Windows Security Tutorials - Herong's Tutorial Examples - v3.01, by Dr. Herong Yang
Malicious Programs - pp10.exe and ld12.exe
This section provides some notes on malware pp10.exe and ld12.exe registered as startup programs together with the Antivirus System PRO infection.
More notes on what I did to remove Antivirus System PRO and related malicious programs.
13. Looking at the folder, C:\WINDOWS\. sysguard.exe is not there. But there are several strange files created. See the picture below:
14. Looking at running processes in the Task Manager, pp10.exe and ld12.exe are currently running. End both of them with Task Manager.
15. Deleting all 5 files listed below from C:\WINDOWS:
Name Size Type Date Modified pp10.exe 15KB Application 7/4/2009 10:26 AM 934fdfg34jgif23 1KB File 7/4/2009 10:26 AM 0101120101464649.dat 1KB DAT File 7/4/2009 10:25 AM 010112010146118114.dat 1KB DAT File 7/4/2009 10:25 AM ld12.exe 28KB Application 7/4/2009 10:24 AM
16. Running HijackThis and got 2 extra O4 (Enumeration of suspicious autoloading Registry entries) lines in the log file:
O4 - HKLM\..\Run: [sysldtray] c:\windows\ld12.exe O4 - HKLM\..\Run: [pp] c:\windows\pp10.exe
17. Checking both of them and clicking the "Fix checked" button in HijackThis to remove ld12.exe and pp10.exe registry entries.
Some quick conclusions:
Table of Contents
About This Windows Security Book
Windows 8: System Security Review
Windows 8: System Security Protection
Windows 8 Defender for Real-Time Protection
Windows 7: System Security Review
Windows 7: System Security Protection
Windows 7 Forefront Client Security
Norton Power Eraser - Anti-Virus Scan Tool
McAfee Virus and Malware Protection Tools
Spybot - Spyware Blocker, Detection and Removal
Keeping IE (Internet Explorer) Secure
Malware (Adware, Spyware, Trojan, Worm, and Virus)
HijackThis - Browser Hijacker Diagnosis Tool
IE Add-on Program Listing and Removal
"Conduit Search" - Malware Detection and Removal
"Tube Dimmer", "Scorpion Saver" or "Adpeak" Malware
Malware Manual Removal Experience
Vundo (VirtuMonde/VirtuMundo) - vtsts.dll Removal
Trojan and Malware "Puper" Description and Removal
VSToolbar (VSAdd-in.dll) - Description and Removal
PWS (Password Stealer) Trojan Infection Removal
MS08-001 Vulnerability on Windows Systems
Antivirus System PRO - Fake Security Alert
Antivirus System PRO - Task Bar Icon Message
Malicious Progarm - WinSpywareProtect sysguard.exe
►Malicious Programs - pp10.exe and ld12.exe
Faked Host Name - 209.44.111.62