What is Ping.exe virus?

Ping is an internal command within Windows, it normally resides in the c:\windows\system32 directory and is used to test connectivity from the system. However, a rogue antivirus has been known to leave a rootkit with the ping.exe file. When infected, the ping.exe file will take almost 100% of system resources and cause popups and other misc. system instability. If you have recently encountered a rogue antivirus and after removing it your system appears to not be responsive, then you are probably dealing with the Ping.exe rootkit. It infects the hard drive and is virtually undetectable by various anti-malware programs.

How Do You Remove the Ping.exe rootkit?

Step by Step Procedure for Removing Ping.exe Malware

1) Restart Your Computer in Safe Mode (with Networking) by pressing F8 when the computer boots and selecting the appropriate option.

2) Download RKill from Bleeping Computer to your desktop. Double-click on it and run it. This program will try to kill any malicious processes currently running on your system.

3) Now that the computer is somewhat stable, open a web browser and download Malwarebytes Anti-Malware from their site

4) After Malwarebytes has downloaded, install it and try to update it. In one particular occasion, it was unable to update and I had to update it manually. In order to update Malwarebytes manually, you'll need to download the mbam-rules.exe file and run it.

5) Reboot Your Computer

If you are still experiencing a 100% system resource issue with Ping.exe, follow these steps

1) Download TDSSKiller, unzip it, and Save it to your desktop.

2) Double-click on TDSSKiller.exe to run. If the program does not run, you may have to rename it to something like explore.exe, 123.exe, or something else before running it. The virus is trying to block the program from running, so renaming it will in some cases allow it to run.

3) Click on the Start button to start a scan and allow it to completely run

4) Allow TDSSKiller to fix any issues it finds and reboot the computer.

Generally, the steps above will remove the Ping.exe infection and return your system to normal working condition.

In my case, the TDSSKiller found and disinfected the primary hard drive

MBR (0x1B8) (2839639fa37b8353e792a2a30a12ced3) \Device\Harddisk0\DR0
\Device\Harddisk0\DR0 ( Rootkit.Win32.TDSS.tdl4 ) - infected
\Device\Harddisk0\DR0 - detected Rootkit.Win32.TDSS.tdl4 (0)

Run a Thorough Virus Scan


Finally, as an extra precaution, scan your computer with online virus scanner like Housecall, BitDefender, or eTrust or download and install an antivirus program and run a complete scan. A list of online scanners is below, some however will only scan but not remove issues.
 

Online Virus Checkers
Trend Micro Housecall - will scan and remove threats
BitDefender Scan Online - will scan and remove threats
ESet (NOD32) Online Scanner
Kaspersky Online Scan - will scan and remove threats
Panda Activescan - appears to only scan for but not remove threats
McAfee FreeScan - appears to only scan for but not remove threats
eTrust Antivirus Web Scanner - will scan and remove threats
Symantec Security Check - will scan and remove threats
Dr.Web Online Check - user can upload and test for threats on particular files

Trojan Scanner
TrojanScan by WindowsSecurity.com

Spyware Scanners
Malwarebytes AntiMalware
Super AntiSpyware
Spybot Search and Destroy


Congratulations! Your computer should be free of the Ping.exe rootkit!

Written by Mark Hasting





Links to Other Important Information

Support for Windows XP and Windows Vista without latest service packs ends in 2010

How to Fix 500 Internal Server Error in PHP 5.4 script

Computer shows Stop error and Continously Reboots after SP3 installed.

Product Key Does Not Match Current Windows SKU Error

Review of FastAgain PC Booster and How to Uninstall it

How to Remove MSBLAST.EXE worm

How to Remove Content Advisor Password in Internet Explorer

How to Fix Google Chrome not Opening Web Pages or Settingsnew

How to Remove Incredimail Automatically

How to Fix Problem of Limited or No Connectivity After installing Windows XP Service Pack 2

How to Recover From a Corrupted Registry in Windows XP

How to Speed Up Windows Boot Time

Acer ERecovery Service is Not Available

Acer Recovery CD Restore Failed Reason: 0xf0000051

How to Fix Problem with No Active Mixer Devices Available in Windows XP

Parents Guide to MySpace.com - a report every parent should read

Save and Restore Desktop Layout of Icons

What is Windows Genuine Advantage and How to Overcome Problems With It

Change Forgotten Administrator Password in Windows XP/2000/Vista

Not Enough Server Storage Error When Connecting to Computer on Network

Installing Windows Vista Upgrade on a Blank Hard Drive

How to Delete Your Windows Vista Logon Password

Remove Unwanted Icons from the Windows Vista Welcome Center

Cannot Connect to Network Printer with Windows Vista

How to Wipe, Delete, Degauss, and Destroy Data on a Hard Drive

Fixing RTHDCPL.EXE - Illegal System DLL Relocation Error in Windows XP

How to Fix Blank or Missing Title Bar in IE9

Unable to Open New Tab in IE9 - Spinning Favicon

Fix 404 Errors for /apple-touch-icon-precomposed.png and /apple-touch-icon.png

What is the Config.Msi folder and Can I Delete It?

