Results 1 to 4 of 4

Thread: Public Messenger ver 2.03 virus

  1. #1
    Join Date
    Jan 2009
    Posts
    29

    Public Messenger ver 2.03 virus

    Hi
    Please help me, pc infected by viruses or trojans, "I really do not know how but each time when i start explorer IE advertising pop ups shows,also most of pop ups are in the taskbar icons to tell me that I have spyware and that I should download every time I start Internet Explorer is redirected to the unknown page so What to do ? how to remove it? Please Please help me.

    I have avg antivirus but it has not been able to do much,I used spyware doctor which has cleared a lot of Trojans, it says that my PC is clean.But Spy Sweeper shows this:


    12:11: Traces Found: 4
    12:11: A comprehensive analysis is completed. Duration 00:12:48
    12:11: Analysis of complete files, time: 00:12:27
    12:11: Warning: Failed to access drive E:
    11:59 : Starting from the analysis of files
    11:59 : Warning: Failed to access drive A:
    11:59 : Analysis of the cookies over, time: 00:00:00
    11:59 : Starting from the analysis of cookies
    11:59 : Analyze Registry complete, time spent 00:21
    11:59 : HKLM \ software \ classes \ clsid \ (202a961f-23ae-42b1-9505-ffe3c818d717) \ (ID = 1597981)
    11:59 : HKLM \ software \ microsoft \ windows \ currentversion \ explorer \ browser helper objects \ (202a961f-23ae-42b1-9505-ffe3c818d717) \ (ID = 1597769)
    11:59 : HKCR \ clsid \ (202a961f-23ae-42b1-9505-ffe3c818d717) \ (ID = 1597764)
    11:59 : HKLM \ software \ microsoft \ windows \ currentversion \ uninstall \ public messenger ver 2.03 \ (ID = 1553911)
    11:59 : Found Trojan Horse: trojan-downloader-Zlob
    11:58: Starting Registry analysis
    11:58: Analysis of the memory is completed, time: 00:00:32
    11:58: Starting from the analysis of memory
    11:58: Analysis started with the definitions 753
    11:58: Spy Sweeper 5.0.7.1608 started
    11:58: | Start of Session, Monday 8 june 2009 |
    11:58: | End of Session, Monday 8 june 2009 |
    11:56: Program version: 5.0.7.1608 - Spyware Definitions 753
    11:56: Spy Sweeper 5.0.7.1608 started
    11:56: | Start of Session, Monday 8 june 2009 |

  2. #2
    Join Date
    Feb 2008
    Posts
    2,635

    Re: Public Messenger ver 2.03 virus

    Public Messenger ver 2.03 is Add or Remove Programs entry from Troj/Zlob-QK Trojan family. The Trojan appears to be an installer for a video codec. When run, it attempts to download and install additional components.This Trojan mention as Spyware.

    it creates the following files:

    <Program Files>\IntCodec\iesplugin.dll
    <Program Files>\IntCodec\iesuninst.exe
    <Program Files>\IntCodec\isaddon.dll
    <Program Files>\IntCodec\isamini.exe
    <Program Files>\IntCodec\isamonitor.exe
    <Program Files>\IntCodec\isauninst.exe
    <Program Files>\IntCodec\pmmon.exe
    <Program Files>\IntCodec\pmsngr.exe
    <Program Files>\IntCodec\pmuninst.exe
    <Program Files>\IntCodec\uninst.exe
    <System>\viruxz.dll

    The following files are also created and they can be safely removed:

    <Desktop>\Online Security Guide.url
    <Desktop>\Security Troubleshooting.url
    <User>\Start Menu\Online Security Guide.url
    <User>\Start Menu\Security Troubleshooting.url
    <Favorites>\Online Security Test.url
    <Program Files>\IntCodec\ts.ico
    <Program Files>\IntCodec\ot.ico
    The following registry entries are set:

    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run
    homepage.monitor.exe
    <Program Files>\IntCodec\isamonitor.exe

    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run
    pmsngr.exe
    <Program Files>\IntCodec\pmsngr.exe

    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
    bestreak
    (874443fe-aa33-4ebf-a6ac-73208787e62d)

    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler
    bestreak
    (874443fe-aa33-4ebf-a6ac-73208787e62d)
    The files iesplugin.dll, isaddon.dll and viruxz.dll are registered as COM objects, creating registry entries under:
    HKCR\CLSID\(a2595f37-48d0-46a1-9b51-478591a97764)
    HKCR\CLSID\(874443fe-aa33-4ebf-a6ac-73208787e62d)
    HKCR\CLSID\(1da7dbe8-c51b-4ae4-bc6e-21863349b0b4)
    The file iesplugin.dll is registered as a toolbar, creating registry entries under:

    HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\(A2595F37-48D0-46A1-9B51-478591A97764)
    HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\(a2595f37-48d0-46a1-9b51-478591a97764)
    The file isaddon.dll is creating registry entries under:

    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\(1da7dbe8-c51b-4ae4-bc6e-21863349b0b4)
    The Trojan changes settings for Microsoft Internet Explorer by modifying values under:

    HKCU\Software\Microsoft\Internet Explorer\Main\
    The following registry entry is set:

    HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser
    (01E04581-4EEE-11D0-BFE9-00AA005B4383)
    <BINARY>
    Registry entries are created under:

    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Public Messenger ver 2.03\
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Security Add-On\
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Explorer Security Plugin 2006\
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IntCodec\
    HKCU\Software\Internet Security\
    HKCR\VSEnchancer.Chl\CLSID\
    HKCR\AVZipEnchancer.Chl\CLSID
    try Exterminate It to remove this problem ,it is a highly efficient and convenient antimalware program that is only activated when needed thus economizing your operating system's space not overburdening your computer with extra processes day by day.

  3. #3
    Join Date
    Jan 2006
    Posts
    4,221

    Re: Public Messenger ver 2.03 virus

    Download Malwarebytes it is Anti-Malware install it and and scan you pc also check for updates for better security install avast antivirus which is capable to remove it. and download files only from trusted source. try this to remove it Prevention against spyware and viruses

  4. #4
    Join Date
    Aug 2007
    Posts
    1,098

    Re: Public Messenger ver 2.03 virus

    its file exist as C:\Program Files\IntCodec\uninst.exe check this How to remove rootkits and other spyware without booting hard disk ? and Guide to Kaspersky Rescue Disk which can be helpful to you Guide to Kaspersky Rescue Disk

Similar Threads

  1. Replies: 10
    Last Post: 08-09-2011, 10:22 PM
  2. Maxell 4GB flash drive 'public' disk isn't so public
    By first-born in forum Portable Devices
    Replies: 5
    Last Post: 22-12-2010, 07:39 AM
  3. Msn Messenger "foto" Virus
    By Corwinn in forum Networking & Security
    Replies: 6
    Last Post: 19-07-2010, 11:19 AM
  4. Replies: 1
    Last Post: 22-07-2009, 03:37 PM
  5. Replies: 1
    Last Post: 25-10-2007, 07:30 PM

Tags for this Thread

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
Page generated in 1,711,691,215.78931 seconds with 17 queries