Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

a64sddd


  • Please log in to reply

#1
pt_i_am

pt_i_am

    New Member

  • Member
  • Pip
  • 1 posts
when starting my computer i keep getting prjMensagem which the application a64sddd. Can you please tell me what this is and if it is really needed?

Also, I keep getting popuppers coming up despite the fact that I have fun adware and spyware and cannot get rid of it. Can someone help me with that as well?
Thank you
  • 0

Advertisements


#2
marycha

marycha

    New Member

  • Member
  • Pip
  • 1 posts
Hi,
I had the same problem and I destroyed it.
In a first time, find prjMensag and DESTROY IT, it's a dirty trick. ;)
After, destroy all file names I found from the site
http://www.trendmicr...AME=ADW_MOTOR.A :tazz:

SEE BELOW. Good Luck. Mary :thumbsup:

ADW_MOTOR.A
Discovery Date: Feb 4, 2005


Description:

Threat Type: Adware

Systems Affected: Windows 98, ME, NT, 2000, and XP.

This adware may be downloaded from the internet. It may also be packaged with other software applications. Upon execution, it connects to the following URL where it downloads components:


http://bins.media-motor.net/
http://bins2.media-motor.net/
http://mmm.media-motor.net/
http://www.maxmind.com:8010/
The downloaded files are saved in the Windows folder using the following file names:


a64sddd.exe
affbun.txt
imgurla.exe
mm63.ocx
tempf.txt
unstall.exe
usta32.ini
This adware creates advertisements and generates popup windows related to Media Motor.

It creates the following registry entry to run at Windows startup:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run popuppers64="%Windows%\a64sddd.exe"

(Note: %Windows% is the Windows folder, which is usually C:\Windows or C:\WINNT.)

It creates the following registry keys:

HKEY_CLASSES_ROOT\IObjSafety.DemoCtl

HKEY_CLASSES_ROOT\CLSID\{E0CE16CB-741C-4B24-8D04-A817856E07F4}

HKEY_CLASSES_ROOT\Interface\{3E4BCF50-865B-4EF4-A0BC-BF57229EA525}

HKEY_CLASSES_ROOT\Interface\{64A5BD22-8D8A-4193-9CF8-7DB5212ABB17}

HKEY_CLASSES_ROOT\Interface\{674A6BD5-317A-49CF-9647-1E085E660CE0}

HKEY_CURRENT_USER\Software\Microsoft
\Windows\CurrentVersion\Internet Settings\
ZoneMap\Domains\media-motor.net

HKEY_CURRENT_USER\Software\Microsoft
\Windows\CurrentVersion\Internet Settings\
ZoneMap\Domains\popuppers.com

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\media-motor




Solution:

TREND MICRO SOLUTION

Minimum scan engine version needed: 7.100
TMAPTN version needed: 220.02
DCE version needed: 3.8
TMADCE version needed: <not yet available as of this writing>
MANUAL REMOVAL INSTRUCTIONS


Removing Autostart Entries from the Registry

Removing autostart entries from the registry prevents the grayware from executing at startup.

Open Registry Editor. Click Start>Run, type REGEDIT, then press Enter.
In the left panel, double-click the following:
HKEY_CURRENT_USER>Software>Microsoft>
Windows>CurrentVersion>Run
In the right panel, locate and delete the entry:
popuppers64="%Windows%\a64sddd.exe"
In the left panel, locate and delete the following:
• HKEY_CLASSES_ROOT>IObjSafety.DemoCtl
• HKEY_CLASSES_ROOT>CLSID>{E0CE16CB-741C-4B24-8D04-A817856E07F4}
• HKEY_CLASSES_ROOT>Interface>{3E4BCF50-865B-4EF4-A0BC-BF57229EA525}
• HKEY_CLASSES_ROOT>Interface>{64A5BD22-8D8A-4193-9CF8-7DB5212ABB17}
• HKEY_CLASSES_ROOT>Interface>{674A6BD5-317A-49CF-9647-1E085E660CE0}
• HKEY_CURRENT_USER>Software>Microsoft>
Windows>CurrentVersion>Internet Settings>
ZoneMap>Domains>media-motor.net
• HKEY_CURRENT_USER>Software>Microsoft>
Windows>CurrentVersion>Internet Settings>
ZoneMap>Domains>popuppers.com
• HKEY_LOCAL_MACHINE>Software>Microsoft>
Windows>CurrentVersion>Uninstall>media-motor
Close Registry Editor.

--------------------------------------------------------------------------------
NOTE: If you were not able to terminate the grayware process as described in the previous procedure, restart your system.
Additional Windows ME/XP Cleaning Instructions

Users running Windows ME and XP must disable System Restore to allow full scanning of infected systems.

Users running other Windows versions can proceed with the succeeding procedure set(s).

Running Trend Micro Antivirus

Download and unzip the latest grayware pattern file and scan your system. Then, delete all files detected as ADW_MOTOR.A.

Description Created: Feb 14, 2005
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP