PS.MPC Trojan

PS.MPC malware description and removal detail
Categories:Trojan,Backdoor,Downloader,Hacker Tool,DoS
Also known as:

[Kaspersky]Shifter.758,ARCV.Ecu.711,PS-MPC-based,ARCV.Dennis.874,V.439.a,PS-MPC.Ear.1024.c,PS-MPC.Bamestra.529,PS-MPC.Bamestra.530,PS-MPC.Bamestra.531,PS-MPC.Bamestra.534,PS-MPC.Bamestra.535,PS-MPC.Bamestra.536,Shiny.934,ARCV.475,ARCV.745,ARCV.916.b,ARCV.Dennis.897,PS-MPC.Screen.1207,Virus.Boot.Brain.a,VCL.846.a,VCL.Olympic.1440,VCL.RedTeam,VCL-based,Ugly.6000,G2-based,Shiny.921,PS-MPC.Ear.1024.a,PS-MPC.348,PS-MPC.Powermen.717,PS-MPC.Warez,Trojan.UCF.Ras,packed: PkLite,SillyC.150.b,PS-MPC.Print,Shiny.x,PS-MPC.7percent.918,PS-MPC.T-Rex,Radyum.707,PS-MPC.Ear.1024.g;
[Eset]modified Shiftobj.758 virus,Ecu virus,Ivp.540 virus,PS-MPC-based virus,Psmpc.Payrise.874 virus,Psmpc.Arcv-1.826 virus,Psmpc.Arcv-10.B virus,Psmpc.Arcv-3 virus,Psmpc.Arcv-4.664 virus,Psmpc.Arcv-5 virus,Psmpc.Arcv-6 virus,Psmpc.Arcv-9.771 virus,Psmpc.Arcv-9.745 virus,Respect.624.Dropper virus,Psmpc.432 virus,PSMPC.Aaron.Dropper virus,Beech virus,Bw.Mayberry.Jethro virus,Ear.1024.B virus,Psmpc.Polder.H virus,PS-MPC.Shiny.934 virus,probably unknown STEALTH.CRYPT.TSR.COM.EXE virus,Psmpc.Payrise.897 virus,Psmpc.Scrsave virus,Vcl.506 virus,PS-MPC.150 virus,probably unknown TUNNEL.TSR.COM.EXE virus;
[McAfee]Univ/f,Univ/r,Univ/o,ARCV.Payrise,Univ/p;
[F-Prot]destructive program,PS-MPC.711,PS-MPC.616,PS-MPC.432 (generic),Ear.1024.B,PS-MPC.534;
[Panda]Trj/Annoy,Shift_OBJ,Ecu.711,Univ,Pay Rise,PS-MPC.Based,ARCV10,ARCV9,G2,Respect.624,Mayberry.475,Ear.1024.B,PS-MPC.gen,Brain.1986,Red Team,Abraxas,Rape.500.drp,Rape-11,G2 RCK.371.RAK.519,Abr,Dark Dangler Deke,Direct.gen,Ologram,Trj/Ucf.Ras,Trj/Qscare.Ping,Trj/sillynuts,Trj/Qscare.Jeru,Scrunch,Intended.PSMPC.TREX,Radyum.707,Cbxv.803,Rtm.320,Paranoid.1427,Sucker.1684;
[Computer Associates]PS-MPC,Win/Annoy!Trojan,PS-MPC.711,PS-MPC.540,PS-MPC.550,PS-MPC.827,PS-MPC.300.Family,PS-MPC.664,PS-MPC.475.C,PS-MPC.335.A,PS-MPC.771,PS-MPC.745,White_Shark,PS-MPC.358,PS-MPC.427,PS-MPC.434.B,PS-MPC.454.D,TPE encrypted,WANDRELAMUSIA,PS-MPC.432,PS-MPC!Based,PS T-Rex,VCL,VCL.476,VCL.Dome,IVP.Scroll,Rape,PS-MPC.2062,PS-MPC.288,PS-MPC.298,PS-MPC.326,PS-MPC.331.A,PS-MPC.336,PS-MPC.355.A,Walt.311,PS-MPC.150.A
Visible Symptoms:
Files in system folders:
[%SYSTEM%]\tm97pj39.dat
[%WINDOWS%]\ilookup\ttil.exe
[%WINDOWS%]\partypocker.ico
[%WINDOWS%]\partypocker4.ico
[%WINDOWS%]\partypocker6.ico
[%SYSTEM%]\tm97pj39.dat
[%WINDOWS%]\ilookup\ttil.exe
[%WINDOWS%]\partypocker.ico
[%WINDOWS%]\partypocker4.ico
[%WINDOWS%]\partypocker6.ico

In order to ensure that the PS.MPC is launched automatically each time the system is booted, the PS.MPC adds a link to its executable file in the system registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
[%WINDOWS%]\ilookup\ttil.exe

Platforms / OS: Windows 95, Windows 98, Windows 98 SE, Windows NT, Windows ME, Windows 2000, Windows XP, Windows 2003, Windows Vista

Detecting PS.MPC:

