pmq.exe

I have a Win 7 (Starter) netbook that keeps asking me to run / purchase a Win 7 Virus protection package everytime I try to use IE.  The IE security is detecting pmq.exe as the culprit.  I can't access the internet and the netbook does not have a cd-drive.
medpipesAsked:
Who is Participating?
 
Brian GeeCommented:
Do the above, but since you do not have Internet access apparently, you'll need to download Malwarebytes on a separate computer and then load the EXE onto a USB Flash (thumb) drive so that you're able to copy the Malwarebytes program to the netbook.
0
 
jaustin1Commented:
I would download MalWareBytes from www.malwarebytes.org and put it on a flash drive, then put it on the netbook, install it, and do a full scan.
0
 
Brian GeeCommented:
To see if this will immediately assist with the Internet connectivity issue (and you are certain you don't connect to the Internet via proxy), try this:

Tools > Internet OptionsConnections tab >  LAN settings button > make sure that Automatically Detect Settings is the only checkbox checked (if it is not, correct it).
0
How do you know if your security is working?

Protecting your business doesn’t have to mean sifting through endless alerts and notifications. With WatchGuard Total Security Suite, you can feel confident that your business is secure, meaning you can get back to the things that have been sitting on your to-do list.

 
medpipesAuthor Commented:
yobri:  I don't "think" i have a connection issue.  my home page is google and i can briefly see it before this virus kicks in. Then it pushes IE to the background and wants to do a scan, when i close all those windows the IE closes.
0
 
Brian GeeCommented:
Ah, OK. I interpreted "I can't access the internet" differently... with that, get Malwarebytes downloaded on to a USB Flash drive so that you can get that installed and running in order to get that malware removed.

I suppose terminating the pmq.exe process only allows it to start up again, huh?
0
 
medpipesAuthor Commented:
Was able to download and transfer via USB.  I guess it does not run on Win 7 Starter.  Nothing happens when I double-click the executable.
0
 
medpipesAuthor Commented:
yes, i can see pmq running in task mgr, but terminating it is only temporary.  When I open IE, the IE security pop-up does give me the path to pmq, but when i browse to that directory it is not there.
0
 
jaustin1Commented:
Windows 7 Starter should allow you to run executables.  Can you try right-clicking and selecting "Run as Administrator" instead?
0
 
younghvCommented:
Read the instructions in the EE Articles below - you can just let that 'scareware' run until it finishes its 'scan' - then click out of it.

If you do have to download Malwarebytes to a separate computer, get the manual updater here: http://data.mbamupdates.com/tools/mbam-rules.exe

EE Articles here:
http://www.experts-exchange.com/A_5124.html (Stop-the-Bleeding-First-Aid-for-Malware)
http://www.experts-exchange.com/A_4922.html (Rogue-Killer-What-a-great-name)
0
 
medpipesAuthor Commented:
run as admin works...scanning now, will let you know the results
0
 
younghvCommented:
I think you are dealing with a "Rootkit" infection and if so Malwarebytes will not be the solution.

If the symptoms persist you might want to start with TDSSKILLER found here:
http://support.kaspersky.com/downloads/utils/tdsskiller.zip

* Download the file TDSSKiller.zip and extract it into a folder on the infected (or potentially infected) PC.
* Execute the file TDSSKiller.exe.
* Wait for the scan and disinfection process to be over. You do not have to reboot the PC after the disinfection is over.

If the tool finds a hidden service it will prompt you to type "delete",  you can also just hit "Enter" without typing in and the scan will continue...
Please post the log to be analyzed.

You may have to take further steps to include ComboFix.

http://www.bleepingcomputer.com/combofix/how-to-use-combofix
0
 
medpipesAuthor Commented:
My problem is solved, thank you very much for your assistance.
0
 
medpipesAuthor Commented:
completely satisfied
0
 
jaustin1Commented:
Great!  Glad to hear it!
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.