trojan/pmk-0.9 : how to get rid of it ?

Hi all !

my antivirus just found that I’m infected by the trojan mentioned above. I’m currently using an old version of an old antivirus and I cannot fix the problem with it.
I want to install Avast!, but I would like to know first if Avast! will be able to cure my computer definitively ?
Can somebody tell me how to disinfect my computer after the Avast! installation ?

Thanks for your help !
Starbill

Hi Starbill,

pmk-0.9 is a crack rather than a Trojan:

http://www.sophos.com/security/analyses/trojpmk09.html

You should simply be able to delete the file, except if is found in an archive, in system restore or in the recycle bin, for example.

What was the location of the file?

You should still consider changing to avast! because an old version of an AV proram is worse than useless!

:slight_smile: Hi “Star” :

 What is the name of the "old antivirus" ?

Thanks for this reply.
I was slightly anxious because in parallel to this I have DSL connection issues. in fact, I’m deconnected very often and I have to reboot in order to reconnect. And I saw on the internet that trojan may often cause these kinds of problems. And sometimes my computer is quite slow compared to 1 year ago.

Any problem in the reg files to be considered with this file ?

I’ll try to delete it - for info, it is in a zip archive file I downloaded on internet :frowning:

I’ll install avast! this afternoon and see whether I still have the problem.
Thanks !

PS : Spiritsongs, it is Sophos …

You may have to delete the whole zip file to delete the malware, or unzip it first to be able to delete selected files, in which case you will still have to delete the original zipped file.

:slight_smile: Hi “Star” :

 You may have other malware problems, in addition to
 "pmk" !?  What is your Operating System ? Other than
 an antiVIRUS program, what other security program(s)
 do you have ? Do you have a software firewall ?

my OS is Windows XP, I do not use special firewalls, but I konw I should (any advice to chose one ?).
Yesterday I installed Avast! and during the first complete analysis of my drives, it found 2 : win32:Adware-gen.
I removed them, but still have the DSL deconnection problem.
Any advice for this too ?

Thanks !

I recommend you run a few free specialist anti-adware/spyware programs:

Ad-Aware:

http://www.download.com/3000-2144-10045910.html

Spybot Search & Destroy:

http://www.safer-networking.org/

Ewido:

http://www.ewido.net/en/

a-Squared:

http://www.emsisoft.com/en/software/free/

I also recommend you download a good free firewall (Zone Alarm is probably the most user friendly, although Kerio is also good). Do not install it yet!

There’s excellent information on the ZA site about how to set up the firewall:

http://www.zonelabs.com/store/content/support/zasc/gettingStarted.jsp?anchor=alerts&lid=zasupp_u

Install and update all the anti-spyware programs, and then go off line and run scans in safe mode:

http://www.pchell.com/support/safemode.shtml

Run a boot time scan with avast! and repeat all the scans above until you find nothing new. (Scans often reveal something new the second time around.)

When you have finished, install your firewall. Be careful what you let connect to the internet.

You haven’t said if you have XP SP2. Is you OS fully up to date?

The first thing you should do on reconnecting to the internet is to visit Microsoft Update and download all critical updates.

Thanks for all these infos !
I haven’t SP2. In fact, I have XP and when I tried to install SP2 I have had installing problems. I think some parts of the SP2 are installed but probably not completely. I tried several times and always had the same result.

Do you think using all the softs you mention will completely cure my computer ?
Will it restore a good uninterrupted dsl connection + re-increase my proc speed ?

Is it useful to post a log of my computer with hijackthis after all these stuffs you mention ? ???

I haven't SP2. In fact, I have XP and when I tried to install SP2 I have had installing problems. I think some parts of the SP2 are installed but probably not completely. I tried several times and always had the same result.

You should uninstall SP2 from Add/Remove and try to reintall it after you have removed all malware: malware can block installation of SP2.

Do you think using all the softs you mention will completely cure my computer ? Will it restore a good uninterrupted dsl connection + re-increase my proc speed ?

There’s never any guarantee: it depends how serious any infection is, but I’ve seen badly infected computers cleaned up with these programs, with internet connection returned and a huge increase in speed.

If you run these programs and your computer is left unstable, or you find lots of Trojans, it may be better to reinstall the OS to guarantee stability and security, but if you only find a few items of spyware, this won’t be necessary.

Is it useful to post a log of my computer with hijackthis after all these stuffs you mention ?

Yes, then we can check there are no more problems.

I’ll do all mentioned stuffs in your recommandation posts, perform a hijackthis and post you a log.
I’m not completely in favour of re-installing the OS as often malwares reappear event after that (from what I heard on the net … :P)

a final question for now, my OS is on a hard drive, I have a second one. can malwares from this second hard drive infect the first one ?

will come back later on with the log …
Thanks in advance

An OS will acquire security vulnerabilities over time, so reinstalling a year old OS is like trying to hold water in a sieve. Plus pre-SP2 XP didn’t have a firewall enabled by default, so it was open to attack as soon as connected.

As far as I know, you’d have to run an executable file from the second drive. You should be able to run a scan on the second drive with avast!, Ewido and a-Squared to look for malware.

You could also run an online scan with Kaspersky on the drive and manually delete anything detected as malware.