Go Back   Hardware Canucks > SOFTWARE > O/S's, Drivers & General Software

    
Reply
 
LinkBack Thread Tools Display Modes
  #1 (permalink)  
Old January 8, 2011, 04:54 AM
martin_metal_88's Avatar
Hall Of Fame
F@H
 
Join Date: Apr 2009
Location: Quebec City
Posts: 4,175

My System Specs

Exclamation Wierd file process.

This is one that I need help. One of the computer at job have a virus, unfortunatly we can't just reinstall a new windows since there is some needed software on it. ( I am actually typing from that computer :) )
The problem is that when I start windows there is a process that take 99% of the CPU use. I can;t kill it using the end process key. The only thing I am able to find about it is what some anti virus report. This is the name file that I can't find using windows search tools : eniriyonidop . Yes it's wierd. Some more info here.
In the msconfig startup menu I have a bit more info that are the following :
eniriyonidop rundll32.ece ''C:\WINDOWS\eniriyonidop.dll'',Startup . I also tryed to disable it at startup but even with that he keep coming back.
Ho I almost forget! the base virus was the one that act like a disk check utility called my disk. The same that was looking like a antivirus for the past few year.
Usually I just wipe windows off and start from scratch but in this case, I just can't.

If you guys have any info or need more detail ask me! My boss would love to see this issue cleared soon ;)

Martin
__________________
Ask for more

Martin_metal_88
Colenzo : See system spec!

Odysseus : I7 860 @ 3.6Ghz || GA P55-UD5 || G.skill Ripjaws F3-16000 2000Mhz 2X2GB || Coolermaster ATCS 840 || Silverstone Strider plus 850W || WD 640 black - WD 1TB green - Samsung F3 2TB || MSI 5670 1GB Cyclone ||Coolermaster Hyper 212 + ||

Reply With Quote
  #2 (permalink)  
Old January 8, 2011, 05:18 AM
Rookie
 
Join Date: Dec 2009
Posts: 40
Default

Are you able to just copy the software you need to somewhere else so you can format this machine? I would suggest doing it outside of Windows.
Have you tried booting into Windows safe mode to see if you're able to run malware or virus scans without it loading?
You could try a AV boot disk which scans and cleans outside of Windows, Bitdefender, AVG and Avira have them for download.
There are some utilities which can kill a process, TSKILL is one but I'm sure there are others.
You could try the steps discussed here: UPDATED 8-step Viruses/Spyware/Malware Preliminary Removal Instructions - TechSpot OpenBoards.
Reply With Quote
  #3 (permalink)  
Old January 8, 2011, 05:23 AM
martin_metal_88's Avatar
Hall Of Fame
F@H
 
Join Date: Apr 2009
Location: Quebec City
Posts: 4,175

My System Specs

Default

The problem is that if I have to reinstall windows all the place is down. This computer is one of the few that are server but the main software is on this one. For now my day is ending, time to go sleep :P But I will take a look at what you suggest tonight since I can reboot the computer during night, but not keep it down for long.
__________________
Ask for more

Martin_metal_88
Colenzo : See system spec!

Odysseus : I7 860 @ 3.6Ghz || GA P55-UD5 || G.skill Ripjaws F3-16000 2000Mhz 2X2GB || Coolermaster ATCS 840 || Silverstone Strider plus 850W || WD 640 black - WD 1TB green - Samsung F3 2TB || MSI 5670 1GB Cyclone ||Coolermaster Hyper 212 + ||

Reply With Quote
  #4 (permalink)  
Old January 8, 2011, 05:32 AM
Banned
F@H
 
Join Date: Aug 2007
Location: mtl
Posts: 12,694
Default

try antivir? or a few more av's, but not at the same time. they can bork it if its deep enough....so slow and going or maybe fast or not going? that is the question.

if its critical but still works and does whats it supposed to do? leave it for now.
Reply With Quote
  #5 (permalink)  
Old January 8, 2011, 05:08 PM
martin_metal_88's Avatar
Hall Of Fame
F@H
 
Join Date: Apr 2009
Location: Quebec City
Posts: 4,175

My System Specs

Default

Nah can't leave it just like that...This virus keep growing all the time so some day windows will be completly sxrewed. Which I need to avoid. Also, it's to risky that the whole network get infected which would be terrible and cost a lot of money.
__________________
Ask for more

Martin_metal_88
Colenzo : See system spec!

