Go Back   TechArena Community > Technology > Networking & Security
Become a Member!
Forgot your username/password?
Register Tags Active Topics RSS Search Mark Forums Read

Sponsored Links



Public Messenger ver 2.03 virus

Networking & Security


Reply
 
Thread Tools Search this Thread
  #1  
Old 09-06-2009
Member
 
Join Date: Jan 2009
Posts: 29
Public Messenger ver 2.03 virus
  

Hi
Please help me, pc infected by viruses or trojans, "I really do not know how but each time when i start explorer IE advertising pop ups shows,also most of pop ups are in the taskbar icons to tell me that I have spyware and that I should download every time I start Internet Explorer is redirected to the unknown page so What to do ? how to remove it? Please Please help me.

I have avg antivirus but it has not been able to do much,I used spyware doctor which has cleared a lot of Trojans, it says that my PC is clean.But Spy Sweeper shows this:


12:11: Traces Found: 4
12:11: A comprehensive analysis is completed. Duration 00:12:48
12:11: Analysis of complete files, time: 00:12:27
12:11: Warning: Failed to access drive E:
11:59 : Starting from the analysis of files
11:59 : Warning: Failed to access drive A:
11:59 : Analysis of the cookies over, time: 00:00:00
11:59 : Starting from the analysis of cookies
11:59 : Analyze Registry complete, time spent 00:21
11:59 : HKLM \ software \ classes \ clsid \ (202a961f-23ae-42b1-9505-ffe3c818d717) \ (ID = 1597981)
11:59 : HKLM \ software \ microsoft \ windows \ currentversion \ explorer \ browser helper objects \ (202a961f-23ae-42b1-9505-ffe3c818d717) \ (ID = 1597769)
11:59 : HKCR \ clsid \ (202a961f-23ae-42b1-9505-ffe3c818d717) \ (ID = 1597764)
11:59 : HKLM \ software \ microsoft \ windows \ currentversion \ uninstall \ public messenger ver 2.03 \ (ID = 1553911)
11:59 : Found Trojan Horse: trojan-downloader-Zlob
11:58: Starting Registry analysis
11:58: Analysis of the memory is completed, time: 00:00:32
11:58: Starting from the analysis of memory
11:58: Analysis started with the definitions 753
11:58: Spy Sweeper 5.0.7.1608 started
11:58: | Start of Session, Monday 8 june 2009 |
11:58: | End of Session, Monday 8 june 2009 |
11:56: Program version: 5.0.7.1608 - Spyware Definitions 753
11:56: Spy Sweeper 5.0.7.1608 started
11:56: | Start of Session, Monday 8 june 2009 |

Reply With Quote
  #2  
Old 09-06-2009
Member
 
Join Date: Feb 2008
Posts: 2,636
Re: Public Messenger ver 2.03 virus

Public Messenger ver 2.03 is Add or Remove Programs entry from Troj/Zlob-QK Trojan family. The Trojan appears to be an installer for a video codec. When run, it attempts to download and install additional components.This Trojan mention as Spyware.

it creates the following files:

Quote:
<Program Files>\IntCodec\iesplugin.dll
<Program Files>\IntCodec\iesuninst.exe
<Program Files>\IntCodec\isaddon.dll
<Program Files>\IntCodec\isamini.exe
<Program Files>\IntCodec\isamonitor.exe
<Program Files>\IntCodec\isauninst.exe
<Program Files>\IntCodec\pmmon.exe
<Program Files>\IntCodec\pmsngr.exe
<Program Files>\IntCodec\pmuninst.exe
<Program Files>\IntCodec\uninst.exe
<System>\viruxz.dll

The following files are also created and they can be safely removed:

Quote:
<Desktop>\Online Security Guide.url
<Desktop>\Security Troubleshooting.url
<User>\Start Menu\Online Security Guide.url
<User>\Start Menu\Security Troubleshooting.url
<Favorites>\Online Security Test.url
<Program Files>\IntCodec\ts.ico
<Program Files>\IntCodec\ot.ico
The following registry entries are set:

