IPB

Welcome Guest ( Log In | Register )

 
Closed TopicStart new topic
> AT1.job AT10.job create automatically scheduled task [Merged]
faisal.khan
post 5.03.2009 15:39
Post #1


Advanced Member I
***

Group: Members
Posts: 197
Joined: 9.10.2008




Dear ALL,
i have installed kaspersky antivirus 6.0 updated virus definition but does not detected AT1.job,AT10.job,AT20.job,AT21.job like this automatically scheduled create tasks file

please give me solution and find out the attachment file

thanks






Attached File(s)
Attached File  createscheduledtask.JPG ( 219,07K ) Number of downloads: 48
 
Go to the top of the page
 
+Quote Post
valet
post 5.03.2009 15:42
Post #2


Professional I
***********

Group: Members
Posts: 2525
Joined: 17.09.2008
From: Россия / Russia




I think you'd better go here. (in English)

This post has been edited by valet: 5.03.2009 15:43


--------------------
Go to the top of the page
 
+Quote Post
kilo2
post 5.03.2009 15:44
Post #3


Kaspersky Fan III
**********

Group: Gold beta testers
Posts: 2405
Joined: 1.02.2009




http://forum.kaspersky.com/index.php?showtopic=101154

This post has been edited by kilo2: 5.03.2009 15:44


--------------------
Утилита удаления KAV/KISУтилита GetSystemInfoKaspersky Virus Removal Tool 2011Kaspersky Rescue Disk 10
-------------------------------------------------------------------------------
Home: Windows 8.1 x64 Prof KIS 15.0.1.415 - ASUS M4A78T-E, AMD Phenom™ II X4 910 (2,6 GHz), 16GB RAM,
Work: Windows 7 x64 Prof KIS 15.0.1.415
Mobile: Nexus 5
--------------------------------------------------------------------------------
Профиль на ФКЛК
Go to the top of the page
 
+Quote Post
faisal.khan
post 5.03.2009 16:04
Post #4


Advanced Member I
***

Group: Members
Posts: 197
Joined: 9.10.2008




QUOTE(kilo2 @ 5.03.2009 16:44) *




Dear Sir,
i have already Windows server 2003 updated with services pack 2 and also kaspersky anti virus updated but still infected with AT1.job, AT10.job.

if i remove manually these files it will create automatically scheduled task

and please dont' tell me this is kido virus because i have also tried kido killer also but its not work sir.



please give me the solution and check the attachment file i hope you will understand my problem


This post has been edited by faisal.khan: 5.03.2009 16:06
Attached File(s)
Attached File  createscheduledtask.JPG ( 219,07K ) Number of downloads: 18
 
Go to the top of the page
 
+Quote Post
kilo2
post 5.03.2009 16:12
Post #5


Kaspersky Fan III
**********

Group: Gold beta testers
Posts: 2405
Joined: 1.02.2009




Yes it kido, you need forumm in English, set complex password if the virus has not picked them http://forum.kaspersky.com/index.php?showforum=19


--------------------
Утилита удаления KAV/KISУтилита GetSystemInfoKaspersky Virus Removal Tool 2011Kaspersky Rescue Disk 10
-------------------------------------------------------------------------------
Home: Windows 8.1 x64 Prof KIS 15.0.1.415 - ASUS M4A78T-E, AMD Phenom™ II X4 910 (2,6 GHz), 16GB RAM,
Work: Windows 7 x64 Prof KIS 15.0.1.415
Mobile: Nexus 5
--------------------------------------------------------------------------------
Профиль на ФКЛК
Go to the top of the page
 
+Quote Post
faisal.khan
post 6.03.2009 11:55
Post #6


Advanced Member I
***

Group: Members
Posts: 197
Joined: 9.10.2008




QUOTE(kilo2 @ 5.03.2009 17:12) *
Yes it kido, you need forumm in English, set complex password if the virus has not picked them http://forum.kaspersky.com/index.php?showforum=19



Dear Sir,
i have already set complex password on windows server 2003 but any other solutions

thanks for rapid reply

Go to the top of the page
 
+Quote Post
kilo2
post 6.03.2009 12:16
Post #7


Kaspersky Fan III
**********

Group: Gold beta testers
Posts: 2405
Joined: 1.02.2009




Follow the recommendations in this article http://support.kaspersky.com/wks6mp3/error?qid=208279973


--------------------
Утилита удаления KAV/KISУтилита GetSystemInfoKaspersky Virus Removal Tool 2011Kaspersky Rescue Disk 10
-------------------------------------------------------------------------------
Home: Windows 8.1 x64 Prof KIS 15.0.1.415 - ASUS M4A78T-E, AMD Phenom™ II X4 910 (2,6 GHz), 16GB RAM,
Work: Windows 7 x64 Prof KIS 15.0.1.415
Mobile: Nexus 5
--------------------------------------------------------------------------------
Профиль на ФКЛК
Go to the top of the page
 
+Quote Post
janibeg
post 7.05.2009 13:44
Post #8


Newbie
*

Group: Members
Posts: 2
Joined: 7.05.2009




Did you solve your problem, faisal.khan?
Go to the top of the page
 
+Quote Post
faisal.khan
post 20.05.2009 13:45
Post #9


Advanced Member I
***

Group: Members
Posts: 197
Joined: 9.10.2008




QUOTE(janibeg @ 7.05.2009 14:44) *
Did you solve your problem, faisal.khan?



