[pt_i_am]

when starting my computer i keep getting prjMensagem which the application a64sddd. Can you please tell me what this is and if it is really needed?

Also, I keep getting popuppers coming up despite the fact that I have fun adware and spyware and cannot get rid of it. Can someone help me with that as well?
Thank you

[Advertisements]

Hi,
I had the same problem and I destroyed it.
In a first time, find prjMensag and DESTROY IT, it's a dirty trick.
After, destroy all file names I found from the site
http://www.trendmicr...AME=ADW_MOTOR.A

SEE BELOW. Good Luck. Mary

ADW_MOTOR.A
Discovery Date: Feb 4, 2005


Description:

Threat Type: Adware

Systems Affected: Windows 98, ME, NT, 2000, and XP.

This adware may be downloaded from the internet. It may also be packaged with other software applications. Upon execution, it connects to the following URL where it downloads components:


http://bins.media-motor.net/
http://bins2.media-motor.net/
http://mmm.media-motor.net/
http://www.maxmind.com:8010/
The downloaded files are saved in the Windows folder using the following file names:


a64sddd.exe
affbun.txt
imgurla.exe
mm63.ocx
tempf.txt
unstall.exe
usta32.ini
This adware creates advertisements and generates popup windows related to Media Motor.

It creates the following registry entry to run at Windows startup:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run popuppers64="%Windows%\a64sddd.exe"

(Note: %Windows% is the Windows folder, which is usually C:\Windows or C:\WINNT.)

It creates the following registry keys:

HKEY_CLASSES_ROOT\IObjSafety.DemoCtl

HKEY_CLASSES_ROOT\CLSID\{E0CE16CB-741C-4B24-8D04-A817856E07F4}

HKEY_CLASSES_ROOT\Interface\{3E4BCF50-865B-4EF4-A0BC-BF57229EA525}

HKEY_CLASSES_ROOT\Interface\{64A5BD22-8D8A-4193-9CF8-7DB5212ABB17}

HKEY_CLASSES_ROOT\Interface\{674A6BD5-317A-49CF-9647-1E085E660CE0}

HKEY_CURRENT_USER\Software\Microsoft
\Windows\CurrentVersion\Internet Settings\
ZoneMap\Domains\media-motor.net

HKEY_CURRENT_USER\Software\Microsoft
\Windows\CurrentVersion\Internet Settings\
ZoneMap\Domains\popuppers.com

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\media-motor




Solution:

TREND MICRO SOLUTION

Minimum scan engine version needed: 7.100
TMAPTN version needed: 220.02
DCE version needed: 3.8
TMADCE version needed: <not yet available as of this writing>
MANUAL REMOVAL INSTRUCTIONS


Removing Autostart Entries from the Registry

Removing autostart entries from the registry prevents the grayware from executing at startup.

Open Registry Editor. Click Start>Run, type REGEDIT, then press Enter.
In the left panel, double-click the following:
HKEY_CURRENT_USER>Software>Microsoft>
Windows>CurrentVersion>Run
In the right panel, locate and delete the entry:
popuppers64="%Windows%\a64sddd.exe"
In the left panel, locate and delete the following:
• HKEY_CLASSES_ROOT>IObjSafety.DemoCtl
• HKEY_CLASSES_ROOT>CLSID>{E0CE16CB-741C-4B24-8D04-A817856E07F4}
• HKEY_CLASSES_ROOT>Interface>{3E4BCF50-865B-4EF4-A0BC-BF57229EA525}
• HKEY_CLASSES_ROOT>Interface>{64A5BD22-8D8A-4193-9CF8-7DB5212ABB17}
• HKEY_CLASSES_ROOT>Interface>{674A6BD5-317A-49CF-9647-1E085E660CE0}
• HKEY_CURRENT_USER>Software>Microsoft>
Windows>CurrentVersion>Internet Settings>
ZoneMap>Domains>media-motor.net
• HKEY_CURRENT_USER>Software>Microsoft>
Windows>CurrentVersion>Internet Settings>
ZoneMap>Domains>popuppers.com
• HKEY_LOCAL_MACHINE>Software>Microsoft>
Windows>CurrentVersion>Uninstall>media-motor
Close Registry Editor.

--------------------------------------------------------------------------------
NOTE: If you were not able to terminate the grayware process as described in the previous procedure, restart your system.
Additional Windows ME/XP Cleaning Instructions

Users running Windows ME and XP must disable System Restore to allow full scanning of infected systems.

Users running other Windows versions can proceed with the succeeding procedure set(s).

