Malicious Programs - pp10.exe and ld12.exe
This section provides some notes on malware pp10.exe and ld12.exe registered as startup programs together with the Antivirus System PRO infection.
More notes on what I did to remove Antivirus System PRO and related malicious programs.
13. Looking at the folder, C:\WINDOWS\. sysguard.exe is not there. But
there are several strange files created. See the picture below:
14. Looking at running processes in the Task Manager, pp10.exe and ld12.exe are currently running.
End both of them with Task Manager.
15. Deleting all 5 files listed below from C:\WINDOWS:
Name Size Type Date Modified
pp10.exe 15KB Application 7/4/2009 10:26 AM
934fdfg34jgif23 1KB File 7/4/2009 10:26 AM
0101120101464649.dat 1KB DAT File 7/4/2009 10:25 AM
010112010146118114.dat 1KB DAT File 7/4/2009 10:25 AM
ld12.exe 28KB Application 7/4/2009 10:24 AM
16. Running HijackThis and got 2 extra O4 (Enumeration of suspicious autoloading Registry entries) lines in the log file:
O4 - HKLM\..\Run: [sysldtray] c:\windows\ld12.exe
O4 - HKLM\..\Run: [pp] c:\windows\pp10.exe
17. Checking both of them and clicking the "Fix checked" button in HijackThis to remove ld12.exe and pp10.exe registry entries.
Some quick conclusions:
- The malicious Web site dropped a mixed infection of Antivirus System PRO and other malicious programs to the local system.
- pp10.exe and ld12.exe were able to stored in the C:\WINDOWS folder, executed and registered as start up programs.
- Spybot - Search & Destroy did not detect pp10.exe and ld12.exe.
Last update: 2009.
Table of Contents
About This Windows Security Book
Windows 8: System Security Review
Windows 8: System Security Protection
Windows 8 System Recovery
Windows 8 Defender for Real-Time Protection
Windows 7: System Security Review
Windows 7: System Security Protection
Windows 7 System Recovery
Windows 7 Forefront Client Security
Norton Power Eraser - Anti-Virus Scan Tool
McAfee Virus and Malware Protection Tools
Spybot - Spyware Blocker, Detection and Removal
Keeping Firefox Secure
Keeping IE (Internet Explorer) Secure
Malware (Adware, Spyware, Trojan, Worm, and Virus)
HijackThis - Browser Hijacker Diagnosis Tool
IE Add-on Program Listing and Removal
"Conduit Search" - Malware Detection and Removal
"Tube Dimmer", "Scorpion Saver" or "Adpeak" Malware
Malware Manual Removal Experience
Vundo (VirtuMonde/VirtuMundo) - vtsts.dll Removal
Trojan and Malware "Puper" Description and Removal
VSToolbar (VSAdd-in.dll) - Description and Removal
PWS (Password Stealer) Trojan Infection Removal
MS08-001 Vulnerability on Windows Systems
►Antivirus System PRO
Antivirus System PRO - Fake Security Alert
Antivirus System PRO - Task Bar Icon Message
Malicious Progarm - WinSpywareProtect sysguard.exe
►Malicious Programs - pp10.exe and ld12.exe
IE BHO - iehelper.dll
Faked Host Name - 188.8.131.52
Malicious System Service - drv.dll and drv.sys
PDF Printing Version