Odysseus : I7 860 @ 3.6Ghz || GA P55-UD5 || G.skill Ripjaws F3-16000 2000Mhz 2X2GB || Coolermaster ATCS 840 || Silverstone Strider plus 850W || WD 640 black - WD 1TB green - Samsung F3 2TB || MSI 5670 1GB Cyclone ||Coolermaster Hyper 212 + ||

Reply With Quote
  #6 (permalink)  
Old January 8, 2011, 05:27 PM
Top Prospect
 
Join Date: Apr 2010
Location: Vancouver
Posts: 242
Default

Quote:
Originally Posted by martin_metal_88 View Post
rundll32.ece ''C:\WINDOWS\eniriyonidop.dll'',Startup
You have to go after the process that detects when the malicious code (eniriyonidop.dll) is not running and respawn it, however, that "overwatch process" is often hidden under a rootkit.

Here's a list of the the usual cleaners:

Kaspersky Virus Removal Tool 2010

Malwarebytes

Microsoft Malicious Software Removal Tool

VIPRE Rescue - VIPRE Computer Recovery Solution from Sunbelt Software

SUPERAntiSpyware.com - AntiMalware, AntiSpyware, AntiAdware!

If they won't do the job, take the infected drive out and scan it with a good AV (Norton, Kaspersky) from another system (fully patched, autorun fully disabled and running as a restricted user). Note what was change by the AV since system files needed for booting Windows may have been removed.

If it's a rogue AV, look through here and see if you can spot the one you're infected with -- HDDFix?:

Rogue Antispyware

Lastly you can try and get help from forums specializing in removing malware. If the system has a paid AV such as Norton and Kaspersky, those vendors' forums can help with custom removal scripts, or you can try independent support forums such as 5-star

5 Star Support Forums - Free Computer Help

Good luck.
__________________
iK ©
Reply With Quote
  #7 (permalink)  
Old January 8, 2011, 07:13 PM
Perineum's Avatar
Hall Of Fame
F@H
 
Join Date: Mar 2009
Location: Surrey, B.C.
Posts: 4,039

My System Specs

Default

This is why I remove viruses instead of wiping/formatting HDs... cause one day you can't wipe the HD and the experience would be nice to have....

Wiping the HD is the sledgehammer approach to driving in a finishing nail.

Last edited by Perineum; January 8, 2011 at 09:46 PM.
Reply With Quote
  #8 (permalink)  
Old January 8, 2011, 08:20 PM
martin_metal_88's Avatar
Hall Of Fame
F@H
 
Join Date: Apr 2009
Location: Quebec City
Posts: 4,175

My System Specs

Default

I seriously don't understand what you mean dude??
__________________
Ask for more

Martin_metal_88
Colenzo : See system spec!

Odysseus : I7 860 @ 3.6Ghz || GA P55-UD5 || G.skill Ripjaws F3-16000 2000Mhz 2X2GB || Coolermaster ATCS 840 || Silverstone Strider plus 850W || WD 640 black - WD 1TB green - Samsung F3 2TB || MSI 5670 1GB Cyclone ||Coolermaster Hyper 212 + ||

Reply With Quote
  #9 (permalink)  
Old January 8, 2011, 08:37 PM
Rookie
F@H
 
Join Date: Oct 2010
Location: lévis
Posts: 11

My System Specs

Default

hi martin you could try the next link for rootkit working fine RootkitRevealer
Reply With Quote
  #10 (permalink)  
Old January 9, 2011, 05:10 AM
martin_metal_88's Avatar
Hall Of Fame
F@H
 
Join Date: Apr 2009
Location: Quebec City
Posts: 4,175

My System Specs

Default

Unfortunatly nothing seems to work. Thank you guys for your help, I will have to work hard to find a way to reinstall windows + all the software and the network shit damn fast to keep the place running XD ahah yay!
__________________
Ask for more

Martin_metal_88
Colenzo : See system spec!

Odysseus : I7 860 @ 3.6Ghz || GA P55-UD5 || G.skill Ripjaws F3-16000 2000Mhz 2X2GB || Coolermaster ATCS 840 || Silverstone Strider plus 850W || WD 640 black - WD 1TB green - Samsung F3 2TB || MSI 5670 1GB Cyclone ||Coolermaster Hyper 212 + ||

Reply With Quote
Reply


Thread Tools
Display Modes

Similar Threads
Thread Thread Starter Forum Replies Last Post
Sappire 4870X2 Baking Process AmuseMe Case Mods, Worklog & Gallery 46 July 17, 2010 04:04 PM
Words of Praise for Kingston RMA Process M1K3Z0R Off Topic 2 March 7, 2010 11:57 AM
something wierd going on with my hdd kyle_L Troubleshooting 8 July 13, 2009 05:00 PM
VERY wierd behavior Toronto122 New Builds 25 April 3, 2009 03:50 PM
Shader Process OC Alwaysrun HardwareCanucks F@H Team 6 January 16, 2009 09:48 PM