Toon posts:

[XP Home] prmsgm.exe start iedere keer op

Pagina: 1
Acties:

woensdag 19 mei 2004 19:22

Acties:
  • Pieter.txt
  • Registratie: September 2002
  • Laatst online: 08:55

Pieter.txt

Topicstarter
Ik probeer een computer met een aantal virussen en een groot aantal spy- en adware schoon te krijgen. Dit lukt best aardig, behalve één ding.
Iedere dat de computer opstart verschijnt een DOS vensten als gevolg van een programma met de bestandsnaam prmsgm.exe
Ik heb nergens iets over dit bestand kunnen vinden, en ik durf het ook niet zonder meer te verwijderen.

Weet iemand hier meer van?

Met behulp van het programma Hijack This, heb ik een overzicht gemaakt van de programma's die bij het opstarten worden uitgevoerd en ook zaken uit het register staan in dit log. Misschien stelt het iemand in staat mij te helpen.
Bij voorbaat dank.

code:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206

---------------------------------------------------------
Startup list
---------------------------------------------------------
StartupList report, 15-5-2004, 20:21:16
StartupList version: 1.52
Detected: Windows XP SP1 (WinNT 5.01.2600)
Detected: Internet Explorer v6.00 SP1 (6.00.2800.1106)
* Using default options
==================================================

Running processes:

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\atiptaxx.exe
C:\Program Files\Messenger Plus! 2\MsgPlus.exe
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Enigma Software Group\SpyHunter\MemScanner.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\winlogon.exe
C:\Documents and Settings\René\Bureaublad\hijackthis\HijackThis.exe
C:\Program Files\Internet Explorer\iexplore.exe

--------------------------------------------------

Listing of startup folders:

Shell folders Common Startup:
[C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten]
Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

--------------------------------------------------

Checking Windows NT UserInit:

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

AtiPTA = atiptaxx.exe
MessengerPlus2 = "C:\Program Files\Messenger Plus! 2\MsgPlus.exe"
NAV Agent = C:\PROGRA~1\NORTON~1\navapw32.exe
SpeedTouch USB Diagnostics = "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
18607729.exe = C:\WINDOWS\System32\18607729.exe
QuickTime Task = "C:\Program Files\QuickTime\qttask.exe" -atboottime
prmsgm = C:\WINDOWS\System32\prmsgm.exe
!!!008 =
SpyHunter = C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter.exe
MemScanner = C:\Program Files\Enigma Software Group\SpyHunter\MemScanner.exe

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run

Symantec NetDriver Monitor = C:\PROGRA~1\Symantec\LIVEUP~1\SNDMon.EXE

--------------------------------------------------

Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:

Shell=*INI section not found*
SCRNSAVE.EXE=*INI section not found*
drivers=*INI section not found*

Shell & screensaver key from Registry:

Shell=Explorer.exe
SCRNSAVE.EXE=C:\WINDOWS\System32\logon.scr
drivers=*Registry value not found*

Policies Shell key:

HKCU\..\Policies: Shell=*Registry key not found*
HKLM\..\Policies: Shell=*Registry value not found*

--------------------------------------------------

Enumerating Browser Helper Objects:

(no name) - C:\WINDOWS\mxTarget.dll - {0000607D-D204-42C7-8E46-216055BF9918}
(no name) - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
(no name) - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll - {53707962-6F74-2D53-2644-206D7942484F}
(no name) - (no file) - {A40763AB-ED5F-F7B4-9BD7-5B1C1EB6C30F}
(no name) - C:\Program Files\Norton AntiVirus\NavShExt.dll - {BDF3E430-B101-42AD-A544-FADC6B084872}

--------------------------------------------------

Enumerating Task Scheduler jobs:

Symantec NetDetect.job
Norton AntiVirus - Mijn computer scannen.job

--------------------------------------------------

Enumerating Download Program Files:

[Checkers Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\msgrchkr.dll
CODEBASE = »messenger.zone.msn.com/binary/msgrchkr..

[Microsoft Office Template and Media Control]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\IEAWSDC.DLL
CODEBASE = »office.microsoft.com/templates/ieawsdc..

[QuickTime Object]
InProcServer32 = C:\Program Files\QuickTime\QTPlugin.ocx
CODEBASE = »www.apple.com/qtactivex/qtplugin.cab

[Shockwave ActiveX Control]
InProcServer32 = C:\WINDOWS\system32\Macromed\Director\SwDir.dll
CODEBASE = »download.macromedia.com/pub/shockwave/..

