So, I have this virus that resides in my C:\windows\temp folder, and gives it self the folder name name mbt(random numbers and letters).temp and inside is a whole heap of files and a executable called stdrt.ese.
From what I can tell it constantly downloads at 20% of my networks capability. What it downloads, no one knows. And it also hijacks my audio and plays random 30 sec clips of music or ads in addition to using 20-300MB of RAM and around 13% of my CPU.
I have tried scanning it with 3 types of AV and NONE have detected it.
I have deleted the files and emptied the recycle bin but it regenerates at boot with another randomly hidden file.
I have also removed all registry entry's with stdrt.exe in them.
I have gone into safe mode and tried to wipe it too.
The only way I can kill it for the time being is ending the process in task manger and the process in the resource monitor.
Luckily malwarebytes blocks it from accessing some ports automatically.
I am thinking of making a boot disk that will clean it but I want to explore all the possible fixes first.
Anyone have experience with this virus?
Or any help?
If you had a RAID Card, this wouldn't even be a problem worth mentioning. But, assuming you don't, go to the boot menu (on startup) and restore your computer to factory settings (accessing the protected Q:\ drive which exists in many newer computers).
You will lose everything, but that's better than dealing with a crippling virus. (I would know, I dealt with win 7 security suite virus for 6 months before it drove me to the brink of insanity).
Do you have AVG?
If you have scanned it with this, and it came up with nothing
Then yea its a bad guy here.
If AVG doesn't do anything, get Advanced system care.It can scan your computer pretty good
You can set your computer to an earlier time.
Or, if your smart enough:
Do what you said.end the process in the registry>Then find the folder your talking about>Delete it
Make sure there are NO traces of it left and make sure there's no more process' related to it.
If none of this works, Private message me.
I've done this stuff before
So, I have this virus that resides in my C:\windows\temp folder, and gives it self the folder name name mbt(random numbers and letters).temp and inside is a whole heap of files and a executable called stdrt.ese.
From what I can tell it constantly downloads at 20% of my networks capability. What it downloads, no one knows. And it also hijacks my audio and plays random 30 sec clips of music or ads in addition to using 20-300MB of RAM and around 13% of my CPU.
I have tried scanning it with 3 types of AV and NONE have detected it.
I have deleted the files and emptied the recycle bin but it regenerates at boot with another randomly hidden file.
I have also removed all registry entry's with stdrt.exe in them.
I have gone into safe mode and tried to wipe it too.
The only way I can kill it for the time being is ending the process in task manger and the process in the resource monitor.
Luckily malwarebytes blocks it from accessing some ports automatically.
I am thinking of making a boot disk that will clean it but I want to explore all the possible fixes first.
Anyone have experience with this virus?
Or any help?
It sounds like it's a Phage virus, "...Alters other programs and databases. The virus infects all of these files. The only way to remove this virus is to re-install all the programs that are affected. If you miss even a single incident of this virus... the process will start again and infect the system." Straight from my A+ guide.
If you had a RAID Card, this wouldn't even be a problem worth mentioning. But, assuming you don't, go to the boot menu (on startup) and restore your computer to factory settings (accessing the protected Q:\ drive which exists in many newer computers).
You will lose everything, but that's better than dealing with a crippling virus. (I would know, I dealt with win 7 security suite virus for 6 months before it drove me to the brink of insanity).
No I don't, and restoring to factory is a last resort.
Do you have AVG?
If you have scanned it with this, and it came up with nothing
Then yea its a bad guy here.
If AVG doesn't do anything, get Advanced system care.It can scan your computer pretty good
You can set your computer to an earlier time.
Or, if your smart enough:
Do what you said.end the process in the registry>Then find the folder your talking about>Delete it
Make sure there are NO traces of it left and make sure there's no more process' related to it.
If none of this works, Private message me.
I've done this stuff before
I can find the folder, but it has another file that regenerates it at boot that is randomly hidden. impossible to find.
No I don't, and restoring to factory is a last resort.
Read my post. I have done that.
and I have restored back to when I didn't have it.
I can find the folder, but it has another file that regenerates it at boot that is randomly hidden. impossible to find.
Well...Now we exactly know its a bad thing.
I found a ton of articles about this
stdrt.exe
We suggest you to remove STDRT.EXE from your computer as soon as possible.
STDRT.EXE is Trojan/Backdoor.
Kill the process STDRT.EXE and remove STDRT.EXE from Windows startup.
Already done that. I have done numerous scans with malwarebytes.
Does anyone have any boot disk software that I can use? Or has a link?
Even though you need a win7 serial, it would still be counted as linking warez/torrents, which is against the forum rules.
If you can go to a local computer shop they might be able to let you borrow it just for the reinstall (or let you do it in the store). Don't go to staples/best buy/etc. they will charge you.
Even though you need a win7 serial, it would still be counted as linking warez/torrents, which is against the forum rules.