Running Trend Micro Antivirus

Download and unzip the latest grayware pattern file and scan your system. Then, delete all files detected as ADW_MOTOR.A.

Description Created: Feb 14, 2005

[marycha]

Hi,
I had the same problem and I destroyed it.
In a first time, find prjMensag and DESTROY IT, it's a dirty trick.
After, destroy all file names I found from the site
http://www.trendmicr...AME=ADW_MOTOR.A

SEE BELOW. Good Luck. Mary

ADW_MOTOR.A
Discovery Date: Feb 4, 2005


Description:

Threat Type: Adware

Systems Affected: Windows 98, ME, NT, 2000, and XP.

This adware may be downloaded from the internet. It may also be packaged with other software applications. Upon execution, it connects to the following URL where it downloads components:


http://bins.media-motor.net/
http://bins2.media-motor.net/
http://mmm.media-motor.net/
http://www.maxmind.com:8010/
The downloaded files are saved in the Windows folder using the following file names:


a64sddd.exe
affbun.txt
imgurla.exe
mm63.ocx
tempf.txt
unstall.exe
usta32.ini
This adware creates advertisements and generates popup windows related to Media Motor.

It creates the following registry entry to run at Windows startup:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run popuppers64="%Windows%\a64sddd.exe"

(Note: %Windows% is the Windows folder, which is usually C:\Windows or C:\WINNT.)

It creates the following registry keys:

HKEY_CLASSES_ROOT\IObjSafety.DemoCtl

HKEY_CLASSES_ROOT\CLSID\{E0CE16CB-741C-4B24-8D04-A817856E07F4}

HKEY_CLASSES_ROOT\Interface\{3E4BCF50-865B-4EF4-A0BC-BF57229EA525}

HKEY_CLASSES_ROOT\Interface\{64A5BD22-8D8A-4193-9CF8-7DB5212ABB17}

HKEY_CLASSES_ROOT\Interface\{674A6BD5-317A-49CF-9647-1E085E660CE0}

HKEY_CURRENT_USER\Software\Microsoft
\Windows\CurrentVersion\Internet Settings\
ZoneMap\Domains\media-motor.net

HKEY_CURRENT_USER\Software\Microsoft
\Windows\CurrentVersion\Internet Settings\
ZoneMap\Domains\popuppers.com

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\media-motor




Solution:

TREND MICRO SOLUTION

Minimum scan engine version needed: 7.100
TMAPTN version needed: 220.02
DCE version needed: 3.8
TMADCE version needed: <not yet available as of this writing>
MANUAL REMOVAL INSTRUCTIONS


Removing Autostart Entries from the Registry

Removing autostart entries from the registry prevents the grayware from executing at startup.

Open Registry Editor. Click Start>Run, type REGEDIT, then press Enter.
In the left panel, double-click the following:
HKEY_CURRENT_USER>Software>Microsoft>
Windows>CurrentVersion>Run
In the right panel, locate and delete the entry:
popuppers64="%Windows%\a64sddd.exe"
In the left panel, locate and delete the following:
• HKEY_CLASSES_ROOT>IObjSafety.DemoCtl
• HKEY_CLASSES_ROOT>CLSID>{E0CE16CB-741C-4B24-8D04-A817856E07F4}
• HKEY_CLASSES_ROOT>Interface>{3E4BCF50-865B-4EF4-A0BC-BF57229EA525}
• HKEY_CLASSES_ROOT>Interface>{64A5BD22-8D8A-4193-9CF8-7DB5212ABB17}
• HKEY_CLASSES_ROOT>Interface>{674A6BD5-317A-49CF-9647-1E085E660CE0}
• HKEY_CURRENT_USER>Software>Microsoft>
Windows>CurrentVersion>Internet Settings>
ZoneMap>Domains>media-motor.net
• HKEY_CURRENT_USER>Software>Microsoft>
Windows>CurrentVersion>Internet Settings>
ZoneMap>Domains>popuppers.com
• HKEY_LOCAL_MACHINE>Software>Microsoft>
Windows>CurrentVersion>Uninstall>media-motor
Close Registry Editor.

--------------------------------------------------------------------------------
NOTE: If you were not able to terminate the grayware process as described in the previous procedure, restart your system.
Additional Windows ME/XP Cleaning Instructions

Users running Windows ME and XP must disable System Restore to allow full scanning of infected systems.

Users running other Windows versions can proceed with the succeeding procedure set(s).

Running Trend Micro Antivirus

Download and unzip the latest grayware pattern file and scan your system. Then, delete all files detected as ADW_MOTOR.A.

Description Created: Feb 14, 2005