pp10

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View
My desktop machine seems beset by a nasty virus. When I open Excel, all
macro workbooks it opens are flagged as a risk, and so Excel is virtually
unusable (ditto any app that uses VBA).

I am sure the culprit is some app called pp10.exe, but I have been unable to
find some decent instructions on how to remove this things. Can anyone give
me a steer?

PS I tried one of the recovery forums, but got no response.

Bob



Re: pp10

Bob Phillips wrote:
Quoted text here. Click to load it

Evidently, you have bad GoogleFu.

Item 8 on the first page leads you to using MBAM as a removal tool.



Re: pp10



Quoted text here. Click to load it


Depends upon your search criteria I suppose, but when I googled all I got
was a lot of removal tools that I had never heard of. Downloading and
running one of these did not seem a wise course of action to me, how do I
know they are genuine. That is why I came here for some advice from others
who know.



Re: pp10

Bob Phillips wrote:
Quoted text here. Click to load it

Hello Bob:

MBAM has an excellent reputation.

   <http://www.malwarebytes.org/mbam-download.php

Download, install, update and execute.

Please update this thread with your progress.

Regards,

Pete
--
1PW  @?6A62?FEH9:DE=6o2@=]4@> [r4o7t]

Re: pp10

I downloaded MAMB and ran a scan. It indeed found 50 infections, and upon
removing these and rebooting restored my anti-virus, Excel was back and
looking at Task Manager there was no pp10.exe.

So I think I am recovered.

Thanks all.


Bob

Quoted text here. Click to load it



Re: pp10

On Wed, 17 Jun 2009 20:00:10 +0100, "Bob Phillips"

Quoted text here. Click to load it

I would not be convinced.

Also download, install, update and do a *full* scan with:
- SuperAntiSpyware (Free)
http://www.superantispyware.com/download.html
(bottom choice)
(if anything found, repeat in Safe Mode!)

MBAM and SAS complement each other, one may find malware what the other
does not find.

But with 50 infections and not knowing how much damage is done,
it is time to consider a clean install of your Windows.
Good luck.

--
Fred W. (NL)

Re: pp10


Quoted text here. Click to load it

It's also possible that you have Excel/Tools/Options/Security/Macro Security
set too high

Henry



Re: pp10

Quoted text here. Click to load it

Submit a copy of pp10.exe to jotti.org or virustotal.com for scanning by
several antivirus engines. A filename means very little to someone
investigating malware. Where it is found can be more important as can
evidence on how it got there.

Quoted text here. Click to load it

If you gave as little to go on there as you did here it is no surprise
that you got no response. We don't know, for instance, how knowing
"desktop machine" is supposed to help us help you. Better would be what
OS and patch level (XP Pro SP3 for example) you are using as an
environment for the supposed "virus" to exist in.

What led you to believe pp10.exe is a "culprit" and what (if any)
anti-whatever programs do you use to help you with security?



Re: pp10

I actually gave more info at the site than here as all I requested here was
a steer, whereas on that specialist forum they give detailed instructions on
a daily basis.

Unfortunately I was stymied somewhat as it buggered up my antivirus (ESET)
saying there was a kernel communications error or some such, HiJack This
wouldn't run, etc., etc. I was lacking tools to gather the required details.

I suspected pp10 because I did a task list and then googled process by
process on processes I did not know, until I found one that regularly
reported as being a problem. pp10.exe was that one, but as I said, all I
found were sites suggesting that I try their removal tool, which I was not
going to just dive into. Also,this particular manifestation kept throwing up
some spurious instance of IE (I use Firefox by choice) and when I stopped
pp10.exe in the Task manager, I stopped that habit. This suggested that it
was at least one of the culprits.

Anyway, MAMB seems to be a solid recommendation given earlier, so I will try
that and see if life gets better.

Regards

Bob

Quoted text here. Click to load it



Re: pp10

MBAM and SAS are indeed often recommended trustworthy programs.

Removing it without investigating it will leave you with no idea how it
got there and may leave you open to reinfestation/reinfection by the
same or worse malware down the line.

...so I guess a heartfelt "good luck with that" is in order.

Quoted text here. Click to load it



Re: pp10

Quoted text here. Click to load it

pp10.exe appears to be coming from a malicious website.    It also
puts a startup in the registry.  Malwarebytes.org was able to fix the
problem, for me.  And find others.

I was able to back track this to a Ukraine server. The url that it
came from at the time was mypc-securityscan.com.   but that is maybe
worthless now.  Two websites I went to that let you check URLs didn't
have that domain listed.  But they did have the IP address listed.  I
submitted the website for review and it appears that it is now
registered as such.

http://www.trustedsource.org/urlcheck /

I tried Jitto the other day and it didn't work for me.  Since it is
almost impossible to block new domains these days, I can only suggest
that we try to submit bad websites so the RBL stay updated.  I can't
find a post about rouge banner adds, but be on the look out.






Site Timeline