Dear sir,
this is not kido do you have any idea

thanks
Go to the top of the page
 
+Quote Post
faisal.khan
post 21.05.2009 09:50
Post #10


Advanced Member I
***

Group: Members
Posts: 197
Joined: 9.10.2008




Dear Sir,
i have kaspersky antivirus 6.0.3.837 server with up-to-date and also windows server is also updated

I run new kidokiller utility At1.job is remove but after some time it will appear again what is the solution

please find out the attachment for see the issue and i hope you reply me as soon as possible


thanks



Attached File(s)
Attached File  createscheduledtask.JPG ( 219,07K ) Number of downloads: 15
 
Go to the top of the page
 
+Quote Post
haux
post 24.06.2009 12:59
Post #11


Newbie
*

Group: Members
Posts: 1
Joined: 24.06.2009




I've revived this dead thread as I now have the same problem. We had Conficker when our anti-virus went down for the day. We managed to remove it but now we've got the same problems as faisal.khan. We get AT1 - AT10 Schedual task's randomly generated, if we delete them they will be back by the morning. There trying to start the file rundll32.dll but with a mix of characters at the end such as..

rundll32.dll edfeee,fdsa

Cheers
Go to the top of the page
 
+Quote Post
linuxcom
post 10.07.2009 20:55
Post #12


Newbie
*

Group: Members
Posts: 2
Joined: 9.07.2009




QUOTE(haux @ 24.06.2009 05:59) *
I've revived this dead thread as I now have the same problem. We had Conficker when our anti-virus went down for the day. We managed to remove it but now we've got the same problems as faisal.khan. We get AT1 - AT10 Schedual task's randomly generated, if we delete them they will be back by the morning. There trying to start the file rundll32.dll but with a mix of characters at the end such as..

rundll32.dll edfeee,fdsa

Cheers


Hello,

I have the same issue in my network, its 11 servers with the issue.

I doubt it is KIDO / Conficker because:

1- There is no description of Kido causing this behavior anywhere. so there is no point saying its kido
all my servers are kido free, latest SP 2 and all securitiy fixes , I have Wsus 3.0 running here..

2- In other places there is a description of this behaviour in relation to these trojans:

Brontok.i
Vundo (Virtumondo) AdWare.Win32.Virtumonde.fp, AdWare.Win32.Virtumonde.jp, AdWare.Win32.SecToolBar.h, AdWare.Win32.Virtumonde.aju, AdWare.Win32.Virtumonde.aqi, Trojan.Win32.Agent.ctk
Trojan-Downloader.Win32.Zlob

and others.

I`baffled that if you put at1.job in kaspersky viruslist search it can´t find these viruses. Nor kaspersky file server anti virus can locate them , because the kav for file servers doesn´t detect them.

The Combofix utility doesn´t run on windows 2003 and 2008 server. also

the latest Microsoft malware removal kit is useless on this too.

The KK.exe utility is for no avail also...

Another behaviour that these jobs created in schedule tasks do is create a instance of the rundll32.exe . even if you
delete those tasks the processes created previously will continue to be running avoc. I had in one server 32 rundll32 running simultaneously. ( maybe my servers are attacking south Korea?)

So far there is no clue of how to stop this infection?

I didn´t try yet scanning the server in safe mode though.

Any help please?


Go to the top of the page
 
+Quote Post
linuxcom
post 13.07.2009 22:06
Post #13


Newbie
*

Group: Members
Posts: 2
Joined: 9.07.2009






Ok now.

I redid a full scan and the only virus in the network is really Kido.

So it keeps replicating on and on. The at01.job etc is really something to do with this
terrible virus.

I found the folowing solution so far:

1- Update the SP3 to all XP machines with Wsus3.0

2- Update all critical and security from MS

3- Run a full scan in the PC´s with the "delete if desinfection faisl " option checked.

4- Download the KK.exe latest version ( 3.4.7 )

5- Create a install package in admin kit with kk.exe with th following switches set :

-f -r -y -s -x -a -m -j -l

This will make the kk.exe app resident in the memory of the machines and will prevent the
continous creation of the jobs in the windows scheduler.

This worked fine to us so far.




Go to the top of the page
 
+Quote Post

Closed TopicStart new topic

 



Lo-Fi Version Time is now: 22.12.2014 13:11