclk but nothing was successful. The virus used to open bad and pron sites anytime. But then I read about this tool. Oh boy, it was a fun to execute it. It deleted all the viruses at once.

Hats off to the author this tool, I really appreciate his knowledge

Regards,
Sanjeev @ Induslogic Inc.

 

[smittyre]

SmitfraudFix

Hey Pheonix_789, I used to have the same problem. Here's the solution:

Please download SmitfraudFix (by S!Ri) (http://siri.urz.free.fr/Fix/SmitfraudFix.zip)
Extract the content (a folder named SmitfraudFix) to your Desktop.

Open the SmitfraudFix folder and double-click smitfraudfix.cmd
Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
Then select option #2 (Clean) - It will find the problem, but will at first not be able to fix it because it is being used by another process. Then allow it to reboot, and SmitfraudFix will appear at start up and clean the annoying buggers.

Note: For me, when SmitfraudFix appeared at start up to clean the malware, it said it had an error cleaning the files. If it does display that, just click ignore and it will delete them once and for all!

I had the problem and used this to resolve it, it worked great. Note I did not run into the error above. I would recommend running the "Search" several times untill all bad files are removed.

 

[Sledgehammerhyena]

I have another solution!

What I did to get rid of the evil spyware:

I use XP Professional. Firstly I removed the SpyFalcon thing using "Add/Remove Programs". Then I logged out.

1. - I logged in and immediately pressed ctrl + alt + del and clicked on the task manager option.

2. - I waited until the processes that are associated appeared. (dcomcfg.exe, regperf.exe, atmclk.exe)

3. - I then right clicked on them and chose "End Process Tree".

4. - That fixed them straight up. I was then free to delete them from the system32 folder and the registry and "POOF" they were gone.

NOTES: When waiting for the processes to appear, the main thing to look out for is regperf.exe. That is the process that you want to end mainly. Beware though. It will dissapear in a short amout of time and then it is too late. Yo will have to log in and out again for a second attempt.

I have a question. How do you delete the rest?

How do you get rid of the Icon down in the tray that has a picture of a red circle with a strike through alternating with a green wheelchair? Its caption is "Virus Alert!" And it keeps making random things appear that say "Your computer is infected!" It is so annoying.

Thanks you guys for the helpful info that led me to get rid of the pesky little virus-things on my own. Saviours

Mum/Dad would have been very pissed off if they had seen the random porn that kept appearing. So im saved!

Cheers

 

[sanfin]

Thanks usctrojansfan04!

Hey usctrojansfan04,
I was almost thinking of formatting but your advice was more then useful!
Thank you so much!
Cheers,
Paolo

 

[driftwood]

thanks!

i noticed this problem last nite and tried a system restore to get rid of the two processes , didnt allow me to do it. then today i looked at these forums , and DL'd the SmitFraudFix and ran it as stated , allowed to reboot (wait awhile) and it deleted the two files perfectly!!! thanks to creator

 

[usctrojansfan04]

Glad to be of help to everybody!

 

[movermanwa]

Finally something that works on these buggers. Downloaded, saved to desktop, rebooted into Safe Mode, ran the search, then ran clean, rebooted and bingo it was all gone.

 

[drimades]

I've used SmitFraudFix and it deletes the file dcomcfg.exe but it still reappears after some time when I connect to the Internet? What can I do?

 

[Comporit]

That's odd

It permanently deleted the files on my system but my system was riddled with so many trojans and other viruses it was only part of the problem. I changed from NIS to KIS (Kaspersky Internet Security), which I first downloaded from www.kaspersky.com for a one month free trial. The KIS cleaned and still maintains my system and I avoided having to reformat. Good luck to you!

 

[Rol87]

HELP!!!!ahhhh!

hey,
sorry for digging this from the grave. But I have been having some problems with some pop ups I have tryed spybot and smitraudfix but no luck the pop up that allways pops up is "outerinfo" can someone help me on this one I did have more pop ups but now i have way less than before. One other thing why i reboot I get this rundll message and its "uxvuicww.dll" it says that the module could not be found.

HELP!!!

 

[Namslas90]

@Rol87, have you run MRT yet?

 

[Rol87]

no

no whats that?

 

[Namslas90]

no whats that?

Windows Maliciouse Removal Tool. Click start > run > enter 'mrt' then click ok. Make sure windows has been updated though, to get latest virus/spyware/malware ID's.

 

[Rol87]

umm.. it says: "windows can not find "mrt"

 

[Namslas90]

umm.. it says: "windows can not find "mrt"

Go to Microsoft update/downloads and get it, it's free!!

 

[theonetruewill]

Did anyone think of just using CCleaner (deleting the startup registry entries)?
Then going to Control Panel > Admin tools > Services, and disabling the services which weren't legitimate.
Then using Unlocker (which you finally did - good one) to delete the damn things.

Very simple...

Also get a better Antivirus:shadedshu

Nod32 free trial anyone???

 

[Rol87]

help

Did anyone think of just using CCleaner (deleting the startup registry entries)?
Then going to Control Panel > Admin tools > Services, and disabling the services which weren't legitimate.
Then using Unlocker (which you finally did - good one) to delete the damn things.

Very simple...

Also get a better Antivirus:shadedshu

Nod32 free trial anyone???

hey what do you mean?

 

[theonetruewill]

hey what do you mean?

Do you mean, help please explain OR I think your a n00b what the hell do you know about shit?

CCleaner > Tools > Startup > delete the startup entry. If you don't know which one Google it, but I've always been able to tell. If your a newbie, look it up first.

Then Control Panel > Admin tools > Services and right click on the right one (Google if necessary)> Properties and disable the service at startup and currently.

Then get a file unlocker (Unlocker Assistant/Gipo Move on boot) and destroy those viruses in your system32 folder. (C:\WINDOWS\system32 - it's where most viruses generally hide)

Then get the Nod32 trial and install it.

Then go to scan but with all the scanning options enabled like in the attached picture.

If however you were taking the piss - just die.

 

[Namslas90]

Check this out, then bookmark it;

156 windows commands

http://www.fixmyxp.com/content/view/20/42/