Spyware, Viruses, & Security forum

General discussion


by flingwing / January 30, 2009 4:38 PM PST

Beginning yesterday, when I plug in my flash drive into my computer and try to open it, I receive an error message ?Windows cannot find ?Pservermouse.exe??.

Using AVG 8.0, I scanned and cleaned my desktop, my flash drive, and a laptop. All were then clean. Then I tried again to open the flash drive but I still got the error message about Pservermouse.exe.

I Googled ?pservermouse? and found reports that it is a virus or worm. What makes me suspicious of this whole episode is that:
(1) AVG didn?t pick up the virus.
(2) Many of the Google returns are from local writers in Indonesia. I haven?t seen many international stories from the Google search about this virus.
(3) Some of the first search hits I read ask me to change my registry or download some new software to clean the pservermouse virus. This immediately makes me suspicious that the ?pservermouse? is a ruse to further infect or screw up my computer.
(4) A search of this CNET forums site has no mention of this virus.

Below are different web site stories about this virus/worm.

(1) The following one is from the Prevx Website. At first look the site looked almost ?too good? - like a medical clinic?s site - <http://www.prevx.com/filenames/283307765581222041-0/PSERVERMOUSE.EXE.html>

Further, it offers a free, downloadable program to remove the worm. This made me suspicious that the whole virus scene was a ruse to have me further infect my new computer. This is what this Prevx anti-virus web site said--

The filename is associated with the malware groups:
* Worm
* Cloaked Malware

File Behavior
PSERVERMOUSE.EXE has been seen to perform the following behavior:
PSERVERMOUSE.EXE has been the subject of the following behavior:
* Added as a Registry auto start to load Program on Boot up

Country Of Origin
The filename PSERVERMOUSE.EXE was first seen on Mar 11 2008 in the following geographical regions of the Prevx community:
* SPAIN on Mar 11 2008
* INDONESIA on Mar 11 2008
* MALAYSIA on Oct 25 2008

File Name Aliases
PSERVERMOUSE.EXE can also use the following file names:
* 73817657.EXE
* 26624881.EXE
* 23602043.DAT

Files using the name PSERVERMOUSE.EXE have been seen with the following file size:
* 551,424 bytes

Vendor, Product and Version Information
These files have no vendor, product or version information specified in the file header.

(2) This is one local fix I read--
The filename PSERVERMOUSE.EXE refers to many versions of an executable program.
1. go to safe mode, by pressing F8 on computer boot-up. then download repair.inf which will un hide the file containing ?pservermouse.exe?.
2. then search for ?pservermouse.exe? all over your computer on all drive try to lookfor a while since they hide in a lot of places (depends on the infection).
3. open regedit (windows key -> run -> type ?regedit? , then you should search in all category of any suspicious registry which contains ?pservermouse? try to search several times until you are sure that n registry contains ?pservermouse?.
4. restart the computer then try to search the ?pservermouse.exe? on the system ( but this time under windows running normally, NOT safemode.)
5. Reinstall your antivirus and update them regularly to minimized threat of this virus.

My computer is only 2 days old running XP and the HDD is still almost empty. The HDD is partitioned in two: one for operating system and programs and the second for data.

What should I do? Thanks.

Discussion is locked
You are posting a reply to: Pservermouse.exe?
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: Pservermouse.exe?
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
Added info to my first post
by flingwing / January 30, 2009 6:28 PM PST
In reply to: Pservermouse.exe?

I first searched for complaints about Prevx and its programs and found no serious ones. So I downloaded the free Prvx CSI and scanned my computer.

These are the two infections/threats the Prevx software found.
? ROOTKIT ? c\windows\system32:hgtray.exe = Hidden data
? THREAT - \Registry\Machine\Software\Microsoft\Active Setup\Install . . . =Infected Entry: StubP . . . (cannot read remainder of screen information)

Notice that neither warning specifically mentions ?Pservermouse? which is my original problem.

Without purchasing the full Prevx program to remove these two findings, is there another way I can get rid of these to see if that clears up the Pservermouse problem? Or better still, is there a well known fix for that Pservermouse problem?


Collapse -
Please try first to use this:
by Donna Buenaventura / January 31, 2009 4:40 AM PST

Download, Install, Update then scan the system using any of the following products:
Please read the notes before doing anything. If possible print or copy it in a notepad and close the browser or any opened Windows while you are running a cleaning or disinfection on a computer.
NOTE: If any of these programs finds infection, allow it to fix the computer. Reboot after the removal process. Re-scan the system until no more infection can be found.
Please scan in Normal mode, scan only using SAFE mode if the PC shutdown during scanning and/or removal process.

