3 Replies Latest reply on Apr 7, 2010 4:10 PM by afaa

    Pod62.exe

      Hello everyone,

      I'm having a little trouble with this virus/trojan call pod62.exe. It resides in C:\Users\Username\pod62.exe. I ran the McAfee full scan and it detected and quarantined the virus but it keeps coming back the next day. Every morning I get a Windows error "Resize JPEG photos and pictures failed to start".How do I find the source that keeps generating this exe file?

       

      The Windows Errorlog looks like this:

       

      Version=1
      EventType=APPCRASH
      EventTime=129136825046582031
      ReportType=2
      Consent=1
      ReportIdentifier=55d11d5a-3535-11df-9667-003067372bef
      IntegratorReportIdentifier=55d11d59-3535-11df-9667-003067372bef
      WOW64=1
      Response.type=4
      Sig[0].Name=Application Name
      Sig[0].Value=pod62.exe
      Sig[1].Name=Application Version
      Sig[1].Value=2.0.0.1
      Sig[2].Name=Application Timestamp
      Sig[2].Value=00000000
      Sig[3].Name=Fault Module Name
      Sig[3].Value=pod62.exe
      Sig[4].Name=Fault Module Version
      Sig[4].Value=2.0.0.1
      Sig[5].Name=Fault Module Timestamp
      Sig[5].Value=00000000
      Sig[6].Name=Exception Code
      Sig[6].Value=c0000005
      Sig[7].Name=Exception Offset
      Sig[7].Value=00004368
      DynamicSig[1].Name=OS Version
      DynamicSig[1].Value=6.1.7600.2.0.0.256.1
      DynamicSig[2].Name=Locale ID
      DynamicSig[2].Value=1033
      DynamicSig[22].Name=Additional Information 1
      DynamicSig[22].Value=0a9e
      DynamicSig[23].Name=Additional Information 2
      DynamicSig[23].Value=0a9e372d3b4ad19135b953a78882e789
      DynamicSig[24].Name=Additional Information 3
      DynamicSig[24].Value=0a9e
      DynamicSig[25].Name=Additional Information 4
      DynamicSig[25].Value=0a9e372d3b4ad19135b953a78882e789
      UI[2]=C:\Users\user\pod62.exe
      UI[3]=Resize JPEG photos and pictures. has stopped working
      UI[4]=Windows can check online for a solution to the problem.
      UI[5]=Check online for a solution and close the program
      UI[6]=Check online for a solution later and close the program
      UI[7]=Close the program
      LoadedModule[0]=C:\Users\Username\pod62.exe
      LoadedModule[1]=C:\Windows\SysWOW64\ntdll.dll
      LoadedModule[2]=C:\Windows\syswow64\kernel32.dll
      LoadedModule[3]=C:\Windows\syswow64\KERNELBASE.dll
      LoadedModule[4]=C:\Windows\syswow64\advapi32.dll
      LoadedModule[5]=C:\Windows\syswow64\msvcrt.dll
      LoadedModule[6]=C:\Windows\SysWOW64\sechost.dll
      LoadedModule[7]=C:\Windows\syswow64\RPCRT4.dll
      LoadedModule[8]=C:\Windows\syswow64\SspiCli.dll
      LoadedModule[9]=C:\Windows\syswow64\CRYPTBASE.dll
      LoadedModule[10]=C:\Windows\syswow64\wininet.dll
      LoadedModule[11]=C:\Windows\syswow64\SHLWAPI.dll
      LoadedModule[12]=C:\Windows\syswow64\GDI32.dll
      LoadedModule[13]=C:\Windows\syswow64\USER32.dll
      LoadedModule[14]=C:\Windows\syswow64\LPK.dll
      LoadedModule[15]=C:\Windows\syswow64\USP10.dll
      LoadedModule[16]=C:\Windows\syswow64\Normaliz.dll
      LoadedModule[17]=C:\Windows\syswow64\urlmon.dll
      LoadedModule[18]=C:\Windows\syswow64\ole32.dll
      LoadedModule[19]=C:\Windows\syswow64\OLEAUT32.dll
      LoadedModule[20]=C:\Windows\syswow64\CRYPT32.dll
      LoadedModule[21]=C:\Windows\syswow64\MSASN1.dll
      LoadedModule[22]=C:\Windows\syswow64\iertutil.dll
      LoadedModule[23]=C:\Windows\syswow64\shell32.dll
      LoadedModule[24]=C:\Windows\system32\IMM32.DLL
      LoadedModule[25]=C:\Windows\syswow64\MSCTF.dll
      FriendlyEventName=Stopped working
      ConsentKey=APPCRASH
      AppName=Resize JPEG photos and pictures.
      AppPath=C:\Users\Username\pod62.exe

       

       

      Message was edited by: afaa on 4/6/10 11:00:06 AM CDT
        • 1. Re: Pod62.exe

          This morning, I'm getting the same error and the Pod62.exe file not only came back but also brought back another file. I am attaching the 2 files so you can see and run analysis.

          • 2. Re: Pod62.exe
            Dinz

            Hi,

            May I Know whether you use any software for Photoshop ?
            Also check whether this Trojan has installed itself in the add/remove list ?
            Let me know  what is the version of your virus scan &
            DAT
            If
            possible attach a screenshot of the error message from windows

             

            Regards,
            Dinesh K

            • 3. Re: Pod62.exe

              Dinesh,

              Thanks for taking the time to respond to my question.

               

              No Photo editing software that I know of. I checked the Installed Program list and uninstall everything that I don't want/need.

               

              McAfee VirusScan

              Version: 13.15

              Build: 13.15.17

              Last Update: 4/7/2010

              DAT Version: 5944.000

              Engine Version: 5400.1158

               

              I will attach a screen shot of the error the next time I get it.

               

              I also downloaded and ran Microsoft Security Essentials full scan and it did not detect anything. Worse yet is that  it doesn't even detect that the Pod62.exe is a virus/trojan.