layler Posted November 7, 2008 Posted November 7, 2008 hi there. please could anybody help. i have a icon on my desktop called platte have tried to remove the programme but it just keeps coming back. i have rang them and they say i have to pay the 50 quid invoice ! and then i can remove the software! has anybody else had problems with this platte and do you reckon i should pay it . how can i remove this horrible software from my pc? its bit strange because just as this icon was installed i have had viruses and back door trojans on my pc ! so where the hell they have come from i dont know! and whats a trojan anyway ??? thanks layler Quote
Seth Posted November 7, 2008 Posted November 7, 2008 Welcome to Extreme Tech Support - Free PC Help Layler. Your computer is infected with malware. Malware is software designed to infiltrate or damage a computer system without the owner's informed consent. It is a combination of the words malicious and software. The expression is a general term used by computer professionals to mean a variety of forms of hostile, intrusive, or annoying software or program code. Required Cleanup Steps Disable the Spybot Search & Destroy TEA TIMER if you use it and if it is enabled Run a Temporary file and cache cleaner (ATF) Run 2 Anti-Malware scanners (Listed Below) Run an Online Anti-Virus / Anti-Malware Scanner (Listed Below) Clear out old System Restore points If continued Malware type activity is present you may be asked to post a TrendMicro™ HijackThis™ Log file, do not do so unless requested. The reason to run multiple scanners is to ensure that no single scanner is missing something. The time it takes will vary depending on your system and your internet connection speed. Typically the SUPERAntiSpyware and Malwarebytes scanners will take between 10 to 90 minutes. The ESET online scan should take between 1 to 3 hours. In most cases, these scans will suffice to clean and disinfect your computer. Heavily infected systems or slower PCs can take much longer to scan and clean. For best results print the following instructions and bookmark this Web page To keep this guide printer-friendly, use your cursor to highlight the contents below. From your browser select File - Print and in the printer dialog box under "Print range" click the Selection choice to print out these instructions for removal of malware. http://i306.photobucket.com/albums/nn266/FPCH/Malware%20Guide/printer-selection.gif ____________________________________________ STEP 1 Disable Spybot Search & Destroys' TEA TIMER: (if installed, if not go to Step 2) Run Spybot-S&D in Advanced Mode. If it is not already set to do this Go to the Mode menu select "Advanced Mode" On the left hand side, Click on Tools Then click on the Resident Icon in the List Uncheck "Resident TeaTimer" and OK any prompts. Restart your computer. __________________________________________________ STEP 2 Follow these instructions carefully. Download ATF-Cleaner from Snapfiles.com to remove un-needed temporary files from your computer that may contain malware. You can also download it from Majorgeeks.com When you run ATF-Cleaner, check the items as shown below for Main. For FireFox, be sure to click on the FireFox tab on top and check the items as shown below for FireFox NOTE: If you don't have FireFox or Opera installed then they will be grayed out and can be ignored Then click on "Empty Selected". http://i306.photobucket.com/albums/nn266/FPCH/Malware%20Guide/atf-cleaner01.gif. http://i306.photobucket.com/albums/nn266/FPCH/Malware%20Guide/atf-cleaner02.gif __________________________________________________ STEP 3 Install and run the free version (not the Professional version) of SUPERAntiSpyware from SUPERAntiSpyware.com Accept any prompts to allow SUPERAntiSpyware to install the latest rules and infection definition files. You do not have to send them your e-mail address, just click next. You can leave the automated check for updates on. You can uncheck "Send a diagnostic report to research center" if you don't want to send the information. DO NOT allow SUPERAntiSpyware to protect your Home Page settings. On the Top Left select the Scan your computer button. Make sure there is a CHECK MARK on all Fixed Drives. Click "Perform a Complete Scan". Click "Next" to Repair issues found and reboot the computer when prompted to do so. __________________________________________________ STEP 4 Install and run Malwarebytes' Anti-Malware from Malwarebytes - (direct download) Accept all defaults for the installer Allow the program to update the definitions Click on the Quick Scan and click Next. If any items are found allow it to clean them and then Reboot your computer. __________________________________________________ STEP 5 Run an online scan with ESET from Free Virus Scan: Use ESET's Online Antivirus Scanner You must use Internet Explorer for this online scan. FireFox, Opera, etc will not work for this scan. If your computer is running Window's Vista, then you must first start Internet Explorer as an Administrator. To do so, right-click on the Internet Explorer icon in the Start Menu and select "Run as administrator" from the popup context menu. Accept the terms and click "Start". Once the scanner is ready, check "Remove found threats" AND "Scan unwanted applications". Click "Start" to begin the scan. When completed restart your computer __________________________________________________ Make sure your internet firewall security is enabled, and then please return to Extreme Tech Support - Free PC Help and tell us how the computer seems to be operating. At that time, you will receive instructions to assist you in removing malicious programs from your Add/Remove program list if warranted. If required this is the download link for TrendMicro™ HijackThis™ Unless instructed to by the Technician helping you then do not download this tool. Once you and the Technician agree that your system appears to be clean then you should delete all your System Restore points and recreate a new one. Please follow the instructions here How to turn off and turn on System Restore in Windows XP How to turn off and turn on System Restore in Windows Vista Quote Need help with your computer problems? Then why not join Free PC Help. Register here If Free PC Help has helped you then please consider a donation. Click here
layler Posted November 7, 2008 Author Posted November 7, 2008 thanks very much for your quick response i will try this and let you know how i get on. layler Quote