Quote:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run
homepage.monitor.exe
<Program Files>\IntCodec\isamonitor.exe

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run
pmsngr.exe
<Program Files>\IntCodec\pmsngr.exe

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
bestreak
(874443fe-aa33-4ebf-a6ac-73208787e62d)

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler
bestreak
(874443fe-aa33-4ebf-a6ac-73208787e62d)
The files iesplugin.dll, isaddon.dll and viruxz.dll are registered as COM objects, creating registry entries under:
Quote:
HKCR\CLSID\(a2595f37-48d0-46a1-9b51-478591a97764)
HKCR\CLSID\(874443fe-aa33-4ebf-a6ac-73208787e62d)
HKCR\CLSID\(1da7dbe8-c51b-4ae4-bc6e-21863349b0b4)
The file iesplugin.dll is registered as a toolbar, creating registry entries under:

Quote:
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\(A2595F37-48D0-46A1-9B51-478591A97764)
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\(a2595f37-48d0-46a1-9b51-478591a97764)
The file isaddon.dll is creating registry entries under:

Quote:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\(1da7dbe8-c51b-4ae4-bc6e-21863349b0b4)
The Trojan changes settings for Microsoft Internet Explorer by modifying values under:

Quote:
HKCU\Software\Microsoft\Internet Explorer\Main\
The following registry entry is set:

Quote:
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser
(01E04581-4EEE-11D0-BFE9-00AA005B4383)
<BINARY>
Registry entries are created under:

Quote:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Public Messenger ver 2.03\
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Security Add-On\
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Explorer Security Plugin 2006\
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IntCodec\
HKCU\Software\Internet Security\
HKCR\VSEnchancer.Chl\CLSID\
HKCR\AVZipEnchancer.Chl\CLSID
try Exterminate It to remove this problem ,it is a highly efficient and convenient antimalware program that is only activated when needed thus economizing your operating system's space not overburdening your computer with extra processes day by day.
Reply With Quote
  #3  
Old 09-06-2009
Member
 
Join Date: Jan 2006
Posts: 4,230
Re: Public Messenger ver 2.03 virus

Download Malwarebytes it is Anti-Malware install it and and scan you pc also check for updates for better security install avast antivirus which is capable to remove it. and download files only from trusted source. try this to remove it Prevention against spyware and viruses
Reply With Quote
  #4  
Old 09-06-2009
Member
 
Join Date: Aug 2007
Posts: 1,098
Re: Public Messenger ver 2.03 virus

its file exist as C:\Program Files\IntCodec\uninst.exe check this How to remove rootkits and other spyware without booting hard disk ? and Guide to Kaspersky Rescue Disk which can be helpful to you Guide to Kaspersky Rescue Disk
Reply With Quote
Reply

  TechArena Community > Technology > Networking & Security
Tags: , ,



Thread Tools Search this Thread
Search this Thread:

Advanced Search


Similar Threads for: "Public Messenger ver 2.03 virus"
Thread Thread Starter Forum Replies Last Post
Failed to update virus definitions in Norton AntiVirus 2012 Public Beta Rajni Networking & Security 10 08-09-2011 10:22 PM
Maxell 4GB flash drive 'public' disk isn't so public first-born Portable Devices 5 22-12-2010 06:39 AM
Msn Messenger "foto" Virus Corwinn Networking & Security 6 19-07-2010 11:19 AM
How to Move Public Folder Content from one Public Folder Database to Another Public Folder Database Caden Tips & Tweaks 1 22-07-2009 03:37 PM
Windows Live Messenger, Yahoo Messenger, & MySpace Messenger ?'s bAbIyAh Windows XP Support 1 25-10-2007 07:30 PM


All times are GMT +5.5. The time now is 09:32 AM.