Avast WEBforum

Other => Viruses and worms => Topic started by: hqfwo on August 30, 2008, 08:10:53 AM

Title: ph.com virus
Post by: hqfwo on August 30, 2008, 08:10:53 AM
ph.com virus activated my pc please help me what i do. i use avast scan through but not clean pc is too slow.

 ph.com Associated Malware Groups
The filename PH.COM is used by multiple object types including objects,executable programs
Title: Re: ph.com virus
Post by: lind on August 30, 2008, 11:44:51 AM
Quote from: hqfwo on August 30, 2008, 08:10:53 AM
ph.com virus activated my pc please help me what i do. i use avast scan through but not clean pc is too slow.

 ph.com Associated Malware Groups
The filename PH.COM is used by multiple object types including objects,executable programs


Hi hqfwo

This is my information about your Files (ph.com)

File Behaviour

PH.COM has been seen to perform the following behavior:
Quote
    * The Process is packed and/or encrypted using a software packing process
    * This Process Deletes Other Processes From Disk
    * This Process Creates Other Processes On Disk
    * Loads and Executes a System Driver File
    * Creates a new Background Service on the machine
    * Registers a Dynamic Link Library File
    * Executes a Process

PH.COM has been the subject of the following behavior:

Quote
    * Created as a process on disk
    * Deleted as a process from disk
    * Executed as a Process
    * Executed from Temporary Folders
    * Has code inserted into its Virtual Memory space by other programs
    * Copied to multiple locations on the system
    * This program is often downloaded from the web
    * Downloaded from covert web sites without the user knowing
    * Registered as a Dynamic Link Library File
    * Added as a Registry auto start to load Program on Boot up

Associated Malware Groups

The unsafe files using this name are associated with the malware groups:

    * Rootkit
    * Cloaked Malware

File Type

The filename PH.COM is used by multiple object types including objects,executable programs.

I strongly Suggest You Scan Your PC using SuperAntiSpywere

link :  http://www.superantispyware.com/downloadfile.html?productid=SUPERANTISPYWARE

2nd[/color] We Have Malwarebytes'

If you follow these instructions, everything should go smoothly.


    Please download Malwarebytes' Anti-Malware (http://www.besttechie.net/tools/mbam-setup.exe) and save it to a convenient location.
[list=1]
   
  • Double click on mbam-setup.exe to install it.
       
  • Before clicking the Finish button, make sure that these 2 boxes are checked (ticked):
      Update Malwarebytes' Anti-Malware
          Launch Malwarebytes' Anti-Malware
    • Malwarebytes' Anti-Malware will now check for updates. If your firewall prompts, please allow it. If you can't update it, select the Update tab. Under Update Mirror, select one of the websites and click on Check for Updates.
         
    • Select the Scanner tab. Click on Perform full scan, then click on Scan.
         
    • Leave the default options as it is and click on Start Scan.
         
    • When done, you will be prompted. Click OK, then click on Show Results.
         
    • Checked (ticked) all items and click on Remove Selected.
         
    • After it has removed the items, Notepad will open. Please post this log in your next reply. You can also find the log in the Logs tab. The bottom most log is the latest.
    Next,
         
    • Download random's system information tool (RSIT) by random/random from here (http://images.malwareremoval.com/random/RSIT.exe) and save it to your desktop.
         
    • Double click on RSIT.exe to run RSIT.
         
    • Click Continue at the disclaimer screen.
         
    • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)
    Please post the following:
    • The Malwarebyte's Anti-Malware log
    • The contents of log.txt
    • The contents of info.txt
    Quote
    Just Update it First then performed a scan be sure that your avast is fully updated till date
    Title: Re: ph.com virus
    Post by: DavidR on August 30, 2008, 04:57:44 PM
    If avast didn't detect this:
    Send the sample to virus@avast.com zipped and password protected with the password in email body, a link to this topic might help and undetected malware in the subject.

    Or you can also add the file to the User Files (File, Add) section of the avast chest (if it isn't already there) where it can do no harm and send it from there (select the file, right click, email to Alwil Software). No need to zip and PW protect when the sample is sent from chest. A copy of the file/s will remain in the original location, so any further action you take can remove that.
    Title: Re: ph.com virus
    Post by: wyrmrider on August 30, 2008, 05:41:25 PM
    Hi
    to pull this together
    rt click on the avast ball and update-program
    then rt click and schedule a boot time scan
    send any hits to the chest

    (this can be done before or after the SAS scan)
    with SAS be sure to update before scanning
    send any hits to quarantine- do not remove/delete

    then Download Malware bytes anti malware, update  and run a free scan
    put a checkmark next to any baddie found
    then click REMOVE- a backup will also be made

    post up all of the logs

    when we determine which is the operative baddie- there may be many- we'll do what DavidR suggests