|
Posted by =?Utf-8?B?S29q?= on October 25, 2005, 2:29 am
If you were Registered and logged in, you could reply and use other advanced thread options
Does anyone know what "pokapoka78.? is?? I run Win XP SP2 with all the
latest updates etc.. My PC has recently being hit by a spat of
trojans,viruses etc..despite having all updated antivirus/spware software.
Even though I am able to turn this program off, it keeps duplicating and
restarting at startup each time. It is also in the control services part of
the registry. Is this a legitimate program used by XP or a worm?
cheers
koj
|
|
Posted by Ian Kenefick on October 25, 2005, 4:08 am
If you were Registered and logged in, you could reply and use other advanced thread options
On Mon, 24 Oct 2005 23:29:05 -0700, Koj
>pokapoka78
Even though I dislike diagnosis by file name alone I did a google on
this. From Google this appears to be listed as a component of Elite
Bar adware. This I know is detected by kaspersky lab.
Use the Kaspersky engine in the tool 'Multi AV' available from
www.ik-cs.com to disinfect your pc.
--
Ian Kenefick
E-Mail: ian@ik-cs.com
Our site: http://www.ik-cs.com
My weblog: http://www.ik-cs.com/blogger
|
|
Posted by David H. Lipman on October 25, 2005, 9:34 am
If you were Registered and logged in, you could reply and use other advanced thread options
| Does anyone know what "pokapoka78.? is?? I run Win XP SP2 with all the
| latest updates etc.. My PC has recently being hit by a spat of
| trojans,viruses etc..despite having all updated antivirus/spware software.
|
| Even though I am able to turn this program off, it keeps duplicating and
| restarting at startup each time. It is also in the control services part of
| the registry. Is this a legitimate program used by XP or a worm?
|
| cheers
| koj
Koj:
All you state is... "despite having all updated antivirus/spware software"
You have to state what software and their version !
For non-viral malware...
Please download, install and update the following software...
Ad-aware SE v1.06
http://www.lavasoft.de/
http://www.lavasoftusa.com/
SpyBot Search and Destroy v1.4
http://security.kolla.de/
After the software is updated, I suggest scanning the system in Safe Mode.
I also suggest downloading, installing and updating BHODemon for any Browser
Helper Objects
that may be on the PC.
BHODemon
http://www.definitivesolutions.com/bhodemon.htm
For viral malware...
Download MULTI_AV.EXE from the URL --
http://www.ik-cs.com/programs/virtools/Multi_AV.exe
It is a self-extracting ZIP file that contains the Kixtart Script Interpreter {
http://kixtart.org Kixtart is CareWare } 4 batch files, 6 Kixtart scripts, one
Link
(.LNK) file, a PDF instruction file and two utilities; UNZIP.EXE and WGET.EXE.
It will
simplify the process of using; Sophos, Trend, Kaspersky and McAfee Anti Virus
Command
Line Scanners to remove viruses, Trojans and various other malware.
C:\AV-CLS\StartMenu.BAT -- { or Double-click on 'Start Menu' in C:\AV-CLS}
This will bring up the initial menu of choices and should be executed in Normal
Mode.
This way all the components can be downloaded from each AV vendor's web site.
The choices are; Sophos, Trend, McAfee, Kaspersky, Exit this menu and Reboot the
PC.
You can choose to go to each menu item and just download the needed files or you
can
download the files and perform a scan in Normal Mode. Once you have downloaded
the files
needed for each scanner you want to use, you should reboot the PC into Safe Mode
[F8 key
during boot] and re-run the menu again and choose which scanner you want to run
in Safe
Mode. It is suggested to run the scanners in both Safe Mode and Normal Mode.
When the menu is displayed hitting 'H' or 'h' will bring up a more comprehensive
PDF help
file.
To use this utility, perform the following...
Execute; Multi_AV.exe { Note: You must use the default folder C:\AV-CLS }
Choose; Unzip
Choose; Close
Execute; C:\AV-CLS\StartMenu.BAT
{ or Double-click on 'Start Menu' in C:\AV-CLS }
NOTE: You may have to disable your software FireWall or allow WGET.EXE to go
through your
FireWall to allow it to download the needed AV vendor related files.
* * Please report back your results * *
--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm
|
|
Posted by Jim on October 25, 2005, 8:41 pm
If you were Registered and logged in, you could reply and use other advanced thread options
> Does anyone know what "pokapoka78.? is?? I run Win XP SP2 with all the
> latest updates etc.. My PC has recently being hit by a spat of
> trojans,viruses etc..despite having all updated antivirus/spware software.
>
> Even though I am able to turn this program off, it keeps duplicating and
> restarting at startup each time. It is also in the control services part
> of
> the registry. Is this a legitimate program used by XP or a worm?
>
> cheers
> koj
|
|
Posted by Nick Skrepetos \(SuperAdBlocke on October 28, 2005, 12:11 am
If you were Registered and logged in, you could reply and use other advanced thread options
The "PokaPoka" series of adware/spyware/malware is related to the Elite
Toolbar as you may have found. In the infections we have found, it is often
protected by a Kernel Driver (often referred to as a 'RootKit') that will
hide itself and the folder containing the "PokaPoka" files. This is often in
the Windows folder "etb". The kernel driver seems to be distributed with
many pieces of software (adware/spyware) and varies only slightly in an
attempt to avoid detection. The driver uses basic "kernel hooking" to avoid
being "seen". If you view your drive over a network connection, you can
plainly see the files as it is not a filter driver, and the network layer
allows the viewing.
When booting to safe mode, you can "see" this folder ( as the kernel driver
does not load to hide it ), but often we find it accompanied by a WinLogon
Handler or AppInit_Dll that DOES load in safe mode, and can prevent the
deletion of the kernel driver and/or other files such as the ETB folder.
Our product, Super Ad Blocker with SUPERAntiSpyware should detect that and
remove it on reboot. Other products that use the registry keys to delete
files on reboot (pending file rename operations) won't work, as it deletes
this key:
http://www.superadblocker.com
You can try the product for 15-days (fully functional) for free. If you do
not wish to keep it after that period, you can uninstall it, but we do
appreciate when users support our rapid paced development to keep up with
and remove these stubborn infections.
If that does not find the spware/adware on your machine, you can submit a
diagnositc and I will diagnose your machine for free and post the results
back to the group and update our rules with anything found:
http://www.superadblocker.com/diagnostic.html?id=nicks
You may also wish to try the free scan/view of what's running on your PC
here:
http://www.fileresearchcenter.com
Nick Skrepetos
SuperAdBlocker.com - SUPERAntiSpyware
http://www.superadblocker.com
> Does anyone know what "pokapoka78.? is?? I run Win XP SP2 with all the
> latest updates etc.. My PC has recently being hit by a spat of
> trojans,viruses etc..despite having all updated antivirus/spware software.
>
> Even though I am able to turn this program off, it keeps duplicating and
> restarting at startup each time. It is also in the control services part
of
> the registry. Is this a legitimate program used by XP or a worm?
>
> cheers
> koj
|
|
XML site map