squarepants
2008-05-20, 14:41
I have recently gone on the net & use Spybot S/D as one of my security features. Recent scans say I have a possible Trojan (win32.autorun.aiv). as HKEY_LOCAL_MACHINE|SYSTEM|CONTOLSET 001|SERVICES|PMLDRIVERHPZ12 002
Spybot says, this copies an executable file into the systems directory, starts itself as a service DE5BD8A7, SYS1, SYS, SYS3 and restarts windows without giving the user a possibility to cancel the process. It also connects to it's malicious website and downloads additional executables!
Each time this appears, I fix it, then delete it with Spybot, but it re-appears every scan. Have I got a Trojan or is it a false alarm because my PC seems to work fine? I also use Windows Defender, a scan with this reveals an possible undesirable, HPZIPM12.EXE. I have done a search on my PC for HPZ12 and it appears in 4 places:
HPZIPM12 C:|WINDOWS|SYSTEM32
HPZIPM12.EXE-02312CF9.pf C:|WINDOWS|PREFETCH
HPZIPM12 hpaioa (HP programs folder)
HPZIPM12 3 (System 32 windows program)
I have put HPZIPM12.EXE in Windows Defender quarantine and the last scan with Spybot was clear. Would this be anything to do with the driver, PML HPZ12? I have read that this maybe something to do with HP printers and is used to enable the transfer of scans between the printer/scanner and the computer. Or, do I have a Trojan problem?
Many thanks
Squarepants
Spybot says, this copies an executable file into the systems directory, starts itself as a service DE5BD8A7, SYS1, SYS, SYS3 and restarts windows without giving the user a possibility to cancel the process. It also connects to it's malicious website and downloads additional executables!
Each time this appears, I fix it, then delete it with Spybot, but it re-appears every scan. Have I got a Trojan or is it a false alarm because my PC seems to work fine? I also use Windows Defender, a scan with this reveals an possible undesirable, HPZIPM12.EXE. I have done a search on my PC for HPZ12 and it appears in 4 places:
HPZIPM12 C:|WINDOWS|SYSTEM32
HPZIPM12.EXE-02312CF9.pf C:|WINDOWS|PREFETCH
HPZIPM12 hpaioa (HP programs folder)
HPZIPM12 3 (System 32 windows program)
I have put HPZIPM12.EXE in Windows Defender quarantine and the last scan with Spybot was clear. Would this be anything to do with the driver, PML HPZ12? I have read that this maybe something to do with HP printers and is used to enable the transfer of scans between the printer/scanner and the computer. Or, do I have a Trojan problem?
Many thanks
Squarepants