Malicious Programs - pp10.exe and ld12.exe

This section provides some notes on malware pp10.exe and ld12.exe registered as startup programs together with the Antivirus System PRO infection.

More notes on what I did to remove Antivirus System PRO and related malicious programs.

13. Looking at the folder, C:\WINDOWS\. sysguard.exe is not there. But there are several strange files created. See the picture below:
Antivirus System PRO pp10.exe and ld12.exe

14. Looking at running processes in the Task Manager, pp10.exe and ld12.exe are currently running. End both of them with Task Manager.

15. Deleting all 5 files listed below from C:\WINDOWS:

Name                     Size   Type                Date Modified

pp10.exe                 15KB   Application         7/4/2009 10:26 AM
934fdfg34jgif23           1KB   File                7/4/2009 10:26 AM
0101120101464649.dat      1KB   DAT File            7/4/2009 10:25 AM
010112010146118114.dat    1KB   DAT File            7/4/2009 10:25 AM
ld12.exe                 28KB   Application         7/4/2009 10:24 AM

16. Running HijackThis and got 2 extra O4 (Enumeration of suspicious autoloading Registry entries) lines in the log file:

O4 - HKLM\..\Run: [sysldtray] c:\windows\ld12.exe
O4 - HKLM\..\Run: [pp] c:\windows\pp10.exe

17. Checking both of them and clicking the "Fix checked" button in HijackThis to remove ld12.exe and pp10.exe registry entries.

Some quick conclusions:

Last update: 2009.

Table of Contents

 About This Windows Security Book

 Windows 8: System Security Review

 Windows 8: System Security Protection

 Windows 8 System Recovery

 Windows 8 Defender for Real-Time Protection

 Windows 7: System Security Review

 Windows 7: System Security Protection

 Windows 7 System Recovery

 Windows 7 Forefront Client Security

 Norton Power Eraser - Anti-Virus Scan Tool

 McAfee Virus and Malware Protection Tools

 Spybot - Spyware Blocker, Detection and Removal

 Keeping Firefox Secure

 Keeping IE (Internet Explorer) Secure

 Malware (Adware, Spyware, Trojan, Worm, and Virus)

 HijackThis - Browser Hijacker Diagnosis Tool

 IE Add-on Program Listing and Removal

 "Conduit Search" - Malware Detection and Removal

 "Tube Dimmer", "Scorpion Saver" or "Adpeak" Malware

 Malware Manual Removal Experience

 Vundo (VirtuMonde/VirtuMundo) - vtsts.dll Removal

 Trojan and Malware "Puper" Description and Removal

 VSToolbar (VSAdd-in.dll) - Description and Removal

 PWS (Password Stealer) Trojan Infection Removal

 MS08-001 Vulnerability on Windows Systems

Antivirus System PRO

 Antivirus System PRO - Fake Security Alert

 Antivirus System PRO - Task Bar Icon Message

 Malicious Progarm - WinSpywareProtect sysguard.exe

Malicious Programs - pp10.exe and ld12.exe

 IE BHO - iehelper.dll

 Faked Host Name - 209.44.111.62

 Malicious System Service - drv.dll and drv.sys

 References

 PDF Printing Version