Ping.exe virus can not be deleted

**YWD67** · December 19th, 2011, 11:31 AM

Last week I was looking at a video from Comedy Central. I had a virus that slammed through two security programs like a knife through hot butter. It disabled a shit load of window programs. It made my desk top invisible, redirected me to some shit site, and downloaded all kings of phonie Windows security Internet Security programs.

It took four different virus programs to delete the crap security virus programs, (Spybot, Superantispyware, Norton, and Kaspersky).
Even with that, there is a fucking program/reg/whatever that will not leave, or cleared out.

When IE, Firefox, or any other program that accesses the net is used the virus comes back via the Ping.exe. All the above anti virus programs have as yet discovered what the hell keeps allowing this shit thing to activate.

I have discovered one thing that may help someone with finding how to kill this cocksucker program.

It seems to ride on the Scvhost program that deals with audio programs. I have found that when the Ping.exe shows up and killing it with the Taskmanger, it does nothing but delay it's return in about 75 seconds.
If however you kill the scvhost that it rides on it does not return unless a program that requires an audio is used.

If I turn my net ability off the ping still tries to access the net for about 45 seconds then stops. It tries again about every 75 seconds.
Once it gets a net connection but there is no active use of the net, the damn program runs the computer useage to 100% and slows my system to a crawl.
I am running XP Family Securtiy 3.

This shit hole virus seems to be a big problem with many sites. I have all my virus programs up to date as of the 18.

Thanks for any help.

**RACKnRAIL** · December 19th, 2011, 11:42 AM

Have you tried removing it from safemode?

I've found combofix pretty good at removing tough viruses.

http://majorgeeks.com/Combofix_d6402.html

**YWD67** · December 19th, 2011, 12:42 PM

Oh yeah! When I try to look for solving the prodgram on the net and using any wording of Ping.exe I get a fucking redirect as well.

Will try the Conf program that you have suggested. I will get back with you hopefully soon.

**drtoker** · December 19th, 2011, 01:04 PM

I use Hijackthis to identify all things that startup with the OS. The other handy thing, it will show you what loads when IE is started: toolbars, add ins, search redirects, any could contain the virus that keeps coming back. Of course this is more of a manual process, as the program doesn't identify only malicious items, so you kind of have to know what doesn't belong and tell the program to remove it.

+1 for combofix, it has saved my butt before. I just hate that you can't really control it, just run it, and it does its thing.

**YWD67** · December 19th, 2011, 02:01 PM

Fuck an "A" Yes!!

It took two runs of Combofix to do it. I used Hijackthis for sometime and the shit thing was so far into my system that it could not bring it out.

It took me several days just to find away to access our site with out being redirectd to some shit site about food. I could do a net search for anything that did not contain the words Ping.
Once I did all hell would break loose. Everytime the Ping.exe came on when I was hooked to the net it would download four to five different shit phonie Widnows Securtiy system alerts.

Rack you now have the use of my wife and two sons, (plus one Pug and one Tabby cat) for any use that you wish.

PM me for details for delivery. Offer is void in North America, South America and any nation ending in a vowel or consonant. (God damn US governemnt)

**mountain_rage** · December 19th, 2011, 02:09 PM

Look up hirens boot disc on a torrent site and keep a copy handy at all times. If you get the right one it will come with a live linux, live mini windows xp, and every app you can possibly imagine needing to fix problems on your computer. Combo fix, Hijack this, Partition Magic, Acronis, Ghost, Kapersky, Malware bytes, spybot, etc.

**RACKnRAIL** · December 19th, 2011, 03:46 PM

Combofix has saved me a few times. Glad I could help.

**w31n3r** · December 19th, 2011, 11:35 PM

Originally Posted by mountain_rage

If you get the right one it will come with a live linux, live mini windows xp, and every app you can possibly imagine needing to fix problems on your computer. Combo fix, Hijack this, Partition Magic, Acronis, Ghost, Kapersky, Malware bytes, spybot, etc.

...such as the miniPE 2010 ver by PlaNeD, you can get it off TPB. it's the geeks ultimate fixit toolbox.

and yeah, combofix FTW

**sistoy** · December 22nd, 2011, 06:41 AM

I have the ping.exe virus on my laptop. I have tried everything that I could think of to remove it. Thank you so much for the information on Combofix. I am going to give that a try.
I found that to some extent I can avoid the redirects by right-clicking on the link I want to go to and selecting "Open in new tab". I don't know why that worked, but it did.

**YWD67** · December 22nd, 2011, 10:14 AM

Originally Posted by sistoy

I have the ping.exe virus on my laptop. I have tried everything that I could think of to remove it. Thank you so much for the information on Combofix. I am going to give that a try.
I found that to some extent I can avoid the redirects by right-clicking on the link I want to go to and selecting "Open in new tab". I don't know why that worked, but it did.

Please get back to us and let us know how it turned out. Since November this is one of the biggest and hardest to kill pieces of shit to hit the net for home systems in awhile.

**YWD67** · December 22nd, 2011, 10:23 AM

Originally Posted by mountain_rage

Look up hirens boot disc on a torrent site and keep a copy handy at all times. If you get the right one it will come with a live linux, live mini windows xp, and every app you can possibly imagine needing to fix problems on your computer. Combo fix, Hijack this, Partition Magic, Acronis, Ghost, Kapersky, Malware bytes, spybot, etc.

Thanks MR I did just that and saved it to a disk and my desktop hardrive as well. You were not shitting about it having eveything one would need to restore most problems.

**Krell** · December 28th, 2011, 01:26 AM

I just now saw this, sorry for your frustrations.

1) no matter what happens like this to someones PC, they should install Spybot and Spyware Blaster and use the HOST files that come with them immediately. Be sure to IMMUNIZE in both programs!!
2) The Digiwiz Rescue CD is an all time favorite and the antivirus softwares there can be ran against EVERY drive and partition at once, so you can run 15 copies at once to tackle the virus if that's what it takes.
3) There are any number of FREE antivirus sites that you can visit and do a complete scan online. This only requires a small browser install that can be removed later if you want.
4) there are a number of registry fix programs that will also help clean up a registry that is tainted with malware entries, such as RegVac, or the "Windows 7 Manager > Cleaner > Registry Cleaner" which I find very effective.

Have a peek at this > http://www.spywareremovalhelp.org/vi...ws-32-bit.html

Good luck and Happy Holidays.

**Greylin** · December 28th, 2011, 07:57 PM

I've had really good luck with Malwarebytes on lots of PC'sthat have been infected.

**Wikied** · January 17th, 2012, 02:51 PM

Im paranoid enough to reinstall if I would get a virus. Good to always keep backups of important files. Being prepared to reinstall the system any day if needed and keeping daily backups makes it easier to cope with it when something happens.
It sounds like a lot of work but its worth it in the longrun and can be automated with programs like cobian backup and similar. Defenitely better to do a clean reinstall then trying to clean up an infected system in my opinion.