Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations TouchToneTommy on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

New virus ?

Status
Not open for further replies.
J741

J741

Technical User
Jul 3, 2001
528
CA
I'm working on a Windows XP based computer that had a lot of virii and Adware. they've now been removed. However, there is a process in MSTASK nemd "PDsched.exe" which creates a _lot_ of network access when a network cable is connected to the computer. It shows up in the registry under all the common startup locations (including HKLM\software\microsoft\windows\current version\run) and is labled 'Microsoft DirectX' with a data value of 'pdsched.exe'.

I have scanned this computer with Norton AntiVirus definitions dated June 23, 2004. And scanned with AdAware with definitions from June 22, 2004. Neither program detects any known problems. Therefore, I suspect this to be a new problem.

When I search for the file 'pdsched.exe' I can't find it! I know it's still in the computer somewhere, but even when searching for 'hidden' and 'system' files, the search function of Windows XP still comes up empty (but it does find a similarily named, numbered file in the /windows/prefetch directory).

Anyone got any insight on this one?

- James.
 
Sort by date Sort by votes
I finally found the file by running the command "dir pdsched*.* /s /ah" from a command prompt. It's located in "c:\windows\system32" and is attributed as a hidden, read-only, system file.

I wonder why the search function in Windows XP could not find it?

It is 76KB, created June 13th, and has no summary information containing any author or manufacturer information.
 
Upvote 0 Downvote
Thanks for the link, but it did not answer my question. It did, however, inform me of someone else with the same (or similar) issue.

- James.
 
Upvote 0 Downvote
** IT WAS A VIRUS !!!

I downloaded the latest Notron AntiVirus definition files this morning and re-scanned the file which I had isolated, and it was detected as the 'W32.Spybot.Worm' by virus definitions dated June 27, 2004.

Apparently this is a new version or modification of an old virus for which Symantec updated the virus definitons on June 24, 2004.

I new somehting was odd about this one.

- James.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

iambob
  • Locked
  • Question
Avast Anti-Virus is.. a virus?! 3
Replies
5
Views
174
Oorde
Oorde
andyv2011
  • Locked
  • Question
Looking at Virus Actions
Replies
0
Views
74
andyv2011
andyv2011
xit
  • Locked
  • News
New beta product from Malwarebytes 1
Replies
4
Views
141
kjv1611
kjv1611
Tiffc0922
  • Locked
  • Question
Virus / Malware Scans on Local PCs
Replies
5
Views
116
goombawaho
goombawaho
kharrison70
  • Locked
  • Question
Meskisift Visaal Studie Virus? 6
Replies
6
Views
120
goombawaho
goombawaho

Part and Inventory Search

Sponsor

Back
Top