Go Back   Cyber Tech Help Support Forums > Operating Systems > Windows 7

Notices

Reply
 
Topic Tools
  #1  
Old June 9th, 2011, 11:07 PM
heleonardman heleonardman is offline
New Member
 
Join Date: Jun 2011
Posts: 3
System32\pcalua.exe -a issue?

I had a virus, namely win32.fraudload.edt, and I looked it up, and it said it leaves stuff in the task scheduler. So, I went there, and found two strands that were strange. One was named {971D119C-F200-442D-9E59-FDC66770BCF9}, and it is triggered when the task is created, and the action that is executed is C:\Windows\system32\pcalua.exe -a "C:\Program Files (x86)\AVG\AVG10\avgmfapx.exe" -c /AppMode=SETUP /Uninstall

The other one was named {38032E12-30F6-4932-A18E-E86A3E3713EB}, the trigger was the same as the one above, and the action was C:\Windows\system32\pcalua.exe -a F:\Setup.exe -d F:\

What should I do? Please help ASAP, cannot afford to lose my computer to a virus!
Reply With Quote


  #2  
Old June 10th, 2011, 01:14 AM
AnnMarie's Avatar
AnnMarie AnnMarie is offline
CTH Subscriber
 
Join Date: Oct 2001
O/S: Windows Vista 32-bit
Location: New Zealand
Posts: 59,812
Those tasks are fine and nothing to worry about heleonardman.

win32.fraudload.edt is really old malware however if you are still concerned, download the free version of Malwarebytes' Anti-Malware from here (click on Download).

Doubleclick on mbam-setup.version.exe to install the application. Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware then click Finish. If an update is found, it will download and install the latest version.

Once the program has loaded, select "Perform Quick Scan" then click Scan. The scan may take some time to finish so please be patient. When the scan is complete, click OK, then Show Results to view the results. Make sure that everything is checked, and click Remove Selected.

When disinfection is completed, a log will open and you may be prompted to Restart. Please do so. The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM. If any malware is found, please copy and paste the entire report in your next reply.

I'll leave your topic here for now but if it looks like your computer is still infected, I'll transfer it to our Malware Removal Forum.
Reply With Quote
  #3  
Old June 10th, 2011, 01:37 AM
heleonardman heleonardman is offline
New Member
 
Join Date: Jun 2011
Posts: 3
I think I got the malware out with Spybot: S&D, but the log returns an infected registry key:


Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Database version: 6804

Windows 6.1.7601 Service Pack 1
Internet Explorer 9.0.8112.16421

6/9/2011 7:36:20 PM
mbam-log-2011-06-09 (19-36-15).txt

Scan type: Quick scan
Objects scanned: 165567
Time elapsed: 4 minute(s), 13 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Internet Settings\Zones\ (Hijack.Zones) -> No action taken.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
Reply With Quote
  #4  
Old June 10th, 2011, 01:42 AM
AnnMarie's Avatar
AnnMarie AnnMarie is offline
CTH Subscriber
 
Join Date: Oct 2001
O/S: Windows Vista 32-bit
Location: New Zealand
Posts: 59,812
That's no biggie, it's a remnant of the infection you had. Let MBAM fix it and you will be fine.
Reply With Quote
  #5  
Old June 10th, 2011, 01:43 AM
heleonardman heleonardman is offline
New Member
 
Join Date: Jun 2011
Posts: 3
Alright, well cool and thanks!
Reply With Quote
  #6  
Old June 10th, 2011, 01:43 AM
AnnMarie's Avatar
AnnMarie AnnMarie is offline
CTH Subscriber
 
Join Date: Oct 2001
O/S: Windows Vista 32-bit
Location: New Zealand
Posts: 59,812
You are welcome.
Reply With Quote
Reply

Bookmarks

Topic Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump




All times are GMT +1. The time now is 10:51 AM.