Today after cleaning out a Conficker infection, I found this in Services.msc, something I had never seen before. It says that it supports System Restore functions. There is no mention of this anywhere I can find. It says it is automatic, but stopped. Advice please.

What is plcltiuym in services. msc? Today after cleaning out a Conficker infection, I found this in Services.msc, something I had never seen before. It says that it supports System Restore functions. There is no mention of this anywhere I can find. It says it is automatic, but stopped. Advice please.

I have no idea as I don't have anything to do with the Malware section but if you are sure that it isn't something that has anything to do with any program that you have installed I would disable it. If it lists the associated program you might be able to find out more info by visiting the folder that it is in.

PS Not to be rude, but they do not like you posting the same or identical threads in more than one forum.

Sorry for the double posting; I really do not know whether this is an XP issue or a malware issue. What is strange is that there is no mention of this item anywhere I can find. I have not installed any programs, but have done a lot of updates. Its not good that the Windows update was insufficient to block this virus, even though they state that it will prevent it from installing.

Please, read this first: http://www.techhelpforum.com/showthread.php?t=6820
Start new topic here: http://www.techhelpforum.com/forumdisplay.php?f=32

Sorry for breaking the rules. The only scan I ran was the MalwareBytes progam, and it deleted the virus.

Here is the MalwareBytes log:

Malwarebytes' Anti-Malware 1.36
Database version: 2149
Windows 5.1.2600 Service Pack 3

21/05/2009 17:40:18
mbam-log-2009-05-21 (17-40-18).txt

Scan type: Full Scan (C:\|)
Objects scanned: 193283
Time elapsed: 2 hour(s), 58 minute(s), 47 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Advanced\Folder\Hidden\SHOWALL \CheckedValue (Hijack.System.Hidden) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\uyamil.dll (Worm.Conficker) -> Delete on reboot.

But I feel that the strange item plcltiuycm in msc.services might be related to this virus because I have never seen it on any list of msc.services.

I don't believe that it is a windows service and if you haven't installed anything that would have installed it then I would disable it and wait to hear back from broni.

It wouldn't load; it is too big.

This was identified in Gmer. Here is the problem. Uyamil.dll was identified as Conficker in the Malwarebytes log, and it is linked with egyoom and plcltiuym. However, no matter what else I run, they come up clean, so they can't clean the infection. Also now in Services.msc is something called EOQBRR, which has no associated service and is not identified anywhere on the net. I cannot disable either of these services; 'access is denied'.

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\egyoom@Disp layName plcltiuym
Reg HKLM\SYSTEM\CurrentControlSet\Services\egyoom@Type 32
Reg HKLM\SYSTEM\CurrentControlSet\Services\egyoom@Star t 2
Reg HKLM\SYSTEM\CurrentControlSet\Services\egyoom@Erro rControl 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\egyoom@Imag ePath %SystemRoot%\system32\svchost.exe -k netsvcs
Reg HKLM\SYSTEM\CurrentControlSet\Services\egyoom@Obje ctName LocalSystem
Reg HKLM\SYSTEM\CurrentControlSet\Services\egyoom@Desc ription Performs system restore functions. To stop service, turn off System Restore from the System Restore tab in My Computer->Properties
Reg HKLM\SYSTEM\CurrentControlSet\Services\egyoom\Para meters
Reg HKLM\SYSTEM\CurrentControlSet\Services\egyoom\Para meters@ServiceDll C:\WINDOWS\system32\uyamil.dll
Reg HKLM\SYSTEM\ControlSet007\Services\egyoom@DisplayN ame plcltiuym
Reg HKLM\SYSTEM\ControlSet007\Services\egyoom@Type 32
Reg HKLM\SYSTEM\ControlSet007\Services\egyoom@Start 2
Reg HKLM\SYSTEM\ControlSet007\Services\egyoom@ErrorCon trol 0
Reg HKLM\SYSTEM\ControlSet007\Services\egyoom@ImagePat h %SystemRoot%\system32\svchost.exe -k netsvcs
Reg HKLM\SYSTEM\ControlSet007\Services\egyoom@ObjectNa me LocalSystem
Reg HKLM\SYSTEM\ControlSet007\Services\egyoom@Descript ion Performs system restore functions. To stop service, turn off System Restore from the System Restore tab in My Computer->Properties
Reg HKLM\SYSTEM\ControlSet007\Services\egyoom\Paramete rs
Reg HKLM\SYSTEM\ControlSet007\Services\egyoom\Paramete rs@ServiceDll C:\WINDOWS\system32\uyamil.dll