If you can go to a local computer shop they might be able to let you borrow it just for the reinstall (or let you do it in the store). Don't go to staples/best buy/etc. they will charge you.
hmmm. I'm doing a deep scan right now and its thrown up some pretty interesting results on my 4 million files. It's just checking some unknown files now.
All false positives.
This thing is ****ing me off.
If that doesn't work, try booting off a Linux live CD, deleting the file, creating a directory with the same name and creating a directory called con in it. Then the virus can't remove the directory because it is protected by the kernel. Then all is left for you to do is finding the remains of the virus.
If that doesn't work, try booting off a Linux live CD, deleting the file, creating a directory with the same name and creating a directory called con in it. Then the virus can't remove the directory because it is protected by the kernel. Then all is left for you to do is finding the remains of the virus.
No AV's catch it.
That would work but the virus makes the folder name mrtXXX.temp It can be any combination of letters and numbers.
And I really really don't have the time or patience to check through the four million files on my computer.
-
View User Profile
-
View Posts
-
Send Message
Retired StaffFrom what I can tell it constantly downloads at 20% of my networks capability. What it downloads, no one knows. And it also hijacks my audio and plays random 30 sec clips of music or ads in addition to using 20-300MB of RAM and around 13% of my CPU.
I have tried scanning it with 3 types of AV and NONE have detected it.
I have deleted the files and emptied the recycle bin but it regenerates at boot with another randomly hidden file.
I have also removed all registry entry's with stdrt.exe in them.
I have gone into safe mode and tried to wipe it too.
The only way I can kill it for the time being is ending the process in task manger and the process in the resource monitor.
Luckily malwarebytes blocks it from accessing some ports automatically.
I am thinking of making a boot disk that will clean it but I want to explore all the possible fixes first.
Anyone have experience with this virus?
Or any help?
[size=16px]
-
View User Profile
-
View Posts
-
Send Message
Retired Staff.... I HAVE malwarebytes.
L2READ.
That is an absolute last resort.
You will lose everything, but that's better than dealing with a crippling virus. (I would know, I dealt with win 7 security suite virus for 6 months before it drove me to the brink of insanity).
delete it
then restore your computer to a date before you got the virus
If you have scanned it with this, and it came up with nothing
Then yea its a bad guy here.
If AVG doesn't do anything, get Advanced system care.It can scan your computer pretty good
You can set your computer to an earlier time.
Or, if your smart enough:
Do what you said.end the process in the registry>Then find the folder your talking about>Delete it
Make sure there are NO traces of it left and make sure there's no more process' related to it.
If none of this works, Private message me.
I've done this stuff before
It sounds like it's a Phage virus, "...Alters other programs and databases. The virus infects all of these files. The only way to remove this virus is to re-install all the programs that are affected. If you miss even a single incident of this virus... the process will start again and infect the system." Straight from my A+ guide.
-
View User Profile
-
View Posts
-
Send Message
Retired StaffNo I don't, and restoring to factory is a last resort.
Read my post. I have done that.
and I have restored back to when I didn't have it.
I can find the folder, but it has another file that regenerates it at boot that is randomly hidden. impossible to find.
Well...Now we exactly know its a bad thing.
I found a ton of articles about this
I found this though
-
View User Profile
-
View Posts
-
Send Message
Retired StaffYeah I found them too but they didn't do anything.
I don't have anything in my C:/windows/system folder. :/
C:\Windows\System is supposed to be empty.
Boot into safe mode (restart, hold F8 as it starts to reboot) and run a scan with malwarebytes.
If it finds nothing your only option will be to reinstall windows.
-
View User Profile
-
View Posts
-
Send Message
Retired Staffits F5 for me :wink.gif:
Already done that. I have done numerous scans with malwarebytes.
Does anyone have any boot disk software that I can use? Or has a link?
Even though you need a win7 serial, it would still be counted as linking warez/torrents, which is against the forum rules.
If you can go to a local computer shop they might be able to let you borrow it just for the reinstall (or let you do it in the store). Don't go to staples/best buy/etc. they will charge you.
-
View User Profile
-
View Posts
-
Send Message
Retired Staffhmmm. I'm doing a deep scan right now and its thrown up some pretty interesting results on my 4 million files. It's just checking some unknown files now.
All false positives.
This thing is ****ing me off.
-
View User Profile
-
View Posts
-
Send Message
Retired StaffIf that doesn't work, try booting off a Linux live CD, deleting the file, creating a directory with the same name and creating a directory called con in it. Then the virus can't remove the directory because it is protected by the kernel. Then all is left for you to do is finding the remains of the virus.
-
View User Profile
-
View Posts
-
Send Message
Retired StaffNo AV's catch it.
That would work but the virus makes the folder name mrtXXX.temp It can be any combination of letters and numbers.
And I really really don't have the time or patience to check through the four million files on my computer.