Cyber Tech Help Support Forums

Cyber Tech Help Support Forums (
-   Windows 7 (
-   -   System32\pcalua.exe -a issue? (

heleonardman June 9th, 2011 11:07 PM

System32\pcalua.exe -a issue?
I had a virus, namely win32.fraudload.edt, and I looked it up, and it said it leaves stuff in the task scheduler. So, I went there, and found two strands that were strange. One was named {971D119C-F200-442D-9E59-FDC66770BCF9}, and it is triggered when the task is created, and the action that is executed is C:\Windows\system32\pcalua.exe -a "C:\Program Files (x86)\AVG\AVG10\avgmfapx.exe" -c /AppMode=SETUP /Uninstall

The other one was named {38032E12-30F6-4932-A18E-E86A3E3713EB}, the trigger was the same as the one above, and the action was C:\Windows\system32\pcalua.exe -a F:\Setup.exe -d F:\

What should I do? Please help ASAP, cannot afford to lose my computer to a virus!

AnnMarie June 10th, 2011 01:14 AM

Those tasks are fine and nothing to worry about heleonardman.

win32.fraudload.edt is really old malware however if you are still concerned, download the free version of Malwarebytes' Anti-Malware from here (click on Download).

Doubleclick on mbam-setup.version.exe to install the application. Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware then click Finish. If an update is found, it will download and install the latest version.

Once the program has loaded, select "Perform Quick Scan" then click Scan. The scan may take some time to finish so please be patient. When the scan is complete, click OK, then Show Results to view the results. Make sure that everything is checked, and click Remove Selected.

When disinfection is completed, a log will open and you may be prompted to Restart. Please do so. The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM. If any malware is found, please copy and paste the entire report in your next reply.

I'll leave your topic here for now but if it looks like your computer is still infected, I'll transfer it to our Malware Removal Forum.

heleonardman June 10th, 2011 01:37 AM

I think I got the malware out with Spybot: S&D, but the log returns an infected registry key:

Malwarebytes' Anti-Malware

Database version: 6804

Windows 6.1.7601 Service Pack 1
Internet Explorer 9.0.8112.16421

6/9/2011 7:36:20 PM
mbam-log-2011-06-09 (19-36-15).txt

Scan type: Quick scan
Objects scanned: 165567
Time elapsed: 4 minute(s), 13 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Internet Settings\Zones\ (Hijack.Zones) -> No action taken.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

AnnMarie June 10th, 2011 01:42 AM

That's no biggie, it's a remnant of the infection you had. Let MBAM fix it and you will be fine.

heleonardman June 10th, 2011 01:43 AM

Alright, well cool and thanks!

AnnMarie June 10th, 2011 01:43 AM

You are welcome. :)

All times are GMT +1. The time now is 04:49 AM.

Copyright © Cyber Tech Help. All rights reserved. All other trademarks are the property of their respective owners.