1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Solved: URGENT! Trojan Peacomm

Discussion in 'Virus & Other Malware Removal' started by mom2inky, Jan 31, 2007.

Thread Status:
Not open for further replies.
Advertisement
  1. mom2inky

    mom2inky Thread Starter

    Joined:
    Sep 16, 2005
    Messages:
    333
    my sister (in Texas) has xp and norton 2006; she installed the live updates on the 14th and on the 22nd this virus got on her pc..what can be done to remove it? thanks much!!!
     
  2. Cheeseball81

    Cheeseball81 Retired Moderator

    Joined:
    Mar 3, 2004
    Messages:
    84,315
    it appears to be a Norton sales ploy and it is going wrong.
    It seems the update servers are somewhat overloaded so error messages are coming out.
    It's just warning you that you need to update norton NOT that you have the virus.
    I would check and see if more updated definitions are available.
     
  3. mom2inky

    mom2inky Thread Starter

    Joined:
    Sep 16, 2005
    Messages:
    333
  4. Cheeseball81

    Cheeseball81 Retired Moderator

    Joined:
    Mar 3, 2004
    Messages:
    84,315
    That is what I was told by another Moderator here who specializes in Security.

    Let's see what a Hijack This log shows.

    * Click here to download HJTsetup.exe.
    Save HJTsetup.exe to your desktop.

    Double click on the HJTsetup.exe icon on your desktop.
    By default it will install to C:\Program Files\Hijack This.
    Continue to click Next in the setup dialogue boxes until you get to the Select Addition Tasks dialogue.
    Put a check by Create a desktop icon then click Next again.
    Continue to follow the rest of the prompts from there.
    At the final dialogue box click Finish and it will launch Hijack This.
    Click on the Do a system scan and save a log file button. It will scan and then ask you to save the log.
    Click Save to save the log file and then the log will open in notepad.
    Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
    Come back here to this thread and Paste the log in your next reply.
    DO NOT have Hijack This fix anything yet. Most of what it finds will be harmless or even required.
     
  5. mom2inky

    mom2inky Thread Starter

    Joined:
    Sep 16, 2005
    Messages:
    333
    forgive me, but my sister.............i got on symantec's live chat and had my sister follow their instructions per below. my sister encountered these results. any help guys??? let me know first, please. thanks for your patience!!! and great help!!!!
    after following the instructions on the following (1) http://www.symantec.com/security_response/writeup.jsp?docid=2007-011917-1403-99&tabid=3 and
    (2) http://www.symantec.com/security_response/writeup.jsp?docid=2004-050614-0532-99

    per symantec, i tried to "install" UnHookExec.inf but it opened a page with the following information:
    [Version]
    Signature="$Chicago$"
    Provider=Symantec

    [DefaultInstall]
    AddReg=UnhookRegKey

    [UnhookRegKey]
    HKLM, Software\CLASSES\batfile\shell\open\command,,,"""%1"" %*"
    HKLM, Software\CLASSES\comfile\shell\open\command,,,"""%1"" %*"
    HKLM, Software\CLASSES\exefile\shell\open\command,,,"""%1"" %*"
    HKLM, Software\CLASSES\piffile\shell\open\command,,,"""%1"" %*"
    HKLM, Software\CLASSES\regfile\shell\open\command,,,"regedit.exe ""%1"""
    HKLM, Software\CLASSES\scrfile\shell\open\command,,,"""%1"" %*"
    HKCU, Software\Microsoft\Windows\CurrentVersion\Policies\System,DisableRegistryTools,0x00000020,0

    I returned to the original site: http://www.symantec.com/security_response/writeup.jsp?docid=2007-011917-1403-99&tabid=3

    opened the registry to locate (per symantec's instructions)
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wincom32

    there was no "wincom32" under Services. why wouldn't UnHookExec.inf install? why couldn't i she find "wincom32"?
     
  6. Cheeseball81

    Cheeseball81 Retired Moderator

    Joined:
    Mar 3, 2004
    Messages:
    84,315
    What is the filename that Norton detects this trojan?
     
  7. mom2inky

    mom2inky Thread Starter

    Joined:
    Sep 16, 2005
    Messages:
    333
    per symantec, since they wanted her to go to the registry and delete "wincom32" in HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wincom32
    i would assume that would be the file; just talked to my sister and she learned of this virus because norton popped up and said "oops, you have the trojan peacomm on your pc" lol lol what was hat UnHookExec.inf suppose to do?
     
  8. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,236
    First Name:
    Derek
    before doing anything with unhook.inf post the HJT log

    as far as I can see unless HJT shows anything it sounds like symantec are still trying to sell your sister the 2007 version of norton
     
  9. mom2inky

    mom2inky Thread Starter

    Joined:
    Sep 16, 2005
    Messages:
    333
    dvk01..is this the log?
    per symantec, i tried to "install" UnHookExec.inf but it opened a page with the following information:
    [Version]
    Signature="$Chicago$"
    Provider=Symantec

    [DefaultInstall]
    AddReg=UnhookRegKey

    [UnhookRegKey]
    HKLM, Software\CLASSES\batfile\shell\open\command,,,"""%1"" %*"
    HKLM, Software\CLASSES\comfile\shell\open\command,,,"""%1"" %*"
    HKLM, Software\CLASSES\exefile\shell\open\command,,,"""%1"" %*"
    HKLM, Software\CLASSES\piffile\shell\open\command,,,"""%1"" %*"
    HKLM, Software\CLASSES\regfile\shell\open\command,,,"regedit.exe ""%1"""
    HKLM, Software\CLASSES\scrfile\shell\open\command,,,"""%1"" %*"
    HKCU, Software\Microsoft\Windows\CurrentVersion\Policies\System,DisableRegistryTo ols,0x00000020,0 ??
     
  10. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,236
    First Name:
    Derek
    do what cheeseball said in post 4 & run hjt & post it's log

    I don't think you have peacomm at all
     
  11. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,236
    First Name:
    Derek
    Illusion666
    I have moved your post to a new thread here
    http://forums.techguy.org/security/555625-hijacked.html

    As this appears to be solved I am closing this thread now if the original poster needs more help please pm me or another moderator who will reopen

    Anybody else with the same problem please start your own thread
     
  12. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Similar Threads - Solved URGENT Trojan
  1. aboodian
    Replies:
    0
    Views:
    399
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/539986

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice