ph.com virus activated my pc please help me what i do. i use avast scan through but not clean pc is too slow.
ph.com Associated Malware Groups
The filename PH.COM is used by multiple object types including objects,executable programs
ph.com virus activated my pc please help me what i do. i use avast scan through but not clean pc is too slow.
ph.com Associated Malware Groups
The filename PH.COM is used by multiple object types including objects,executable programs
[quote author=hqfwo link=topic=38288.msg320822#msg320822 date=1220076653]
ph.com virus activated my pc please help me what i do. i use avast scan through but not clean pc is too slow.
ph.com Associated Malware Groups
The filename PH.COM is used by multiple object types including objects,executable programs
Hi hqfwo
This is my information about your Files (ph.com)
File Behaviour
PH.COM has been seen to perform the following behavior:
* The Process is packed and/or encrypted using a software packing process * This Process Deletes Other Processes From Disk * This Process Creates Other Processes On Disk * Loads and Executes a System Driver File * Creates a new Background Service on the machine * Registers a Dynamic Link Library File * Executes a Process
PH.COM has been the subject of the following behavior:
* Created as a process on disk * Deleted as a process from disk * Executed as a Process * Executed from Temporary Folders * Has code inserted into its Virtual Memory space by other programs * Copied to multiple locations on the system * This program is often downloaded from the web * Downloaded from covert web sites without the user knowing * Registered as a Dynamic Link Library File * Added as a Registry auto start to load Program on Boot up
Associated Malware Groups
The unsafe files using this name are associated with the malware groups:
* Rootkit
* Cloaked Malware
File Type
The filename PH.COM is used by multiple object types including objects,executable programs.
I strongly Suggest You Scan Your PC using SuperAntiSpywere
link : http://www.superantispyware.com/downloadfile.html?productid=SUPERANTISPYWARE
2nd[/color] We Have Malwarebytes’
If you follow these instructions, everything should go smoothly.
Please download [url=http://www.besttechie.net/tools/mbam-setup.exe][b]Malwarebytes' Anti-Malware[/b][/url] and save it to a convenient location.
[list=1]
[*]Double click on mbam-setup.exe to install it.
[*]Before clicking the Finish button, make sure that these 2 boxes are checked (ticked): [list]Update Malwarebytes’ Anti-Malware
Launch Malwarebytes’ Anti-Malware[*]Malwarebytes’ Anti-Malware will now check for updates. If your firewall prompts, please allow it. If you can’t update it, select the Update tab. Under Update Mirror, select one of the websites and click on Check for Updates.
[*]Select the Scanner tab. Click on Perform full scan, then click on Scan.
[*]Leave the default options as it is and click on Start Scan.
[*]When done, you will be prompted. Click OK, then click on Show Results.
[*]Checked (ticked) all items and click on Remove Selected.
[*]After it has removed the items, Notepad will open. Please post this log in your next reply. You can also find the log in the Logs tab. The bottom most log is the latest.[/list]
Next,
[*]Download random’s system information tool (RSIT) by random/random from here and save it to your desktop.
[*]Double click on RSIT.exe to run RSIT.
[*]Click Continue at the disclaimer screen.
[*]Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)
Please post the following:
[]The Malwarebyte’s Anti-Malware log
[]The contents of log.txt
[*]The contents of info.txt
Just Update it First then performed a scan be sure that your avast is fully updated till date
If avast didn’t detect this:
Send the sample to virus@avast.com zipped and password protected with the password in email body, a link to this topic might help and undetected malware in the subject.
Or you can also add the file to the User Files (File, Add) section of the avast chest (if it isn’t already there) where it can do no harm and send it from there (select the file, right click, email to Alwil Software). No need to zip and PW protect when the sample is sent from chest. A copy of the file/s will remain in the original location, so any further action you take can remove that.
Hi
to pull this together
rt click on the avast ball and update-program
then rt click and schedule a boot time scan
send any hits to the chest
(this can be done before or after the SAS scan)
with SAS be sure to update before scanning
send any hits to quarantine- do not remove/delete
then Download Malware bytes anti malware, update and run a free scan
put a checkmark next to any baddie found
then click REMOVE- a backup will also be made
post up all of the logs
when we determine which is the operative baddie- there may be many- we’ll do what DavidR suggests