Exterminate It! Antimalware

malpedia

Known threats:699,443 Last Update:August 10, 12:54

Testimonials

A lot of the smart viruses and Trojan horses today try really hard and prevent you form going to the main anti-virus and cleanup sort of product including microsoft own tools. They actually block your access to those sites.

A couple of weeks ago my wife's laptop got totally infected (she must be browsing porn) and I ended up finding a little known program that did most of the clean up and then followed up with Microsoft tools that are available on their site and successfully cleaned everything with the exception of one item i had to get rid of manually.

Name of the product is Exterminate it. Worked pretty well.

Source

Spoonshadows

File: pid.txt

Location of pid.txt and Associated Malware

Check whether pid.txt is present in the following locations:

Windows 2000, Windows XP, Windows Server 2003 specific pid.txt file locations:

  • C:\Documents And Settings\USER_NAME\Application Data\pid.txt

Windows Vista, Windows Server 2008, Windows 7, Windows 8 specific pid.txt file locations:

  • C:\Users\USER_NAME\AppData\Roaming\pid.txt

If you find pid.txt file in any of these locations, your computer is very likely to be infected with the following malware:

IMPORTANT: Malware files can be camouflaged with the same file names as legitimate files. The pid.txt file is associated with malware only if found in the locations listed above.

Notes:

Different Variations of pid.txt File^

File SizeFile Md5Last Seen
4884D79963BD8BC0AE9B13A1AA71ADD73Aug 8, 2014
54CBA8B40E26654975D5ED2256EEBA2E2Sep 15, 2014
4EC99DD0BBD9458BC47D4B550B55AA1B2Sep 18, 2014
4F9322B146574D9DA9AD32AD879AD373BOct 1, 2014
4677FA4059EE76333F9BB9A7920AEF719Nov 22, 2014
4AC2A728F9F17B5D860B6DABD80A5162FDec 10, 2014
412E086066892A311B752673A28583D3FDec 22, 2014
4808E53023EA4A8A9D6ECBC1290580F72Feb 1, 2015
41E50A717C4FEBD75E03B348B0BE851FAMar 11, 2015
4E58AEA67B01FA747687F038DFDE066F6Mar 22, 2015
4E816C635CAD85A60FABD6B97B03CBCC9Apr 14, 2015
4CC0991344C3D760AE42259064406BAE1May 19, 2015
4ACD9BDAC8824615154E7F1868F29ACF6Jul 15, 2015
4EFFFFA8DEEF3C927FEFC014850129BB6Jul 28, 2015
4530468698061C34FE19ECBDF1A5FB950Aug 10, 2015
571DEF22ECB636394074C832ABEED07A7Sep 8, 2015
42131F8ECF18DB66A758F718DC729E00EOct 13, 2015
446D3F6029F6170EBCCB28945964D09BFDec 17, 2015
40663A4DDCEACB40B095EDA264A85F15CDec 24, 2015
47059B7DEA43DA04FD342088D7C1698F0Dec 30, 2015
453A1320CB5D2F56130AD5222F93DA374Jan 4, 2016
3A8ABB4BB284B5B27AA7CB790DC20F80BJan 28, 2016
45553CFAF751A4B14960B7581A20BC142Feb 4, 2016
4FDD5B16FC8134339089EF25B3CF0E588Feb 11, 2016
3362E80D4DF43B03AE6D3F8540CD63626Feb 16, 2016
4BD294168A234D75851D6F26F02723AB1Apr 2, 2016
5A3162E1BA0A0502C6231FD63FE4A535EApr 27, 2016
40B9E57C46DE934CEE33B0E8D1839BFC2May 3, 2016
43C7417B8DF0DAF23F39F445E740C7A43May 3, 2016
404C6906524CD877E833FE26DDADDC62FMay 19, 2016
499CD3843754D20EC3C5885D805DB8A32May 28, 2016
4CAAA29EAB72B231B0AF62FBDFF89BFCEMay 28, 2016
5D1DE5B8963A2E4E16526007BC152DAFFMay 28, 2016
43187B1703C3B9B19BB63C027D8EFC2F1Jun 11, 2016
43DD9424294B0292B6E89EA2BBA2E1144Jun 17, 2016
4D339A8932DF05DE23AE3D9E29DF4B25FJun 20, 2016
43D1296C4B4B859AC2FB14019654A5F57Jul 3, 2016
578ADE5B560946211CE63652717B37AEAJul 8, 2016
4B7D35509AB19D0CD2256A219DE0FE0FFJul 17, 2016
4BBEB0C1B1FD44E392C7CE2FDBD137E87Jul 18, 2016
4DAA96D9681A21445772454CBDDF0CAC1Jul 21, 2016
4AC9EDBBE0533CEF12E50FD6FB6CFDE52Aug 10, 2016
44A71E49F6BDA0C9B7642F39F1AA1F567Aug 11, 2016
4A41B3BB3E6B050B6C9067C67F663B915Aug 26, 2016
479514E888B8F2ACACC68738D0CBB803EAug 28, 2016
4F1D3FF8443297732862DF21DC4E57262Sep 11, 2016
459B1DEFF341EDB0B76ACE57820CEF237Sep 22, 2016
432B683D9D8E73D3EEB6BF08FE0817402Sep 29, 2016
430C0A496A57BCC2C7C6C481342526729Oct 11, 2016
4FD272FE04B7D4E68EFFD01BDDCC6BB34Oct 20, 2016
434609BDC08A07ACE4E1526BBB1777673Nov 19, 2016
467974233917CEA0E42A49A2FB7EB4CF4Nov 22, 2016
45DA713A690C067105AEB2FAE32403405Dec 3, 2016
4CDD96EEDD7F695F4D61802F8105BA2B0Dec 7, 2016
4B2B7C555125ECACF4BB7678D9DC39A21Dec 11, 2016
428BDA53C86D37E275A3EBFDC113B1F59Dec 17, 2016
343FA7F58B7EAC7AC872209342E62E8F1Dec 17, 2016
5C4A981880E538A69CF3C60D98A6F2A65Dec 24, 2016
47EA4E7FCDC6AFF2777BD594A3754E02AJan 3, 2017
4EB86D510361FC23B59F18C1BC9802CC6Jan 23, 2017
3F899139DF5E1059396431415E770C6DDJan 23, 2017
4DDE16B86C64390F0AF01275A44D3A42DMar 5, 2017
431A6B5568BBB9C350C1B296D9086ACF0Mar 5, 2017
4048E9AEE4FFE42EFBF7865F0BD5A2FA4Mar 11, 2017
4D98D76E2B5BA72023414D98E75403E79Apr 4, 2017
3F1B6F2857FB6D44DD73C7041E0AA0F19Apr 5, 2017
4C68C9C8258EA7D85472DD6FD0015F047Apr 14, 2017
450CF0763D8EB871776D4F28B39DEB564Apr 18, 2017
40428BE7495F8F382D0943CDD4738FFBBApr 20, 2017
479C662560B0A5F1AE00B623AD8C775E3May 3, 2017
324B16FEDE9A67C9251D3E7C7161C83ACMay 10, 2017
52D16AD1968844A4300E9A490588FF9F8May 17, 2017
4186FB23A33995D91CE3C2212189178C8May 23, 2017
4D0CBF1A1AA1726784DF15A81EAD214F7May 24, 2017
4AC52C626AFC10D4075708AC4C778DDFCJun 10, 2017
424B43FB034A10D78BEC71274033B4096Jun 17, 2017
46150CCC6069BEA6B5716254057A194EFJun 17, 2017
44FE5149039B52765BDE64BEB9F674940Jun 26, 2017
368264BDB65B97EEAE6788AA3348E553CJul 14, 2016