[MSSecurityAdvisor Class]
InProcServer32 = C:\WINDOWS\System32\mssecadv.dll
CODEBASE = »download.microsoft.com/download/0/5/c/..

[Minesweeper Flags Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\minesweeper.dll
CODEBASE = »messenger.zone.msn.com/binary/MineSwee..

[Symantec AntiVirus scanner]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\avsniff.dll
CODEBASE = »security.symantec.com/sscv6/SharedCont..

[OPUCatalog Class]
InProcServer32 = C:\WINDOWS\System32\opuc.dll
CODEBASE = »office.microsoft.com/productupdates/co..

[FileSharingCtrl Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\fsmsngr-nl.dll
CODEBASE = »appdirectory.messenger.msn.com/AppDire..

[Symantec RuFSI Utility Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\rufsi.dll
CODEBASE = »security.symantec.com/sscv6/SharedCont..

[ExentInf Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\ExentCtl.ocx
CODEBASE = »pgc.planet.nl/classes/ExentCtl.ocx

[GSDACtl Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\gsda.dll
CODEBASE = »launch.gamespyarcade.com/software/laun..

[AvxScanOnline Control]
InProcServer32 = C:\WINDOWS\AvxOScan\BITDEF~1.OCX
CODEBASE = »www.bitdefender.com/scan/Msie/bitdefen..

[MessengerStatsClient Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\messengerstatsclient.dll
CODEBASE = »messenger.zone.msn.com/binary/Messenge..

[HeartbeatCtl Class]
InProcServer32 = C:\WINDOWS\DOWNLO~1\hrtbeat.ocx
CODEBASE = »fdl.msn.com/zone/datafiles/heartbeat.cab

[RealArcadeRdxIE Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\RealArcadeRdxIE.dll
CODEBASE = »games-dl.real.com/gameconsole/Bundler/..

[ActiveDataInfo Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\SymAData.dll
CODEBASE = »https://www-secure.symantec.com/techsupp/activ..

[Shockwave Flash Object]
InProcServer32 = C:\WINDOWS\System32\macromed\flash\Flash.ocx
CODEBASE = »fpdownload.macromedia.com/pub/shockwav..

[ActiveDataObj Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\ActiveData.dll
CODEBASE = »https://www-secure.symantec.com/techsupp/activ..

[ddm_download.ddm_control]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\TEST.OCX
CODEBASE = »download.rfwnad.com/cab/dlexe.CAB

[{F57D17AE-CE37-4BC8-B232-EA57747BE5E7}]
CODEBASE = »66.230.146.53/EPlugin_NL.cab

[Solitaire Showdown Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\solitaireshowdown.dll
CODEBASE = »messenger.zone.msn.com/binary/Solitair..

--------------------------------------------------

Enumerating ShellServiceObjectDelayLoad items:

PostBootReminder: C:\WINDOWS\system32\SHELL32.dll
CDBurn: C:\WINDOWS\system32\SHELL32.dll
WebCheck: C:\WINDOWS\System32\webcheck.dll
SysTray: C:\WINDOWS\System32\stobject.dll

code:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86

----------------------------------------------------------
Hijack this log file
----------------------------------------------------------
Logfile of HijackThis v1.97.7
Scan saved at 20:29:37, on 15-5-2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\atiptaxx.exe
C:\Program Files\Messenger Plus! 2\MsgPlus.exe
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Enigma Software Group\SpyHunter\MemScanner.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\winlogon.exe
C:\Documents and Settings\René\Bureaublad\hijackthis\HijackThis.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = »www.microsoft.com/isapi/redir.dll?prd=..
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = »www.google.nl/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = »ie.search.msn.com/{SUB_RFC1766}/srchas..
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = »www.msn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = »ie.search.msn.com/{SUB_RFC1766}/srchas..
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = »www.microsoft.com/isapi/redir.dll?prd=..
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = »www.microsoft.com/isapi/redir.dll?prd=..
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Startpagina = »www.microsoft.com/Msoffice/
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: (no name) - {0000607D-D204-42C7-8E46-216055BF9918} - C:\WINDOWS\mxTarget.dll
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {A40763AB-ED5F-F7B4-9BD7-5B1C1EB6C30F} - (no file)
O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [MessengerPlus2] "C:\Program Files\Messenger Plus! 2\MsgPlus.exe"
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [18607729.exe] C:\WINDOWS\System32\18607729.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [] c:\WINDOWS\System32\
O4 - HKLM\..\Run: [prmsgm] C:\WINDOWS\System32\prmsgm.exe
O4 - HKLM\..\Run: [zzb] c:\WINDOWS\System32\zzb.exe
O4 - HKLM\..\Run: [SpyHunter] C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter.exe
O4 - HKLM\..\Run: [MemScanner] C:\Program Files\Enigma Software Group\SpyHunter\MemScanner.exe
O4 - HKCU\..\Run: [] c:\WINDOWS\System32\
O4 - HKCU\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\Symantec\LIVEUP~1\SNDMon.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} (Microsoft Office Template and Media Control) - http://office.microsoft.com/templates/ieawsdc.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {19E28AFC-EAE3-4CE5-AC83-2407B42F57C9} (MSSecurityAdvisor Class) - http://download.microsoft.com/download/0/5/c/05c905f4-dd30-427d-a3de-373c3e5552fc/msSecAdv.cab?1083843346383
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {597C45C2-2D39-11D5-8D53-0050048383FE} (OPUCatalog Class) - http://office.microsoft.com/productupdates/content/opuc.cab
O16 - DPF: {6211AC26-A1B4-422A-AC52-1E70B7D24465} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/FileSharing/nl/filesharingctrl.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) - http://pgc.planet.nl/classes/ExentCtl.ocx
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamespyarcade.com/software/launch/alaunch.cab
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
O16 - DPF: {AE1C01E3-0283-11D3-9B3F-00C04F8EF466} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {B942A249-D1E7-4C11-98AE-FCB76B08747F} (RealArcadeRdxIE Class) - http://games-dl.real.com/gameconsole/Bundler/CAB/RealArcadeRdxIE.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/activedata/SymAData.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.symantec.com/techsupp/activedata/ActiveData.cab
O16 - DPF: {F5192746-22D6-41BD-9D2D-1E75D14FBD3C} (ddm_download.ddm_control) - http://download.rfwnad.com/cab/dlexe.CAB
O16 - DPF: {F57D17AE-CE37-4BC8-B232-EA57747BE5E7} - http://66.230.146.53/EPlugin_NL.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab

O'Toole's Commentary on Murphy's Law: Murphy was an optimist.

woensdag 19 mei 2004 19:26

Acties:
  • Mike Jarod
  • Registratie: Januari 2002
  • Niet online

Mike Jarod

Deze lijken me niet helemaal pluis:
code:
1
2
3
4
5
6
7
8

O2 - BHO: (no name) - {0000607D-D204-42C7-8E46-216055BF9918} - C:\WINDOWS\mxTarget.dll
O4 - HKLM\..\Run: [18607729.exe] C:\WINDOWS\System32\18607729.exe
O4 - HKLM\..\Run: [] c:\WINDOWS\System32\
O4 - HKLM\..\Run: [prmsgm] C:\WINDOWS\System32\prmsgm.exe
O4 - HKLM\..\Run: [zzb] c:\WINDOWS\System32\zzb.exe
O4 - HKCU\..\Run: [] c:\WINDOWS\System32\
16 - DPF: {F5192746-22D6-41BD-9D2D-1E75D14FBD3C} (ddm_download.ddm_control) - http://download.rfwnad.com/cab/dlexe.CAB
O16 - DPF: {F57D17AE-CE37-4BC8-B232-EA57747BE5E7} - http://66.230.146.53/EPlugin_NL.cab

woensdag 19 mei 2004 19:35

Acties:
  • alt-92
  • Registratie: Maart 2000
  • Niet online

alt-92

ye olde farte

Pieter.txt schreef op 19 mei 2004 @ 19:22:
Ik probeer een computer met een aantal virussen en een groot aantal spy- en adware schoon te krijgen. Dit lukt best aardig, behalve één ding.
Één ding?
*kuch*
code:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16

R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: (no name) - {0000607D-D204-42C7-8E46-216055BF9918} - C:\WINDOWS\mxTarget.dll
O2 - BHO: (no name) - {A40763AB-ED5F-F7B4-9BD7-5B1C1EB6C30F} - (no file)

O4 - HKLM\..\Run: [18607729.exe] C:\WINDOWS\System32\18607729.exe
O4 - HKLM\..\Run: [] c:\WINDOWS\System32\
O4 - HKLM\..\Run: [prmsgm] C:\WINDOWS\System32\prmsgm.exe
O4 - HKLM\..\Run: [zzb] c:\WINDOWS\System32\zzb.exe
O4 - HKCU\..\Run: [] c:\WINDOWS\System32\

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamespyarcade.com/software/launch/alaunch.cab

