anyone ever heard of PTKEEA.exe?

Computing.Net > Forums > Windows 2000 > anyone ever heard of PTKEEA.exe?

anyone ever heard of PTKEEA.exe?

Original Message

Name: gkdmaths
Date: December 29, 2003 at 22:26:25 Pacific
Subject: anyone ever heard of PTKEEA.exe?
OS: Win2000 sp3
CPU/Ram: 1.8GHz 256M

Comment:

Hey, has anyone ever heard of this thing (PTKEEA.exe)? I'm trying to clean up my laptop after being hit with some trojan or another, and I just noticed this thing. I have no idea where it came from. I suspect its new, though I'm not sure if it's a problem.
I just installed the following software, which it may well be a component of, but I'm not sure:
SpywareBlaster
SpywareGuard
Spybot S&D
PepiMK Regalyzer
PepiMK Filalyzer
my cleaned-up HJT log looks like:
Logfile of HijackThis v1.97.2
Scan saved at 10:16:44 PM, on 12/29/2003
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
D:\WINNT\System32\smss.exe
D:\WINNT\system32\winlogon.exe
D:\WINNT\system32\services.exe
D:\WINNT\system32\lsass.exe
D:\WINNT\system32\svchost.exe
D:\WINNT\System32\svchost.exe
D:\WINNT\system32\spoolsv.exe
D:\Program Files\F-Secure\Common\FSMA32.EXE
D:\Program Files\F-Secure\Common\FSMB32.EXE
D:\Program Files\F-Secure\Common\FCH32.EXE
D:\Program Files\F-Secure\Common\FAMEH32.EXE
D:\Program Files\F-Secure\Common\FSGK32.EXE
D:\WINNT\system32\regsvc.exe
D:\WINNT\system32\MSTask.exe
D:\WINNT\System32\tcpsvcs.exe
D:\WINNT\System32\WBEM\WinMgmt.exe
D:\WINNT\system32\mspmspsv.exe
D:\WINNT\system32\svchost.exe
D:\WINNT\system32\inetsrv\inetinfo.exe
D:\Program Files\F-Secure\Common\FNRB32.EXE
D:\Program Files\F-Secure\Common\FIH32.EXE
D:\WINNT\Explorer.EXE
D:\WINNT\System32\sistray.EXE
D:\WINNT\System32\khooker.exe
D:\Program Files\F-Secure\Common\FSM32.EXE
D:\WINNT\system32\PwsTray.exe
D:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
D:\Program Files\SpywareGuard\sgmain.exe
D:\Program Files\SpywareGuard\sgbhp.exe
D:\Program Files\Internet Explorer\iexplore.exe
D:\Program Files\Internet Explorer\IEXPLORE.EXE
D:\WINNT\system32\taskmgr.exe
D:\WINNT\system32\NOTEPAD.EXE
C:\BACKUP\DTOP\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - D:\Program Files\SpywareGuard\dlprotect.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINNT\system32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [SiS Tray] D:\WINNT\System32\sistray.EXE
O4 - HKLM\..\Run: [SiS KHooker] D:\WINNT\System32\khooker.exe
O4 - HKLM\..\Run: [F-Secure Manager] "D:\Program Files\F-Secure\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [PWSTray] PwsTray.exe
O4 - HKCU\..\Run: [seticlient] D:\Program Files\SETI@home\SETI@home.exe -min
O4 - HKCU\..\Run: [PWHXBBF] D:\WINNT\PTKEEA.exe
O4 - Startup: SpywareGuard.lnk = D:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = D:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Acrobat Assistant.lnk = D:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = D:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O12 - Plugin for .spop: D:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {4D7F48C0-CB49-4EA6-97D4-04F4EACC2F3B} (InstallShield Setup Player 2K2) - http://www.ipswitch.com/_installs/wsftp_le/setup.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

I cant find anything by searching and using the Filalyzer doesnt give me any useful information either.
TIA, gkd

Report Offensive Message For Removal

Response Number 1

Name: gkdmaths
Date: December 30, 2003 at 01:22:48 Pacific

Reply: (edit)

Okay, I think I fingered it out.
I had a new bug called KREPPER in a file named NEW.EXE (in D:/WINNT/) which was dropping programs with random, six-letter names.
Symantec or some other site was saying it was an emerging problem with low risk or something-er-other.
I just deleted the infected files, updated the newest security updates from MS, cleaned the caches, douched the regestry, restarted and scanned to successful pc cleanliness.
-gkd

Report Offensive Follow Up For Removal


The ddayss.exe file on my hard driv intermittent Sound Issues Log in problems Old Compaq-need monitor adjustment Computer freezes on Setup Help!!	Configuring RASS and D-Link router --=WIN 2k FREEZES??=- writing to cdrom virus or hacked? My ISA cards stopped working

registry cleaning questio...

Windows 2000 Boot Hang

Use following form to reply to current message:

Name: From My Computing.Net Settings E-Mail: From My Computing.Net Settings Subject: anyone ever heard of PTKEEA.exe?

Comments:

  Homepage URL (*): 
Homepage Title (*): 
         Image URL:

Have you ever used OpenOffice?

Poll Finishes In 5 Days.
Discuss in The Lounge

Share Interet XP to 2000

Bootable cd and start SIW

western digital 80GB HD problem.

windows remote access vpn auth

can't get logged in on myspace, hel

All Posts Awaiting Replies