Seth Posted November 9, 2008 Posted November 9, 2008 It's a program that shows what's running on your computer among other things. If you still have the problem, then please follow these instructions: Download the latest version of HijackThis from Trend Micro and click on Download Hijack This Installer and save it to your desktop. Doubleclick HJTInstall.exe to install HijackThis. By default it will install to C:\Program Files\Trend Micro\HijackThis . Click on Install. It will create a HijackThis icon on the desktop. Once installed, it will launch Hijackthis. Click on the Do a system scan and save a logfile button. It will scan and the log should open in Notepad. Include this log by copying and pasting in your next reply. Notes: Do not use the AnalyseThis button, its findings are dangerous if misinterpreted. Do not have Hijackthis fix anything yet. Most of what it finds will be harmless, or required for your computer to run like it should. Quote Need help with your computer problems? Then why not join Free PC Help. Register here If Free PC Help has helped you then please consider a donation. Click here
Guest Wolfeymole Posted November 9, 2008 Posted November 9, 2008 What happened when you ran the malware tools Layla Quote
Seth Posted November 9, 2008 Posted November 9, 2008 If the following is the Platte you're referring to, then download and run the auto removal tool: The EasyPC Company UK Blog Archive New Platte Media Removal Instructions Video xp & Vista Quote Need help with your computer problems? Then why not join Free PC Help. Register here If Free PC Help has helped you then please consider a donation. Click here
layler Posted November 9, 2008 Author Posted November 9, 2008 seth do i downlaod this auto removal tool then first before i do anythin g else? Quote
Seth Posted November 9, 2008 Posted November 9, 2008 Go ahead and try the removal tool I posted. If you have not run through the malware removal procedure, then please do so. If the above doesn't help, then please post a HijackThis log. Quote Need help with your computer problems? Then why not join Free PC Help. Register here If Free PC Help has helped you then please consider a donation. Click here
Guest Wolfeymole Posted November 9, 2008 Posted November 9, 2008 These are the instruction for showing us a Hijack This log Layla. Do not post a Log until you have followed Seths instructions. If they are not fruitful then post a log. Please download the latest version of HijackThis from Trend Micro and click on Download Hijack This Installer and save it to your desktop. Doubleclick HJTInstall.exe to install HijackThis. By default it will install to C:\Program Files\Trend Micro\HijackThis . Click on Install. It will create a HijackThis icon on the desktop. Once installed, it will launch Hijackthis. Click on the Do a system scan and save a logfile button. It will scan and the log should open in Notepad. Include this log by copying and pasting in your next reply. Notes: Do not use the AnalyseThis button, its findings are dangerous if misinterpreted. Do not have Hijackthis fix anything yet. Most of what it finds will be harmless, or required for your computer to run like it should. Quote
layler Posted November 9, 2008 Author Posted November 9, 2008 ok this is what i have done so far as im getting bit confused- sorry have rang through the procedure for malware removal got to the last bit which was to run the free online anti virus removal it did the scan etc and still shows 3 threats, it then went on to the box to BUY or INFORMATION. so i have come out of that page and rebooted my pc so what should i do now? Quote
layler Posted November 10, 2008 Author Posted November 10, 2008 hi there well i have follows both procedures the malware removal and the auto removal it appears to have worked just the icon on my desktop now do i go ahead and delete this? thanks layler Quote
Guest Wolfeymole Posted November 10, 2008 Posted November 10, 2008 Double left click on the icon and tell us what happens. Quote
layler Posted November 10, 2008 Author Posted November 10, 2008 Double left click on the icon and tell us happens. i have done this and it just says page loading with the circle going round and says it this page doesnt load within 30 seconds click to download the platte media bill utility. it has been tring to load now for about 10 minutes Quote
Goku Posted November 10, 2008 Posted November 10, 2008 Please do not download the program again as it will infect your computer again. Your computer seems to have been cleaned as it appears to work normally. Please feel free to ask any more questions or doubts you may have. :) -- Goku Quote
layler Posted November 10, 2008 Author Posted November 10, 2008 could i just remove programme so i can get rid of the icon? Quote
Jack Hackett Posted November 10, 2008 Posted November 10, 2008 (edited) Platte Media Manual removal Part One 1. Open ‘Task Manager’ by pressing Ctrl, Alt, Del together. the task manager window opens 2. Click on the Processes tab at the top of the Task Manger window 3. Find and ‘ End process Tree ’ for the following two files PM_PROC1 PM_PROC2 so they disappear from Task Manager 4. Close Task Manager Part Two 1. Click Start - Run type in regsvr32 -u pm_dll.dll - OK 2. Click on Start - Run type in %systemroot%\System32 the system32 folder opens 3. In this System32 folder scroll down to the files named PM_PROC1 PM_PROC2 along with any other files called PM_###### and delete them. Part Three 1. click Start - Run , and type in Regedit the registry editor opens 2. Press F3 and type PM_PROC and click the find next button. When it finds a result delete it repeat step 2 again until you find no more results. 3. Close all screens, and delete any platte icons off the desktop. 4. Reboot. Relax and enjoy and gloat about how your system is ‘Platte Free’ If the following is the Platte you're referring to, then download and run the auto removal tool: The EasyPC Company UK Blog Archive New Platte Media Removal Instructions Video xp & VistaTrouble is that the bat file can remove legitimate files in the system32 folder too because of this line in it DEL PM*.* this picks up and deletes legitimate files beginning with file names PM, I suggest editing the bat file so that the line reads DEL PM_PROC*.* Edited November 10, 2008 by Jack Hackett Quote Ne auderis delere orbem rigidum meum!
