Loading ...
Sorry, an error occurred while loading the content.

Re: [NTO] Anyone seen this error message before before?

Expand Messages
  • alice ttlg
    ... The fact that Windows is misspelled and that it says at the url above: Some malware camouflage themselves as PCMService.exe, makes me seriously think
    Message 1 of 22 , Jun 2, 2008
    • 0 Attachment
      On 6/2/08, hsavage <hsavage@...> wrote:
      > Mike Breiding wrote:
      > >
      > > Here is a screen shot.
      > > http://mbreiding.us/temp/error.jpg
      >
      > This site can be found via websearch but, to save a little time try this
      > url.
      >
      >
      > http://www.file.net/process/pcmservice.exe.html

      The fact that "Windows" is misspelled and that it says at the url above:

      "Some malware camouflage themselves as PCMService.exe,"

      makes me seriously think what you've got is a virus or trojan or other
      nasty thing. I am always leary of misspelled stuff (or obvious
      grammatical errors) as it is often a sign of spam or viruses. I'd run
      some virus checks and if you're not running behind a firewall, this
      could be a reminder that you need one and a good anti-virus program if
      you don't have one.

      --
      hth,
      alice ttlg

      Vox Populli, webhosting for fans
      http://www.populli.org/
      Glenfinnan, webhosting for everything else
      http://www.glenfinnanhosting.com/
    • Mike Breiding
      ... I feel the same and have been suspicious, but I could never detect anything other than the error message popping up. ... I run ZoneAlarm and Spybot and
      Message 2 of 22 , Jun 2, 2008
      • 0 Attachment
        alice ttlg wrote:
        > The fact that "Windows" is misspelled and that it says at the url above:
        >
        > "Some malware camouflage themselves as PCMService.exe,"
        >
        > makes me seriously think what you've got is a virus or trojan or other
        > nasty thing. I am always leary of misspelled stuff (or obvious
        > grammatical errors) as it is often a sign of spam or viruses.
        I feel the same and have been suspicious, but I could never detect
        anything other than the error message popping up.
        > I'd run
        > some virus checks and if you're not running behind a firewall, this
        > could be a reminder that you need one and a good anti-virus program if
        > you don't have one.
        I run ZoneAlarm and Spybot and have a hardware firewall which I hope is
        adequate.
        I simply cannot tolerate intrusive and slow AV software so I have
        always relied on "safe computing" and firewalls to combat intrusions.

        Thus far I have found nothing I can positively determine is anything
        which has hacked it's way in.
        -Mike
      • alice ttlg
        ... have different reactions! Zone Alarm has been awful for me every time I ve used on various PCs for the last few years, way too slow, uses too much memory.
        Message 3 of 22 , Jun 2, 2008
        • 0 Attachment
          On 6/2/08, Mike Breiding <mike@...> wrote:
          >
          > I run ZoneAlarm and Spybot and have a hardware firewall which I hope is
          > adequate.
          > I simply cannot tolerate intrusive and slow AV software so I have
          > always relied on "safe computing" and firewalls to combat intrusions.

          :) Everyone's experiences are different, even two identical PCs will
          have different reactions! Zone Alarm has been awful for me every time
          I've used on various PCs for the last few years, way too slow, uses
          too much memory.

          What worked for me is a hardware firewall and Avast anti-virus (I like
          it better than Grisoft, that one always slowed the PC down too much
          and too many popups, Avast always worked more quietly in the
          background. Plus safe computing and all that.

          Choice is a good thing so we can all find what works best for each of us!

          > Thus far I have found nothing I can positively determine is anything
          > which has hacked it's way in.

          It might have come from a legit site that you visited that had been
          hacked - the server I run my webhosting business on got hit a couple
          years ago by a hacker thru a security hole in a php-based archiving
          program. It managed to insert a footer on thousands of webpages on
          more than just the initial customer's site. (That was a very late
          night cleaning up that mess!) And a friend of mine, her site has
          gotten hacked by a virus that infected her webpages (on a Linux server
          run by a very large webhost who had no interest in fixing the
          vulnerability on another customer's account and so her site and
          everyone else's got infected). Often the infected part of the webpage
          is not visible to the user or looks innocuous and it can be on a
          reliable site you've visited before with no problems.

          --
          hth,
          alice ttlg

          Vox Populli, webhosting for fans
          http://www.populli.org/
          Glenfinnan, webhosting for everything else
          http://www.glenfinnanhosting.com/
        • Jeff Scism
          A Dummy Winidow ? Jeff ... -- Jeffery G. Scism, IBSSG ~~ Proponents of each side are vying with determination to prove their ignorance is greater than the
          Message 4 of 22 , Jun 2, 2008
          • 0 Attachment
            A Dummy "Winidow"?

            Jeff

            Mike Breiding wrote:
            > Greetings,
            >
            > I get this error message occasionally and have never been able to
            > associate it with any particular action or application.
            > Is it familiar to anyone?
            >
            > Here is a screen shot.
            > http://mbreiding.us/temp/error.jpg
            >
            > Thanks,
            > -Mike
            >
            > ------------------------------------
            >
            > Yahoo! Groups Links
            >
            >
            >
            > ------------------------------------------------------------------------
            >
            >
            > No virus found in this incoming message.
            > Checked by AVG.
            > Version: 8.0.100 / Virus Database: 269.24.4/1478 - Release Date: 6/2/2008 7:12 AM
            >


            --


            Jeffery G. Scism, IBSSG
            ~~

            "Proponents of each side are vying with determination to prove their ignorance is greater than the other."

            President Andrew Jackson, discussing a bill going through the US Congress.



