Skip to content


Reply
Stone Esquire
create_share
Posts: 2
Registered: ‎12-12-2011
Accepted Solution

How to get rid of At1.job

All of my PCs are having this virus. TrendMicro says it has been cleaned but it is coming again and again. Is there any solution?

 

Virus/Malware: Mal_DownadJ

Computer: User-PC1

Domain: Domain

File:  C:\WINDOWS\Tasks\At1.job

Date/Time: 18/01/1433 09:27:20

Result: Cleaned

 

TrendMicro 10.5.1083

 

Thanks.

Please use plain text.
Legendary Emissary
malwarekiller
Posts: 3,931
Registered: ‎08-08-2011

Re: How to get rid of At1.job

Welcome aboard! Posted Image

 

Download ComboFix from the any of the locations given in this website:

    • IMPORTANT !!! You need to Save ComboFix.exe to your Desktop
      • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you are still unsure on how to do this, see here
      • Double click on ComboFix.exe & follow the prompts.
      • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
      • If you already have the Recovery Console preinstalled, it will not ask for the following. If it does prompt, allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.


      **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

      Posted Image

      Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

      Posted Image

      Click Yes, to continue scanning for malware. Please be patient and don't use the PC whilst it is scanning.

      When finished, it shall produce a log for you. Please copy & paste the contents of this log (also found at C:\ComboFix.txt) in your next reply at your topic.
—————
Was this post helpful? Say “thanks” by giving me a “Kudo”!
Was your question answered or issue solved? Mark that post as an “Accepted Solution”!
Please use plain text.
Stone Esquire
create_share
Posts: 2
Registered: ‎12-12-2011

Re: How to get rid of At1.job

[ Edited ]

Windows Servers 2003 & 2008 are not supported by combo. What to do now? Please check the attached.

Thanks.

Please use plain text.
Legendary Emissary
malwarekiller
Posts: 3,931
Registered: ‎08-08-2011

Re: How to get rid of At1.job

Not to worry i will wipe it out manually...

 

Download OTL  to your Desktop.

http://www.geekstogo.com/forum/files/file/398-otl-oldtimers-list-it/

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Select All Users
  • Under the Custom Scan box paste this in

netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
consrv.dll
explorer.exe

netbt.sys

atapi.sys

volsnap.sys

redbook.sys

lsi_sas.sys

tcpip.sys
winlogon.exe
Userinit.exe
svchost.exe
/md5stop
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT /s
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS /s

C:\Windows\assembly\tmp\U\*.* /s
CREATERESTOREPOINT


  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • attach both logs
—————
Was this post helpful? Say “thanks” by giving me a “Kudo”!
Was your question answered or issue solved? Mark that post as an “Accepted Solution”!
Please use plain text.
Stone Esquire
Masood
Posts: 1
Registered: ‎02-06-2013

Re: How to get rid of At1.job

HI,

 

I am facing this issue on all of my network PC's. I have run the ComboFix utility and attached the log file for your review. Please help!

Please use plain text.
Legendary Emissary
malwarekiller
Posts: 3,931
Registered: ‎08-08-2011

Re: How to get rid of At1.job

[ Edited ]

1. Close any open browsers.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix. 
3. Open notepad and copy/paste the text in the quotebox below into it:

 

 

File::
C:\WINDOWS\Tasks\At*.job

Fcopy::
c:\windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll|c:\windows\system32\user32.dll

Fcopy::
c:\windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll|c:\windows\SysWOW64\user32.dll

Save this as CFScript.txt, in the same location as ComboFix.exe
 

Refering to the picture above, drag CFScript into ComboFix.exeWhen finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
3.  If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.

—————
Was this post helpful? Say “thanks” by giving me a “Kudo”!
Was your question answered or issue solved? Mark that post as an “Accepted Solution”!
Please use plain text.
Affiliate
ChrisKo
Posts: 770
Registered: ‎08-18-2010

Re: How to get rid of At1.job

You may also try it this way:

Take a look at the virus logs of your OfficeScan Server. Locate the Downad infections and if there is an "infection source" listed. Take a look at the PC that is listed as infection source and clean it from Conficker.

 

Best Regards

Christian Kotthoff - ConnecT Informationstechnik GmbH

I am a Trend Micro Affiliate. My comments and advice come from my personal knowledge and experience. I’m happy to volunteer what I can to help others have a great Trend Micro experience.
Please use plain text.