Seth Posted November 10, 2008 Posted November 10, 2008 pmspl.dll;) Thanks Jack:) Quote Need help with your computer problems? Then why not join Free PC Help. Register here If Free PC Help has helped you then please consider a donation. Click here
Jack Hackett Posted November 10, 2008 Posted November 10, 2008 (edited) Yes Seth, thats the very same one it picked up on mine, part of MS LAN Manager I was helping a friend with this Platte Media (MBS) billing thing only the other day and I was looking at that very same article. I always have a look at the scripting of batch files and vbs files before running them, you never know do you? Always best to check. That easypc company are only a few miles from me, I wonder if they have any job vacancies? Jack Edited November 10, 2008 by Jack Hackett Quote Ne auderis delere orbem rigidum meum!
layler Posted November 11, 2008 Author Posted November 11, 2008 hi there again. so this is what i have done so far; malware procedure as first instructed then followed the auto removal tool. these both seem to have worked the only thing i did notice when i did the anti virus scanner it mentioned there were 3 threats on there still should i be concerned aBOUT THAT? also i am still left with the icon on my desk top can i get rid of thAT AND HOW ? THANKS LAYLER THANKS Quote
Seth Posted November 11, 2008 Posted November 11, 2008 Please post a HJT log. Also...what antivirus scanner? Please post what it has found. Although I suspect it will be benign remnants or false positives. Quote Need help with your computer problems? Then why not join Free PC Help. Register here If Free PC Help has helped you then please consider a donation. Click here
layler Posted November 12, 2008 Author Posted November 12, 2008 Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 16:36:28, on 12/11/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\ZONELABS\vsmon.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Real\RealPlayer\RealPlay.exe C:\Program Files\QuickTime\qttask.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\MSN Messenger\msnmsgr.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Acer\eManager\anbmServ.exe C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\PROGRA~1\Grisoft\AVG7\avgemc.exe C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCGserv.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\lxdiserv.exe C:\WINDOWS\system32\lxdicoms.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\wanmpsvc.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Welcome to AOL UK in partnership with TalkTalk R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Acer Worldwide R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1 O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O2 - BHO: ZoneAlarm Spy Blocker BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll O3 - Toolbar: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll O3 - Toolbar: ZoneAlarm Spy Blocker - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [LXCGCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCGtime.dll,_RunDLLEntry@16 O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user') O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: Add to Windows &Live Favorites - Add to Windows Live Favorites O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-gb\msntabres.dll.mui/229?9ab2691b3ea74c5da7c0d75e19ee4972 O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-gb\msntabres.dll.mui/230?9ab2691b3ea74c5da7c0d75e19ee4972 O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www1.snapfish.co.uk/SnapfishUKActivia.cab O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/FacebookPhotoUploader3.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O16 - DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} (Facebook Photo Uploader 4) - http://upload.facebook.com/controls/FacebookPhotoUploader4_5.cab O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe O23 - Service: LXCGCustomerConnect - Unknown owner - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\LXCGserv.exe O23 - Service: lxcg_device - - C:\WINDOWS\system32\lxcgcoms.exe O23 - Service: lxdiCATSCustConnectService - Lexmark International, Inc. - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxdiserv.exe O23 - Service: lxdi_device - - C:\WINDOWS\system32\lxdicoms.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZONELABS\vsmon.exe O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe -- End of file - 7420 bytes Quote
layler Posted November 12, 2008 Author Posted November 12, 2008 so have posted the hjt log also anti virus scanner was the last procedure i follows as per the malware removal. do i need to run the free online anti virus scanner again to show you what 3 threats were still on there? thanks layler Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.