1 2 Previous Next 10 Replies Latest reply on Jan 1, 2012 5:53 PM by kuttus

    need help with the PING.EXE virus

      Hi

       

      I am new to the group, so i hope this is the kind of questions you can ask in the discussion group.

      I got hit with a virus called ping.exe. It is using 80-90% of my CPU time and eats my memory until my laptop is usless.

      I had the latest McAfee update but it did not find anything when i did a  scan.

      I scanned my PC with just about every program i could find and i could not get rid of it so last night i reloaded Windows XP.

      If it comes back, any ideas how to get rid of it?

       

      thanks

      Tim K9US

        • 1. Re: need help with the PING.EXE virus
          Peter M

          Hi Tim welcome to the group and yes of course you can ask.  Whether we have an answer is another matter.   I moved this to Malware Discussions > Home User Assistance as a more appropriate spot.

           

          Being a McAfee forum we are a bit limited on what we can suggest but I can tell you that most antivirus applications aren't very good with this sort of malware.

           

          You could try running Stinger from this link and set the heuristics at high to see if it catches anything - try doing it in 'Safe Mode with Networking' reached by tapping F8 repeatedly while booting up if regular mode proves impossible.

           

          McAfee does have a paid malware removal service but if we can find a free alternative let's try.

           

          You may wish to follow the example of this poster at a malware help forum and start a new thread with the logs he has posted:  http://forums.whatthetech.com/index.php?showtopic=121560

           

          Good luck.

          • 2. Re: need help with the PING.EXE virus

            There may be one more infection assosiated with it. . To check it's presence you have to do one thing.

             

            In Windows XP

            ----------------------

             

            Click on the start meanu and press on Run.

            Inside the Run window type CMD and press on Okay.

            In the black Command Window type

            NETSH WINSOCK RESET and hit on enter.

             

            If you get a message

            "Sucessfully reset the Winsock Catalog.

            You must restart the machine in order to complete the reset." then you are safe.

            If not your computer is infected.

             

            Steps - 1

             

            Try the above steps.

             

            Steps-2

             

            Ping.exe is a infection. To fix this run a SIGVERIF on the compuiter. For that Click on Start Menue -> Click on Run -> Type SIGVERIF and press on Ok.

            Follow the instructions.

             

            It will detect one infected *.sys  file. You have to replace that file from the recovery console.

             

            The other solution to fix it is a Fresh Installation.

             

            In Windows Vista and Windows 7

            --------------------------------------…

             

            Click on the Start Menu and in the Search box type CMD

            At the top you can see a CMD file. Just right click on that file and select Run as

             

            Administrator.

             

            In the black Command Window type

            NETSH WINSOCK RESET and hit on enter.

             

            If you get a message

            "Sucessfully reset the Winsock Catalog.

            You must restart the machine in order to complete the reset." then you are safe.

             

            If not your computer is infected. In windows Vista and Windows 7 a successful system restore

             

            will fix the issue. Try a system restore to a good point.

             

            After a successful system restore try to do the same step again.

            If you got the message "Sucessfully reset the Winsock Catalog.

            You must restart the machine in order to complete the reset." your computer is safe and secure.

            • 3. Re: need help with the PING.EXE virus

              I'm having the same problem with pin.exe. It keeps using up my computer, and sometimes it opens up new windows by itself i don't know if that's related. If it helps i was infected with windows vista security 2012 virus, i had someone else remove it from teesupport, but this ping.exe problem still exists. I tried using netsh winsock reset but it doesn't work, it says  WSHELPER.DLL , IFMON.DLL cannot be loaded. and winsock reset command was not found. I can't do a system restore because i don't have any good system  restore points i think they're also infected. please tell me there are other ways to fix this other than to format my computer...

              Is it possible that i can just replace my ping.exe with a clean one from a different computer? Though i don't really have one, if so where can i get one?

               

              Message was edited by: enea on 12/30/11 11:38:25 AM CST
              • 4. Re: need help with the PING.EXE virus

                Try to do multiple restore points. No matter if it is infected or not. After each restore try the NETSH WINSOCK RESET.

                If you got the message

                "Sucessfully reset the Winsock Catalog.

                You must restart the machine in order to complete the reset." your computer is safe and secure....

                 

                Try to do the system restore itself, There is no other solution for the same,

                • 5. Re: need help with the PING.EXE virus

                  I have had exactly the same experience with this "ping.exe virus".  I seem to have been infected with it sometime today.  I got rid of it by doing a Windows restore to one week ago - it worked like a champ.

                  • 6. Re: need help with the PING.EXE virus
                    Peter M

                    That's great and SR is always the easiest way if available but don't forget to update McAfee and Windows afterwards.  Now temporarily disable System Restore to get rid of the infected restore point.

                    • 7. Re: need help with the PING.EXE virus
                      Hayton

                      The reply above by Kuttus is taken (without attribution) from "How to remove Trojan Trojan.Zeroaccess", a post at 123seminars.com; the same article is referenced in a reply to a thread in Microsoft TechNet. Over at BleepingComputer someone with this problem was taken through the usual diagnostic and removal steps, and the logs from that may give a clue. One of the replies to a thread at Spiceworks.com describes this succinctly :

                      Seems like a pretty straight forward piece of Malware to me. It's running a ping silently with a different packet size(which, if large enough, can slow a computer to a halt). It's most likely pinging the server of the "hacker" with a specific packet size(to rule out someone merely pinging his server randomly) to let him know your IP and possibly more. Pretty brilliant, in theory, but he needs to adjust the packet size obviously. It's probably tormenting his server and you're not supposed to draw attention to the malware!

                       

                      This Ping.exe malware has been around for about a year and a half, to judge by the dates on the requests for help in different tech forums. If it's still going after all this time then it's likely enough that there's a rootkit element to it. It does not seem to be TDL4, since TDSSKiller is ineffective against it. Norton, btw, can't fix it either. There are a couple of tools from other vendors which are claimed to be effective against ZeroAccess, if that's what this is part of.

                       

                      A number of posters in various forums say that rolling back to a restore point some way in the past is the best method of dealing with it.

                       

                      How it gets acquired is unclear : there's a Trojan dropper, in some cases associated with music or game downloads.

                       

                      Oh, and the malware bundle seems capable of disabling most (but not all) of the usual AV programs.

                      • 8. Re: need help with the PING.EXE virus

                        If this infection is happen in a Network computer, it will not allow as to communicate with the Server. Especially with the Exchange Server. The client PC will send a Error like Not able to Communicate with the Exchange Server.

                         

                        The Symptoms for this infection are different.

                         

                        1. Google Redirection. (In different Intervals )

                        2. Not able to connect to Wireless.

                        3. Not able to Boot in Normal Mode

                        4. System Slow

                        5. Internet Explorer Crash

                        6. PC Restarting

                        7. Not able to install Security Software's.

                        8. Not able to Run Windows Update.

                         

                        Etc Etc.

                        • 9. Re: need help with the PING.EXE virus

                          I still can't use system restore to fix it, everytime i run system restore it says the restore point was damaged or deleted during the restore. I don't have anymore system restore points, so now i can't use netsh winsock reset. Does that mean i have no other way than to format my computer?

                          1 2 Previous Next