Files:
[%SYSTEM%]\tm97pj39.dat
[%WINDOWS%]\ilookup\ttil.exe
[%WINDOWS%]\partypocker.ico
[%WINDOWS%]\partypocker4.ico
[%WINDOWS%]\partypocker6.ico
[%SYSTEM%]\tm97pj39.dat
[%WINDOWS%]\ilookup\ttil.exe
[%WINDOWS%]\partypocker.ico
[%WINDOWS%]\partypocker4.ico
[%WINDOWS%]\partypocker6.ico

Folders:
[%FAVORITES%]\hot links

Registry Keys:
HKEY_CLASSES_ROOT\clsid\{15ad6789-cdb4-47e1-a9da-992ee8e6bad6}
HKEY_CLASSES_ROOT\clsid\{6e21f428-5617-47f7-aed8-b2e1d8fba711}
HKEY_CLASSES_ROOT\clsid\{708be496-e202-497b-bc31-9cf47e3bf8d6}
HKEY_CLASSES_ROOT\clsid\{8b0fa130-0c3d-4cb1-aeb7-2c29da5509a3}
HKEY_CLASSES_ROOT\clsid\{af8b3c81-cd19-45fb-b6be-160d27711de8}
HKEY_CLASSES_ROOT\interface\{234f09fb-fe89-4c6d-9203-31832fc051c3}
HKEY_CLASSES_ROOT\interface\{365b9a54-e613-46e5-9db1-4f91a9de80bd}
HKEY_CLASSES_ROOT\interface\{41e74c20-8bbd-4b15-8c24-95bac7b3bac1}
HKEY_CLASSES_ROOT\interface\{42f58f60-9299-4564-9abd-8e9324844560}
HKEY_CLASSES_ROOT\interface\{618be527-b7f5-417c-bc51-98fdc2d6de61}
HKEY_CLASSES_ROOT\interface\{66c22569-f05c-4a70-a142-763b337e1002}
HKEY_CLASSES_ROOT\interface\{696d1af8-d0ff-42fd-bd8d-d0b20d64f508}
HKEY_CLASSES_ROOT\interface\{6f59d850-a155-4930-98ae-689a2bc7b8e8}
HKEY_CLASSES_ROOT\interface\{7b8bd940-b1ef-460c-85a2-9acaaf7f9303}
HKEY_CLASSES_ROOT\interface\{8fc08358-3634-44c7-a8f2-96dc7f39acd2}
HKEY_CLASSES_ROOT\interface\{99aa88d1-d9d3-410a-be9e-044f94c183da}
HKEY_CLASSES_ROOT\interface\{d1951679-1d52-43fc-9585-0737143585f5}
HKEY_CLASSES_ROOT\interface\{de53fa5d-11cc-4cb5-8d8e-eb5aa59c1e5a}
HKEY_CLASSES_ROOT\interface\{e38924f7-f290-4c13-beec-e8c587f58128}
HKEY_CLASSES_ROOT\interface\{f273d4ea-2025-4410-8408-251a0cd46be7}
HKEY_CLASSES_ROOT\interface\{fa82a7ec-2afc-4ee0-8f83-3229f7c6437e}
HKEY_CLASSES_ROOT\protocols\name-space handler\res
HKEY_CLASSES_ROOT\typelib\{b23b3add-84b1-414a-92b9-0cabe5a781f4}
HKEY_LOCAL_MACHINE\software\classes\clsid\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb}
HKEY_LOCAL_MACHINE\software\classes\interface\{1d4db7d1-6ec9-47a3-bd87-1e41684e07bb}
HKEY_LOCAL_MACHINE\software\classes\interface\{1d4db7d3-6ec9-47a3-bd87-1e41684e07bb}
HKEY_LOCAL_MACHINE\software\classes\typelib\{1d4db7d0-6ec9-47a3-bd87-1e41684e07bb}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\installer\userdata\sto

Registry Values:
HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\search

Removing PS.MPC:

An up-to-date copy of ExterminateIt should detect and prevent infection from PS.MPC.

If you do not have ExterminateIt and you are worried that you may have infected computer, you could run trial version of ExterminateIt, or remove PS.MPC manually.

To completely manually remove PS.MPC malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with PS.MPC.

  1. Use Task Manager to terminate the PS.MPC process.
  2. Delete the original PS.MPC file and folders.
  3. Delete the system registry key parameters
  4. Update your antivirus databases or buy antivirus software and perform a full scan of the computer.

We recommends that all Internet users back up any important information on their computers, enable maximum protection from network attacks and malicious code on their computers, refrain from executing suspicious programs received from untrustworthy sources.

ExterminateIt effectively and automatically removes PS.MPC from you computer and is a good solution for those who are seeking easy and effective protection for their computer from Trojan Horses, Rootkits, Backdoors, spyware, botnets, keystroke loggers, dialers and other malicious software(malware).

Download ExterminateIt! to instantly get rid of PS.MPC!

Check now if your PC is infected with PS.MPC

You can buy full version of ExterminateIt at RegNow.com.

Also Be Aware of the Following Threats:
Vxidl.BCX Trojan Removal
CommonName.Browser BHO Removal
Remove SillyDl.CFZ Downloader
Removing Simulate Trojan
Bancos.HVT Trojan Removal instruction

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)