Public Messenger ver 2.03 virus

[Aditix360]

Sponsored Links

Hi
Please help me, pc infected by viruses or trojans, "I really do not know how but each time when i start explorer IE advertising pop ups shows,also most of pop ups are in the taskbar icons to tell me that I have spyware and that I should download every time I start Internet Explorer is redirected to the unknown page so What to do ? how to remove it? Please Please help me.

I have avg antivirus but it has not been able to do much,I used spyware doctor which has cleared a lot of Trojans, it says that my PC is clean.But Spy Sweeper shows this:


12:11: Traces Found: 4
12:11: A comprehensive analysis is completed. Duration 00:12:48
12:11: Analysis of complete files, time: 00:12:27
12:11: Warning: Failed to access drive E:
11:59 : Starting from the analysis of files
11:59 : Warning: Failed to access drive A:
11:59 : Analysis of the cookies over, time: 00:00:00
11:59 : Starting from the analysis of cookies
11:59 : Analyze Registry complete, time spent 00:21
11:59 : HKLM \ software \ classes \ clsid \ (202a961f-23ae-42b1-9505-ffe3c818d717) \ (ID = 1597981)
11:59 : HKLM \ software \ microsoft \ windows \ currentversion \ explorer \ browser helper objects \ (202a961f-23ae-42b1-9505-ffe3c818d717) \ (ID = 1597769)
11:59 : HKCR \ clsid \ (202a961f-23ae-42b1-9505-ffe3c818d717) \ (ID = 1597764)
11:59 : HKLM \ software \ microsoft \ windows \ currentversion \ uninstall \ public messenger ver 2.03 \ (ID = 1553911)
11:59 : Found Trojan Horse: trojan-downloader-Zlob
11:58: Starting Registry analysis
11:58: Analysis of the memory is completed, time: 00:00:32
11:58: Starting from the analysis of memory
11:58: Analysis started with the definitions 753
11:58: Spy Sweeper 5.0.7.1608 started
11:58: | Start of Session, Monday 8 june 2009 |
11:58: | End of Session, Monday 8 june 2009 |
11:56: Program version: 5.0.7.1608 - Spyware Definitions 753
11:56: Spy Sweeper 5.0.7.1608 started
11:56: | Start of Session, Monday 8 june 2009 |

[Steve123]

Public Messenger ver 2.03 is Add or Remove Programs entry from Troj/Zlob-QK Trojan family. The Trojan appears to be an installer for a video codec. When run, it attempts to download and install additional components.This Trojan mention as Spyware.

it creates the following files:

Quote:

<Program Files>\IntCodec\iesplugin.dll
<Program Files>\IntCodec\iesuninst.exe
<Program Files>\IntCodec\isaddon.dll
<Program Files>\IntCodec\isamini.exe
<Program Files>\IntCodec\isamonitor.exe
<Program Files>\IntCodec\isauninst.exe
<Program Files>\IntCodec\pmmon.exe
<Program Files>\IntCodec\pmsngr.exe
<Program Files>\IntCodec\pmuninst.exe
<Program Files>\IntCodec\uninst.exe
<System>\viruxz.dll

The following files are also created and they can be safely removed:

Quote:

<Desktop>\Online Security Guide.url
<Desktop>\Security Troubleshooting.url
<User>\Start Menu\Online Security Guide.url
<User>\Start Menu\Security Troubleshooting.url
<Favorites>\Online Security Test.url
<Program Files>\IntCodec\ts.ico
<Program Files>\IntCodec\ot.ico

The following registry entries are set:

Quote:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run
homepage.monitor.exe
<Program Files>\IntCodec\isamonitor.exe

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run
pmsngr.exe
<Program Files>\IntCodec\pmsngr.exe

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
bestreak
(874443fe-aa33-4ebf-a6ac-73208787e62d)

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler
bestreak
(874443fe-aa33-4ebf-a6ac-73208787e62d)

The files iesplugin.dll, isaddon.dll and viruxz.dll are registered as COM objects, creating registry entries under:

Quote:

HKCR\CLSID\(a2595f37-48d0-46a1-9b51-478591a97764)
HKCR\CLSID\(874443fe-aa33-4ebf-a6ac-73208787e62d)
HKCR\CLSID\(1da7dbe8-c51b-4ae4-bc6e-21863349b0b4)

The file iesplugin.dll is registered as a toolbar, creating registry entries under:

Quote:

HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\(A2595F37-48D0-46A1-9B51-478591A97764)
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\(a2595f37-48d0-46a1-9b51-478591a97764)

The file isaddon.dll is creating registry entries under:

Quote:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\(1da7dbe8-c51b-4ae4-bc6e-21863349b0b4)

The Trojan changes settings for Microsoft Internet Explorer by modifying values under:

Quote:

HKCU\Software\Microsoft\Internet Explorer\Main\

The following registry entry is set:

Quote:

HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser
(01E04581-4EEE-11D0-BFE9-00AA005B4383)
<BINARY>

Registry entries are created under:

Quote:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Public Messenger ver 2.03\
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Security Add-On\
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Explorer Security Plugin 2006\
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IntCodec\
HKCU\Software\Internet Security\
HKCR\VSEnchancer.Chl\CLSID\
HKCR\AVZipEnchancer.Chl\CLSID

try Exterminate It to remove this problem ,it is a highly efficient and convenient antimalware program that is only activated when needed thus economizing your operating system's space not overburdening your computer with extra processes day by day.

[Zachary]

Download Malwarebytes it is Anti-Malware install it and and scan you pc also check for updates for better security install avast antivirus which is capable to remove it. and download files only from trusted source. try this to remove it Prevention against spyware and viruses

[timon]

its file exist as C:\Program Files\IntCodec\uninst.exe check this How to remove rootkits and other spyware without booting hard disk ? and Guide to Kaspersky Rescue Disk which can be helpful to you Guide to Kaspersky Rescue Disk