SUPERAntispyware (SAS) http://www.download.com/SUPERAntiSpyware-Free-Edition/3000-8022_4-10523889.html
You can also download it from http://superantispyware.com/downloadfile.html?productid=SUPERANTISPYWAREFREE

+++++ If SuperAntispyware will not install, please download and run the alternate version of the install package:
Get the alternate installer of SUPERAntiSpyware FREE Edition from http://downloads.superantispyware.com/downloads/SAS_FREE.EXE
Proceed by installing the alternate version of the installer.
See also: http://www.superantispyware.com/supportfaqdisplay.html?faq=71

+++++ If SuperAntispyware will not run, download RUNSAS.EXE to launch SUPERAntiSpyware:
RUNSAS.EXE - http://www.superantispyware.com/downloads/RUNSAS.EXE
See also: http://www.superantispyware.com/supportfaqdisplay.html?faq=71

+++++ If you will have problem updating SuperAntispyware, download the definitions installer from http://www.superantispyware.com/downloads/SASDEFINITIONS.EXE
See also: http://www.superantispyware.com/definitions.html

+++++ If you want to re-install SAS but encounter issue with re-installation, use first the SuperAntispyware Uninstallation Assistant by downloading it from http://www.superantispyware.com/downloads/SASUNINST.EXE then proceed to re-install SAS Free.

A2 Free (A2) http://www.download.com/A-squared-Free/3000-2239_4-10262215.html

+++++ If a-squared will not run or install, download a-squared Emergency USB Stick from http://download1.emsisoft.com/a2usb.zip
Save it in your desktop or USB stick then extract the content to the USB stick (in the root directory of your USB stick, not in any folder). Proceed by running a2Free.exe from the USB stick
More info http://www.emsisoft.com/en/software/stick/

Malwarebytes Antimalware (MBAM) http://www.download.com/Malwarebytes-Anti-Malware/3000-8022_4-10804572.html
You can also download it from http://www.gt500.org/malwarebytes/mbam.jsp

+++++ If MBAM will not install, please rename the installer mbam-setup.exe. Example: newtool.exe
Proceed installing the renamed installer of MBAM.

+++++ If MBAM will not run, go to the program directory of MBAM (e.g. C:\Program FIles\Malwarebytes Antimalware\) then rename mbam.exe to newtool.exe, double click newtool.exe to proceed in running a quick scan.

+++++ If you can't update MBAM, manually download the database installer from http://malwarebytes.gt500.org/mbam-rules.exe
See also: http://malwarebytes.gt500.org/database.jsp

+++++ If you need to re-install MBAM but encounter issue in re-installing, try using the MBAM Cleanup Utility by downloading it from http://www.malwarebytes.org/mbam-clean.exe

See if any of the above programs will detect the infection especially the rootkit.

Collapse -
Checked Everything
by flingwing / January 31, 2009 9:50 AM PST

Thanks a million for the very complete list of anti-malware/virus programs.

I downloaded all three programs and ran two: SUPERAntispyware (SAS) and Malwarebytes Antimalware (MBAM). I'm going to wait on running A2 Free (A2)until later today because of its reportedly long scan time. But I know that's because it has a large database of malware.

The two programs I did run reported NO problems related to the Pservermouse worm - if that's what it is. SAS found 160+ tracking cookies and those were deleted. MBAM found nothing because my computer must have been "very" clean by then <g>.

Let me just say that about two hours after I posted my initial message in this forum, I stopped getting that error/warning message about Pservermouse. But I had not done anything else on my own to eliminate it. Remember, I had used AVG to check my desktop, laptop and flash drive before I posted, but at that time I was still getting the error message.

Now I have those three programs and I have kept a copy of your reply to me for future use. Your reply was a real tour-de-force for malware programs. Thanks.

Collapse -
Some other things...
by Donna Buenaventura / January 31, 2009 10:25 AM PST
In reply to: Checked Everything

Instead of anti-malware or anti-virus, you might want to try a standalone anti-rootkit to determine if that particular file really exists/hidden and if you really got a rootkit.

NOTE: If you are using AVG Free edition, it does not include anti-rootkit protection/detection.

Rootkits is known to "hide" itself from antimalware which means you need anti-rootkit. MBAM, A2 and SAS can detect rootkit also but since the two has not found any... please try below programs:

1. Avira AntiRootkit - http://www.free-av.com/en/tools/4/avira_antirootkit_tool.html
2. GMER - http://www.gmer.net/files.php
3. F-Secure Blacklight - http://www.f-secure.com/security_center/
4. Panda Anti0rootkit - http://www.download.com/Panda-Anti-Rootkit/3000-8022_4-10717196.html

Please rename the anti-rootkit scanner if it failed to run for some reasons.

There are some user who manually removed the said exe file after making it 'visible' (unhide) but use at your own risk to try their method:
Please backup your registry if you will follow the said method.

If you like, you can post your HijackThis log in HJT forums where active HijackThis analysts will surely help you find the offending items:


Popular Forums
Computer Newbies 10,686 discussions
Computer Help 54,365 discussions
Laptops 21,181 discussions
Networking & Wireless 16,313 discussions
Phones 17,137 discussions
Security 31,287 discussions
TVs & Home Theaters 22,101 discussions
Windows 7 8,164 discussions
Windows 10 2,657 discussions

Does BMW or Volvo do it best?

Pint-size luxury and funky style

Shopping for a new car this weekend? See how the BMW X2 stacks up against the Volvo XC40 in our side-by-side comparison.