Why Is It Important to Remove Malware Files?^

It is imperative that you delete malware-associated files as soon as possible because they can be used - or are already being used - to inflict serious damage on your PC, including:

  • Disrupting the normal functioning of the operating system or rendering it completely useless.
  • Hijacking valuable private information (credit card numbers, passwords, PIN codes, etc.)
  • Directing all your Web searches to the same unwanted or malicious sites.
  • Dramatically slowing down your computer.
  • Gaining total control of your PC to spread viruses and trojans and send out spam.

How to Remove pid.txt^

  1. To enable deleting the pid.txt file, terminate the associated process in the Task Manager as follows:
    • Right-click in the Windows taskbar (a bar that appears along the bottom of the Windows screen) and select Task Manager on the menu.
    • In the Tasks Manager window, click the Processes tab.
    • On the Processes tab, select pid.txt and click End Process.
  2. Using your file explorer, browse to the file using the paths listed in Location of pid.txt and Associated Malware.
  3. Select the file and press SHIFT+Delete on the keyboard.
  4. Click Yes in the confirm deletion dialog box.
  5. Repeat steps 2-4 for each location listed in Location of pid.txt and Associated Malware.
  6. Notes:

    • The deletion of pid.txt will fail if it is locked; that is, it is in use by some application (Windows will display a corresponding message). For instructions on deleting locked files, see Deleting Locked Files.
    • The deletion of pid.txt will fail if your Windows uses the NT File System (NTFS) and you have no write rights for the file. Request your system administrator to grant you write rights for the file.

Deleting Locked Files^

You can delete locked files with the RemoveOnReboot utility. You can install the RemoveOnReboot utility from here.

After you delete a locked file, you need to delete all the references to the file in Windows registry.

To delete a locked file:

  1. Right-click on the file and select Send To -> Remove on Next Reboot on the menu.
  2. Restart your computer.

The file will be deleted on restart.

Note: In the case of complex viruses that can replicate themselves, malware files can reappear in the same locations even after you have deleted those files and restarted your computer. Exterminate It! Antimalware can effectively eradicate such viruses from your computer.

To remove all registry references to a pid.txt malware file:

  1. On the Windows Start menu, click Run.
  2. In the Open box, type regedit and click OK. The Registry Editor window opens.
  3. On the Edit menu, select Find.
  4. In the Find dialog box, type pid.txt. The name of the first found registry value referencing pid.txt is highlighted in the right pane of the Registry Editor window.
  5. Right-click the registry value name and select Delete on the menu.
  6. Click Yes in the Confirm Value Delete dialog box.
  7. To delete all other references to pid.txt, repeat steps 4-6.
IMPORTANT: Malware files can masquerade as legitimate files by using the same file names. To avoid deleting a harmless file, ensure that the Value column for the registry value displays exactly one of the paths listed in Location of pid.txt and Associated Malware.