Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infection - File: Plscd.exe


  • Please log in to reply
6 replies to this topic

#1 shadowcastpm

shadowcastpm

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:01:25 PM

Posted 19 February 2007 - 01:20 PM

Hi, I the other day I encountered some kind of unknown process trying to communicate through port: 2422 (TCP) (the process scans for open ports that are free e.g. 2422,2423,2424 etc.), the application itself is named "PLSCD.EXE" I have identified it on several websites to be malware but no solution to be found without tedious amounts of software to be installed etc.

My system is Windows XP Professional SP2, I run NOD32 AntiVirus, Spy Sweeper, Outpost Firewall and MJ Registry Watcher.

I would be aprreicate if anyone could tell me a simple process of removing this program.

Thank You in advance.

- Joe.

BC AdBot (Login to Remove)

 


#2 buddy215

buddy215

  • Moderator
  • 13,196 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:01:25 PM

Posted 19 February 2007 - 02:47 PM

You have two of the top rated antimalware programs. Spy Sweeper and Nod32.
Run both of these in safe mode if you haven't already.
There is no key on your keyboard to push to get rid of your very dangerous backdoor infection.
Two other programs you can try are Bit Defender online scan and Super Antispyware.
Run Super Antispyware in safe mode. Allow both programs to quarantine or remove whatever they find.
http://www.superantispyware.com/
http://www.bitdefender.com/scan8/ie.html

Suggest also, that you post a Hijack This log in the appropriate forum by following the instructions in the link below.
http://www.bleepingcomputer.com/forums/t/34773/preparation-guide-for-use-before-using-malware-removal-tools-and-requesting-help/
“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#3 shadowcastpm

shadowcastpm
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:01:25 PM

Posted 19 February 2007 - 04:08 PM

Thank you for your help buddy215, I will give them a try.

Kind Regards, Joe

#4 fozzie

fozzie

    aut viam inveniam aut faciam


  • Members
  • 3,516 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Ossendrecht/The Netherlands
  • Local time:07:25 PM

Posted 19 February 2007 - 04:20 PM

Please read this
If your computer was used for online banking or has credit card information on it, all passwords should be changed immediately to include those used for email, eBay and forums. You should consider all your passwords to be compromised. They should be changed by using a different computer and not the infected one. Do not change passwords or do any transactions while using the infected computer because an attacker may get the new passwords and transaction information. Banking and credit card institutions should be notified of the possible security breech.

#5 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,474 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:02:25 PM

Posted 19 February 2007 - 04:27 PM

Download Sysclean Package & save it to your desktop.
  • Create a new folder on drive "C:\" and rename it Sysclean - (C:\Sysclean).
  • Place the sysclean.com inside that folder.
  • Then download the latest Virus Pattern Files - (Pattern files are usually named lptxxx.zip, where xxx is the pattern file number)
  • Extract (unzip) the lptxxx.zip pattern file into the Sysclean folder where you put sysclean.com. (Click here for information on how to extract a file if your not sure how to do this. DO NOT scan yet.
Reboot your computer in "SAFE MODE" using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".

Note: Some anti-virus programs such as Avast will alert you to a virus attack when running sysclean so it's best to disable them before going to the next step.

Scan with Sysclean as follows:
  • Open the Sysclean folder and double-click on sysclean.com to start the scanning process.
  • Put a check mark on the "Automatically clean or delete infected files" option by clicking in the checkbox.
  • Click the Advanced >> button.
  • The scan options appear. Select the "Scan all local fixed drives".
  • Click the "Scan button" on the Trend Micro System Cleaner console.
  • It will take some time to complete. Be patient and let it clean whatever it finds.
  • Another MS-DOS window appears containing the log file generated in the System Cleaner folder.
  • To view the log, click the "View button" on the Trend Micro System Cleaner console. The Trend Micro Sysclean Package - Log window appears.
    • The Files Detected section shows the viruses that were detected by System Cleaner.
    • The Files Clean section shows the viruses that were cleaned.
    • The Clean Fail section shows the viruses that were not cleaned.
  • Exit when done, reboot normally and re-enable your anti-virus program.
Instructions with screenshots are here if you need them.

When using Sysclean its best to use the Administrator's account or an account with Administrative rights otherwise you will not have the rights to scan some locations. The scanning process may result in "Access Denied" messages for some files. This is normal because these files are protected by the system.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#6 shadowcastpm

shadowcastpm
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:01:25 PM

Posted 19 February 2007 - 06:58 PM

Than you fozzie and quietman7, I am positive no private information has leaked, as Outpost has rejected any outgoing or incoming connections since it first appeared, I trust outpost enough for that =)

Thank you all once again! =)

#7 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,474 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:02:25 PM

Posted 19 February 2007 - 08:21 PM

Were you successful in removing Plscd.exe?
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users