Author Topic: ph.com virus  (Read 4185 times)

Offline hqfwo

  • Newbie
  • *
  • Posts: 1
    • Personal Message (Offline)
ph.com virus
« on: August 30, 2008, 06:10:53 AM »
ph.com virus activated my pc please help me what i do. i use avast scan through but not clean pc is too slow.

 ph.com Associated Malware Groups
The filename PH.COM is used by multiple object types including objects,executable programs

Offline lind

  • Jr. Member
  • **
  • Posts: 29
  • Gender: Male
  • "Two of a Kind"
    • Personal Message (Offline)
Re: ph.com virus
« Reply #1 on: August 30, 2008, 09:44:51 AM »
    ph.com virus activated my pc please help me what i do. i use avast scan through but not clean pc is too slow.

     ph.com Associated Malware Groups
    The filename PH.COM is used by multiple object types including objects,executable programs


    Hi hqfwo

    This is my information about your Files (ph.com)

    File Behaviour

    PH.COM has been seen to perform the following behavior:
    Quote
        * The Process is packed and/or encrypted using a software packing process
        * This Process Deletes Other Processes From Disk
        * This Process Creates Other Processes On Disk
        * Loads and Executes a System Driver File
        * Creates a new Background Service on the machine
        * Registers a Dynamic Link Library File
        * Executes a Process

    PH.COM has been the subject of the following behavior:

    Quote
        * Created as a process on disk
        * Deleted as a process from disk
        * Executed as a Process
        * Executed from Temporary Folders
        * Has code inserted into its Virtual Memory space by other programs
        * Copied to multiple locations on the system
        * This program is often downloaded from the web
        * Downloaded from covert web sites without the user knowing
        * Registered as a Dynamic Link Library File
        * Added as a Registry auto start to load Program on Boot up

    Associated Malware Groups

    The unsafe files using this name are associated with the malware groups:

        * Rootkit
        * Cloaked Malware


    File Type

    The filename PH.COM is used by multiple object types including objects,executable programs.

    I strongly Suggest You Scan Your PC using SuperAntiSpywere

    link :
    http://www.superantispyware.com/downloadfile.html?productid=SUPERANTISPYWARE

    2nd[/color] We Have Malwarebytes'

    If you follow these instructions, everything should go smoothly.


        Please download Malwarebytes' Anti-Malware and save it to a convenient location.
    [list=1]
       
    • Double click on mbam-setup.exe to install it.
         
    • Before clicking the Finish button, make sure that these 2 boxes are checked (ticked):
        Update Malwarebytes' Anti-Malware
            Launch Malwarebytes' Anti-Malware
      • Malwarebytes' Anti-Malware will now check for updates. If your firewall prompts, please allow it. If you can't update it, select the Update tab. Under Update Mirror, select one of the websites and click on Check for Updates.
           
      • Select the Scanner tab. Click on Perform full scan, then click on Scan.
           
      • Leave the default options as it is and click on Start Scan.
           
      • When done, you will be prompted. Click OK, then click on Show Results.
           
      • Checked (ticked) all items and click on Remove Selected.
           
      • After it has removed the items, Notepad will open. Please post this log in your next reply. You can also find the log in the Logs tab. The bottom most log is the latest.
      Next,
           
      • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
           
      • Double click on RSIT.exe to run RSIT.
           
      • Click Continue at the disclaimer screen.
           
      • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)
      Please post the following:
      • The Malwarebyte's Anti-Malware log
      • The contents of log.txt
      • The contents of info.txt
      Quote
      Just Update it First then performed a scan be sure that your avast is fully updated till date
      « Last Edit: September 03, 2008, 12:10:57 PM by lind »

      Offline DavidR

      • avast! Überevangelist
      • Certainly Bot
      • *****
      • Posts: 69200
      • Gender: Male
      • No support PMs thanks
        • Personal Message (Offline)
      Re: ph.com virus
      « Reply #2 on: August 30, 2008, 02:57:44 PM »
      If avast didn't detect this:
      Send the sample to virus@avast.com zipped and password protected with the password in email body, a link to this topic might help and undetected malware in the subject.

      Or you can also add the file to the User Files (File, Add) section of the avast chest (if it isn't already there) where it can do no harm and send it from there (select the file, right click, email to Alwil Software). No need to zip and PW protect when the sample is sent from chest. A copy of the file/s will remain in the original location, so any further action you take can remove that.
      Core2Duo E8300/ 4GB Ram/ WinXP ProSP3/ avast! free 2014 9.0.2016/ Outpost Firewall Pro9.1/ Firefox 28.0, NoScript, RequestPolicy/ MailWasher Pro/ DropMyRights/ MalwareBytes AntiMalware Premium 2.0.1/ WinPatrol+/ Drive Image 7.1/ SnagIt 10.0/ avast! mobile security

      Offline wyrmrider

      • avast! Evangelist
      • Super Poster
      • ***
      • Posts: 1299
        • Personal Message (Offline)
      Re: ph.com virus
      « Reply #3 on: August 30, 2008, 03:41:25 PM »
      Hi
      to pull this together
      rt click on the avast ball and update-program
      then rt click and schedule a boot time scan
      send any hits to the chest

      (this can be done before or after the SAS scan)
      with SAS be sure to update before scanning
      send any hits to quarantine- do not remove/delete

      then Download Malware bytes anti malware, update  and run a free scan
      put a checkmark next to any baddie found
      then click REMOVE- a backup will also be made

      post up all of the logs

      when we determine which is the operative baddie- there may be many- we'll do what DavidR suggests


       

      Google Chrome

      AVAST recommends using the FREE Google Chrome™ browser.

      Download Google Chrome Now