O16 - DPF: {F5192746-22D6-41BD-9D2D-1E75D14FBD3C} (ddm_download.ddm_control) - http://download.rfwnad.com/cab/dlexe.CAB
O16 - DPF: {F57D17AE-CE37-4BC8-B232-EA57747BE5E7} - http://66.230.146.53/EPlugin_NL.cab


mv > BV dan maar?

ik heb een 864 GB floppydrive! - certified prutser - the social skills of a thermonuclear device

woensdag 19 mei 2004 19:38

Acties:
  • Mike Jarod
  • Registratie: Januari 2002
  • Niet online

Mike Jarod

NPDocBox.dll is van Adobe, GameSpy bevat afaik geen spyware ;)

woensdag 19 mei 2004 22:01

Acties:
  • Pieter.txt
  • Registratie: September 2002
  • Laatst online: 08:55

Pieter.txt

Topicstarter
Hmm, Ik heb toch echt al een aantal keer ad-aware en spy bot S&D uitgevoerd 8)7 .

Maar goed, waar komt deze dus vandaan:
O4 - HKLM\..\Run: [prmsgm] C:\WINDOWS\System32\prmsgm.exe

Geen enkele site (voorzover ik weet) zegt er iets over.

[ Voor 3% gewijzigd door Pieter.txt op 19-05-2004 22:01 ]

O'Toole's Commentary on Murphy's Law: Murphy was an optimist.

woensdag 19 mei 2004 22:03

Acties:
  • Mike Jarod
  • Registratie: Januari 2002
  • Niet online

Mike Jarod

Vermoedelijk random (willekeurig :P) gegenereerde bestandsnaam van malware.

woensdag 19 mei 2004 22:08

Acties:
  • momania
  • Registratie: Mei 2000
  • Laatst online: 05:21

momania

iPhone 30! Bam!

Windows Operating Systems >> Beveiliging & Virussen :)

Neem je whisky mee, is het te weinig... *zucht*

woensdag 19 mei 2004 22:12

Acties:

Verwijderd

Scan die file eens hier: http://www.kaspersky.com/scanforvirus.html

code:
1
2

EPlugin_NL.cab\EPlugin.ocx  is infected with a virus not-a-virus:PornWare.Dialer.SexGate
\dlexe.CAB\test.ocx is infected with a virus TrojanDownloader.Win32.Dia.a

Die laatste is lekker oud btw...

donderdag 20 mei 2004 11:20

Acties:
  • Pieter.txt
  • Registratie: September 2002
  • Laatst online: 08:55

Pieter.txt

Topicstarter
@momania: Sorry, ik had dat forum niet gezien

@Mike Jarod: zou ik dat bestandje dan ook zomaar kunnen verwijderen?

O'Toole's Commentary on Murphy's Law: Murphy was an optimist.

donderdag 20 mei 2004 11:45

Acties:
  • Mike Jarod
  • Registratie: Januari 2002
  • Niet online

Mike Jarod

Pieter.txt schreef op 20 mei 2004 @ 11:20:
@Mike Jarod: zou ik dat bestandje dan ook zomaar kunnen verwijderen?
Je zou 'm even zoals Schouw al zei door de Kaspersky online scanner (hier) kunnen halen om te kijken of het een bekend virus is. Andere optie is hier, daar wordt met meerdere scanners tegelijk gescand. Als ie herkend wordt kan je vast wel via Google er achter komen wat dat virus zoal doet.

Je kan 'm ook gewoon weghalen, maar er bestaat malware die minder prettige dingen uithaalt als je ze probeert te verwijderen (bv harde schijf wissen oid, maar dat komt niet vaak voor). Vandaar dat je beter eerst even uit kan zoeken wat voor iets het is voordat je het verwijdert.

Ik ben altijd zo'n lul die alles gewoon verwijdert :P Maarja ooit zal dat nog wel eens misgaan...

zondag 23 mei 2004 17:56

Acties:
  • Pieter.txt
  • Registratie: September 2002
  • Laatst online: 08:55

Pieter.txt

Topicstarter
Ik zal de gegeven tips uitproberen
Ik zie wel hoe ver ik kom ;)

O'Toole's Commentary on Murphy's Law: Murphy was an optimist.

Pagina: 1
Reageer

Apple iPhone 17 LG OLED evo G5 Google Pixel 10 Samsung Galaxy S25 Star Wars: Outlaws Nintendo Switch 2 Apple AirPods Pro (2e generatie) Sony PlayStation 5 Pro

Tweakers is onderdeel van DPG Media B.V.
Alle rechten voorbehouden - Auteursrecht © 1998 - 2025 Hosting door TrueFullstaq