Jump to content
Sign in to follow this  
faisal.khan

AT1.job AT10.job create automatically scheduled task [Merged]

Recommended Posts

Dear ALL,

i have installed kaspersky antivirus 6.0 updated virus definition but does not detected AT1.job,AT10.job,AT20.job,AT21.job like this automatically scheduled create tasks file

 

please give me solution and find out the attachment file

 

thanks

 

 

 

 

 

post-132782-1236253134_thumb.jpg

Share this post


Link to post
Share on other sites

 

 

 

Dear Sir,

i have already Windows server 2003 updated with services pack 2 and also kaspersky anti virus updated but still infected with AT1.job, AT10.job.

 

if i remove manually these files it will create automatically scheduled task

 

and please dont' tell me this is kido virus because i have also tried kido killer also but its not work sir.

 

 

 

please give me the solution and check the attachment file i hope you will understand my problem

post-132782-1236254713_thumb.jpg

Edited by faisal.khan

Share this post


Link to post
Share on other sites

Dear Sir,

i have kaspersky antivirus 6.0.3.837 server with up-to-date and also windows server is also updated

 

I run new kidokiller utility At1.job is remove but after some time it will appear again what is the solution

 

please find out the attachment for see the issue and i hope you reply me as soon as possible

 

 

thanks

 

 

post-132782-1242884946_thumb.jpg

Share this post


Link to post
Share on other sites
Haux   

I've revived this dead thread as I now have the same problem. We had Conficker when our anti-virus went down for the day. We managed to remove it but now we've got the same problems as faisal.khan. We get AT1 - AT10 Schedual task's randomly generated, if we delete them they will be back by the morning. There trying to start the file rundll32.dll but with a mix of characters at the end such as..

 

rundll32.dll edfeee,fdsa

 

Cheers

Share this post


Link to post
Share on other sites
linuxcom   
I've revived this dead thread as I now have the same problem. We had Conficker when our anti-virus went down for the day. We managed to remove it but now we've got the same problems as faisal.khan. We get AT1 - AT10 Schedual task's randomly generated, if we delete them they will be back by the morning. There trying to start the file rundll32.dll but with a mix of characters at the end such as..

 

rundll32.dll edfeee,fdsa

 

Cheers

 

Hello,

 

I have the same issue in my network, its 11 servers with the issue.

 

I doubt it is KIDO / Conficker because:

 

1- There is no description of Kido causing this behavior anywhere. so there is no point saying its kido

all my servers are kido free, latest SP 2 and all securitiy fixes , I have Wsus 3.0 running here..

 

2- In other places there is a description of this behaviour in relation to these trojans:

 

Brontok.i

Vundo (Virtumondo) AdWare.Win32.Virtumonde.fp, AdWare.Win32.Virtumonde.jp, AdWare.Win32.SecToolBar.h, AdWare.Win32.Virtumonde.aju, AdWare.Win32.Virtumonde.aqi, Trojan.Win32.Agent.ctk

Trojan-Downloader.Win32.Zlob

 

and others.

 

I`baffled that if you put at1.job in kaspersky viruslist search it can´t find these viruses. Nor kaspersky file server anti virus can locate them , because the kav for file servers doesn´t detect them.

 

The Combofix utility doesn´t run on windows 2003 and 2008 server. also

 

the latest Microsoft malware removal kit is useless on this too.

 

The KK.exe utility is for no avail also...

 

Another behaviour that these jobs created in schedule tasks do is create a instance of the rundll32.exe . even if you

delete those tasks the processes created previously will continue to be running avoc. I had in one server 32 rundll32 running simultaneously. ( maybe my servers are attacking south Korea?)

 

So far there is no clue of how to stop this infection?

 

I didn´t try yet scanning the server in safe mode though.

 

Any help please?

 

 

 

Share this post


Link to post
Share on other sites
linuxcom   

 

 

Ok now.

 

I redid a full scan and the only virus in the network is really Kido.

 

So it keeps replicating on and on. The at01.job etc is really something to do with this

terrible virus.

 

I found the folowing solution so far:

 

1- Update the SP3 to all XP machines with Wsus3.0

 

2- Update all critical and security from MS

 

3- Run a full scan in the PC´s with the "delete if desinfection faisl " option checked.

 

4- Download the KK.exe latest version ( 3.4.7 )

 

5- Create a install package in admin kit with kk.exe with th following switches set :

 

-f -r -y -s -x -a -m -j -l

 

This will make the kk.exe app resident in the memory of the machines and will prevent the

continous creation of the jobs in the windows scheduler.

 

This worked fine to us so far.

 

 

 

 

 

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this  

×