Partial detection

Hi all. Wonder if anyone has encountered this- Comodo spotting a problem but then it still getting onto your PC.

When visiting a regular site I use last week, ([Possible Malware Site - Link Removed].com , but don’t go there at the minute) I had a Comodo alert pop up for something like “pdfupd.exe is trying to edit the registry” - so naturally I blocked this as it recommended. A bit of googling indicated pdfupd.exe is actually a trojan. The site’s news page had some fresh correspondence about an infection too. Anyway, I was thinking I should be happy, Comodo’s caught it for me.

However, the PC (running MS XP and Opera browser) seemed slow at the weekend - and a search of it found

(a) a copy of pdfupd.exe in the windows prefetch folder ( which I deleted)
(b) 2 new processes running in the startup list in msconfig - one called nettir32.exe and another one, something around 8 letters long & containing “aud” (dauda… maybe, umm), I think. The nettir32 file was invisible in the path shown in msconfig, while the other one wasn’t a normal file path (maybe a registry entry- what do they look like in msconfig?)
(c) one CPU core running at 100%

After trying a couple of things I did a system restore to a couple of weeks back & everything seems perfectly fine now, all the invaders appear to have gone. Whether any l33t hacker is now poring through my collection of pics of old Honda exhaust systems is a bit unclear though. A full Comodo scan shows up as clean, but then it did when Nettir & co were happilly running anyway. Is there anything else I could scan it with?



(Moderator Edit - please don’t post possible malware sites. Thank You. :slight_smile: )

You can check your computer using the programs in this guide:
What You Need To Know About Removing Infections and Securing Your Computer

Also, what configuration was CIS in at the time you got infected? Had you allowed any other popups recently?


Thanks Chiron

I’ll have a go at more of those checks later (am at work at the min), or at least the free ones! I did run Malwarebytes on it last night & it turned up a couple more nasties, it seems this is a pretty invasive thing.

As for configuration- CIS was in the default out-of-the-box config, and no I had not allowed any pop ups, I think I had only had one recently & I blocked that.

Googling for Nettir32, out of curiosity, I came across this thread - the long post from “Erling” 2 days ago describes pretty much what I experienced too. Maybe this is a new exploit?

They’re all free. ;D