Solved: URGENT! Trojan Peacomm

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

mom2inky

Thread Starter
Joined
Sep 16, 2005
Messages
333
my sister (in Texas) has xp and norton 2006; she installed the live updates on the 14th and on the 22nd this virus got on her pc..what can be done to remove it? thanks much!!!
 

Cheeseball81

Retired Moderator
Joined
Mar 3, 2004
Messages
84,315
it appears to be a Norton sales ploy and it is going wrong.
It seems the update servers are somewhat overloaded so error messages are coming out.
It's just warning you that you need to update norton NOT that you have the virus.
I would check and see if more updated definitions are available.
 

Cheeseball81

Retired Moderator
Joined
Mar 3, 2004
Messages
84,315
That is what I was told by another Moderator here who specializes in Security.

Let's see what a Hijack This log shows.

* Click here to download HJTsetup.exe.
Save HJTsetup.exe to your desktop.

Double click on the HJTsetup.exe icon on your desktop.
By default it will install to C:\Program Files\Hijack This.
Continue to click Next in the setup dialogue boxes until you get to the Select Addition Tasks dialogue.
Put a check by Create a desktop icon then click Next again.
Continue to follow the rest of the prompts from there.
At the final dialogue box click Finish and it will launch Hijack This.
Click on the Do a system scan and save a log file button. It will scan and then ask you to save the log.
Click Save to save the log file and then the log will open in notepad.
Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
Come back here to this thread and Paste the log in your next reply.
DO NOT have Hijack This fix anything yet. Most of what it finds will be harmless or even required.
 

mom2inky

Thread Starter
Joined
Sep 16, 2005
Messages
333
forgive me, but my sister.............i got on symantec's live chat and had my sister follow their instructions per below. my sister encountered these results. any help guys??? let me know first, please. thanks for your patience!!! and great help!!!!
after following the instructions on the following (1) http://www.symantec.com/security_response/writeup.jsp?docid=2007-011917-1403-99&tabid=3 and
(2) http://www.symantec.com/security_response/writeup.jsp?docid=2004-050614-0532-99

per symantec, i tried to "install" UnHookExec.inf but it opened a page with the following information:
[Version]
Signature="$Chicago$"
Provider=Symantec

[DefaultInstall]
AddReg=UnhookRegKey

[UnhookRegKey]
HKLM, Software\CLASSES\batfile\shell\open\command,,,"""%1"" %*"
HKLM, Software\CLASSES\comfile\shell\open\command,,,"""%1"" %*"
HKLM, Software\CLASSES\exefile\shell\open\command,,,"""%1"" %*"
HKLM, Software\CLASSES\piffile\shell\open\command,,,"""%1"" %*"
HKLM, Software\CLASSES\regfile\shell\open\command,,,"regedit.exe ""%1"""
HKLM, Software\CLASSES\scrfile\shell\open\command,,,"""%1"" %*"
HKCU, Software\Microsoft\Windows\CurrentVersion\Policies\System,DisableRegistryTools,0x00000020,0

I returned to the original site: http://www.symantec.com/security_response/writeup.jsp?docid=2007-011917-1403-99&tabid=3

opened the registry to locate (per symantec's instructions)
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wincom32

there was no "wincom32" under Services. why wouldn't UnHookExec.inf install? why couldn't i she find "wincom32"?
 

mom2inky

Thread Starter
Joined
Sep 16, 2005
Messages
333
per symantec, since they wanted her to go to the registry and delete "wincom32" in HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wincom32
i would assume that would be the file; just talked to my sister and she learned of this virus because norton popped up and said "oops, you have the trojan peacomm on your pc" lol lol what was hat UnHookExec.inf suppose to do?
 

dvk01

Derek
Retired Moderator Retired Malware Specialist
Joined
Dec 14, 2002
Messages
56,452
before doing anything with unhook.inf post the HJT log

as far as I can see unless HJT shows anything it sounds like symantec are still trying to sell your sister the 2007 version of norton
 

mom2inky

Thread Starter
Joined
Sep 16, 2005
Messages
333
dvk01..is this the log?
per symantec, i tried to "install" UnHookExec.inf but it opened a page with the following information:
[Version]
Signature="$Chicago$"
Provider=Symantec

[DefaultInstall]
AddReg=UnhookRegKey

[UnhookRegKey]
HKLM, Software\CLASSES\batfile\shell\open\command,,,"""%1"" %*"
HKLM, Software\CLASSES\comfile\shell\open\command,,,"""%1"" %*"
HKLM, Software\CLASSES\exefile\shell\open\command,,,"""%1"" %*"
HKLM, Software\CLASSES\piffile\shell\open\command,,,"""%1"" %*"
HKLM, Software\CLASSES\regfile\shell\open\command,,,"regedit.exe ""%1"""
HKLM, Software\CLASSES\scrfile\shell\open\command,,,"""%1"" %*"
HKCU, Software\Microsoft\Windows\CurrentVersion\Policies\System,DisableRegistryTo ols,0x00000020,0 ??
 

dvk01

Derek
Retired Moderator Retired Malware Specialist
Joined
Dec 14, 2002
Messages
56,452
do what cheeseball said in post 4 & run hjt & post it's log

I don't think you have peacomm at all
 

dvk01

Derek
Retired Moderator Retired Malware Specialist
Joined
Dec 14, 2002
Messages
56,452
Illusion666
I have moved your post to a new thread here
http://forums.techguy.org/security/555625-hijacked.html

As this appears to be solved I am closing this thread now if the original poster needs more help please pm me or another moderator who will reopen

Anybody else with the same problem please start your own thread
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Staff online

Members online

Top