/bundles/itninjaweb/img/Breadcrumb_cap_w.png
In our organization infrastructure which contains many VMware esx server machines and our physical workstations with workgroup connected instead of AD,
Has been attached with a virus img001.exe and I tried many options to clear it but it is coming back on next day once we connect to network.

It is having only issue with esx console machines.others are cleaned once we delete the appdata\nsminer folder.

Is there any way to clean them instead of reinstallation of OS.?
0 Comments   [ - ] Hide Comments

Comments

Please log in to comment

Answer this question or Comment on this question for clarity

Answers

0
Unfortunately, I don't know an easy and convenient way to clean that up. 

1. Find the running processes through task manager (Use right click context menu and locate the files where the virus resides) and kill it. As an alternative you can use RKill, to kill the majority of malicious tasks, including img001 and find the files manually.

2. After successfully killing the process, attempt to locate any files associated with what you found and proceed to remove them manually.

3. Check your installed applications and remove any ones you do not recognize.

4. Open up the registry editor and attempt to locate registry files associated with the virus.

Not much else you can do apart from a fresh install. Have you tried checking the source? Tracking if any queries have placed that download the files to computers? It could be a worm version of img001.
Answered 08/24/2017 by: JoshRoss
Senior White Belt

Please log in to comment