Flash Player Installation Issues

How to Set Yahoo Mail as your Default Email Program

Unknown File in Winsock LSP - NWPROVAU.DLL - Can it be Removed?

How to Delete a Service in Windows Vista

How to Disable the On-Screen Keyboard in Windows Vista

Make Disk Cleanup Run Faster

What is CTFMON.EXE and How Can I Remove It

How to Export MSN Favorites to Internet Explorer

How to Fix Registry Editing Has Been Disabled By Your Administrator Error

How to Change Default Editor in Windows and Fax Viewer

How to Fix Problem when Windows Security Center reports multiple antivirus programs installed

How to Fix Problem when Windows Updates will download but will not install

How to Fix Problem when Windows Automatic Updates Service wont Start

Cannot Download Files With Internet Explorer

How to Keep Your Computer Up-to-Date

How to Fix the Prompt for Click to Run an ActiveX Control on this webpage

How to Remove "This Page Contains Both Secure and NonSecure Items" Warning Message

How to Fix Problem with Blank Add/Remove Control Panel

How to Fix Windows Vista Update Error 80244019

Troubleshooting An Error Occurred During Directory Enumeration

How to View and Decipher Minidump files created by Blue Screen error messages

How to Fix BLService Error on HP Computer in Vista

Google Adsense Hijacking - How to Respond

Windows Defrag Does Not Complete

Review of BigString Recallable Email

Fix Incorrect Time Stamp on Hotmail Messages

Deleting or Editing Typed URLs in the Internet Explorer Address Bar

Belarc Advisor - Quick Computer Inventory Software

How to Get Out of Full Screen Mode in Internet Explorer

How to Correct Missing "Copy to CD" option in My Pictures Tasks

How to Fix Code 39 error with CD or DVD Drive

How to Fix Problems When Windows Installer Popups Error With Missing .MSI Files

How to Fix Problems When Network Setup Wizard and Network Connections Won't Open

How to Fix Problems with Windows Help Errors

How to Delete Individual Entries from Run Command History

Foxit - Adobe Reader Alternative

How to Fix Autochk Program Not Found error

Difference between Master/Slave and Cable Select on a Hard Drive

How to Use Microsoft SyncToy to backup your important files

How to Delete Temporary Internet Files, Cookies, and History files

Review of PCDecrapifer Software Removal Tool

How to Fix Security Flaw in Adobe Reader

Computer Speakers Sound like Chipmunks

How to SVCHOST.EXE Application Error 0x745f2780

Troubleshooting the Unmountable Boot Volume Error in Windows XP

How to Disable, Uninstall, and Remove Windows Messenger instant messaging from Windows XP

How to Remove Windows Messenger in Windows XP

Free DVD Decoder Software and Help

Free CD Burning Software and Help

How to Use Remote Desktop to Access Multiple Computer on Your LAN

HijackThis Tutorial for removing Spyware

Review of Adsense Detective, Getting Stats and Results from Adsense

How to Disable System Restore in Windows ME or Windows XP

How to Uninstall Internet Explorer 7

How to Install NetBEUI in Windows XP

What is the KB891711.exe file in Windows 98 or Windows ME?

How to Troubleshoot and Solve USB Device Error Code 10

Spooler Subsystem App has encountered a problem and needs to close Error and How to Fix it

How to Fix Problem opening Microsoft Outlook

How to Disable News Headlines in Netscape

How to Bring Back Missing Folders in Netscape Communicator

How to Fix Access Denied Error when Using MSCONFIG

How to Fix HPQKBFiltr.Sys Keylogger Error in Kaspersky Antivirus

How to Backup and Restore Outlook Express Mail, Address Book, Blocked Senders List and other Settings

How to Fix Error 501 Permission Denied when changing fonts in Outlook Express

What is the Tilde (~) File on my Desktop?

What is the thumbs.db file and can I remove it

Password is Not Saved in Outlook Express or Outlook in Windows XP

Allow Viewing of Attachments in Outlook Express 6

How to Fix Problem of No Spell Check in Outlook Express

How to Fix Problems Viewing or Accessing Secure Web Sites

How to Start or Boot Windows into Safe Mode

What is the Winmail.dat file attached to emails?

How to Correct Unreadable Fonts in Norton Antivirus or Norton Systemworks

How to correct issue with No Visible Menu Bar or Tabs in Windows XP Task Manager

How Disable/Enable the Windows XP Welcome Screen

How to Fix RTLGINA2.DLL error with Windows XP Welcome Screen and Netgear WG111

How to Fix Windows Update Error 0x80070420

PopUp Ad Removal Software and Help

Review of ErrorNuker program to identify and fix problems with the Windows Registry

Spyware and Adware Removal Help

Review of Netflix Online DVD Rental

Recommended Software for PC Hell Visitors