            Visit http://ibssg.org/
            For The Blacksheep website, MORE...

            Putnam County Indiana Biographies and Obituaries
            http://ingenweb.org/inputnam/bios/

            Montgomery County Indiana Biographies and Obituaries
            http://ingenweb.org/inmontgomery/bios/

            Fountain County Indiana Biographies and Obituaries
            http://ingenweb.org/infountain/vitals/bios/
          • Jeff Scism
            ... I think it was a malware process, since the word Window was misspelled. Jeff -- Jeffery G. Scism, IBSSG ~~ Proponents of each side are vying with
            Message 5 of 22 , Jun 2, 2008
            • 0 Attachment
              Mike Breiding wrote:
              > MotoMania wrote:
              >
              >> I did a search on "pcmservice.exe" on google and one of the first I
              >> found was:
              >>
              >> http://www.file.net/process/pcmservice.exe.html
              >>
              >> HTH! or at least gives an idea of where to start. Mick
              >>
              >
              > This page gave me a place to start. Thanks!
              > I used Spybot S&D tools to remove pcmservice.exe from the startup list,
              > rebooted and it did not load.
              > I am still unsure what the file does.
              > The Media Direct Launch button still functions without it.
              >
              > -Mike
              >
              >
              I think it was a malware process, since the word "Window" was misspelled.

              Jeff

              --


              Jeffery G. Scism, IBSSG
              ~~

              "Proponents of each side are vying with determination to prove their ignorance is greater than the other."

              President Andrew Jackson, discussing a bill going through the US Congress.



              Visit http://ibssg.org/
              For The Blacksheep website, MORE...

              Putnam County Indiana Biographies and Obituaries
              http://ingenweb.org/inputnam/bios/

              Montgomery County Indiana Biographies and Obituaries
              http://ingenweb.org/inmontgomery/bios/

              Fountain County Indiana Biographies and Obituaries
              http://ingenweb.org/infountain/vitals/bios/
            • buralex@gmail.com
              Mike Breiding said on Jun 02, 2008 15:30 ... Mike - from the following posts it sounds like it actually was a window raised by
              Message 6 of 22 , Jun 3, 2008
              • 0 Attachment
                Mike Breiding <mike@...> said on Jun 02, 2008 15:30
                -0400 (in part):
                >
                > I get this error message occasionally and have never been able to
                > associate it with any particular action or application.
                > Is it familiar to anyone?
                >
                > Here is a screen shot.
                > http://mbreiding.us/temp/error.jpg
                Mike - from the following posts it sounds like it actually was a window
                raised by something called "PCMservice.exe" and you've got it removed now.

                For next time ...
                Have you got Process Explorer (from Sysinternals) on your system? One of
                many nice features it has, is a button on the toolbar which can be
                dragged onto any window. When mouse is released Process Explorer window
                is reshown with the owner of the window highlighted. If you double-click
                the process line it opens a properties window which can show you amongst
                other things the command-line used to start the task/process. This is
                often a good head-start to determining what is going on.

                Regards ... Alec -- buralex-gmail
                --



                [Non-text portions of this message have been removed]
              • Mike Breiding
                alice ttlg wrote:It might have come from a legit site that you visited that had been ... Makes me queasy just thinking about that!! So far, my only hijack has
                Message 7 of 22 , Jun 3, 2008
                • 0 Attachment
                  alice ttlg wrote:It might have come from a legit site that you visited
                  that had been
                  > hacked - the server I run my webhosting business on got hit a couple
                  > years ago by a hacker thru a security hole in a php-based archiving
                  > program. It managed to insert a footer on thousands of webpages on
                  > more than just the initial customer's site. (That was a very late
                  > night cleaning up that mess!)

                  Makes me queasy just thinking about that!!
                  So far, my only hijack has been page defacement of index files due to my
                  improperly setting file permission.
                  The substituted page was Pakistani propaganda as I recall. I got lucky
                  nothing worse happened.

                  Thanks,
                  -Mike
                • Mike Breiding
                  ... Hi Jeff, I have been thinking that way also since it first appeared. But, how can I verify that? When I choose OK or Cancel on the dialog box, nothing
                  Message 8 of 22 , Jun 3, 2008
                  • 0 Attachment
                    Jeff Scism wrote:
                    > I think it was a malware process, since the word "Window" was misspelled.

                    Hi Jeff,
                    I have been thinking that way also since it first appeared.
                    But, how can I verify that?
                    When I choose "OK" or "Cancel" on the dialog box, nothing obvious seems
                    to happen.
                    Since I removed it yesterday from the Startup list it has not shown back
                    up in the Processes list.

                    -Mike
                  • Mike Breiding
                    ... I think so as well. Time will tell. ... Just downloaded. Very handy! Thanks, -Mike
                    Message 9 of 22 , Jun 3, 2008
                    • 0 Attachment
                      buralex@... wrote:
                      > Mike Breiding <mike@...> said on Jun 02, 2008 15:30
                      > -0400 (in part):
                      >
                      >> I get this error message occasionally and have never been able to
                      >> associate it with any particular action or application.
                      >> Is it familiar to anyone?
                      >>
                      >> Here is a screen shot.
                      >> http://mbreiding.us/temp/error.jpg
                      >>
                      > Mike - from the following posts it sounds like it actually was a window
                      > raised by something called "PCMservice.exe" and you've got it removed now.
                      >
                      I think so as well. Time will tell.
                      > For next time ...
                      > Have you got Process Explorer (from Sysinternals) on your system?<TRIM>

                      Just downloaded. Very handy!
                      Thanks,
                      -Mike
                      > Regards ... Alec -- buralex-gmail
                      >
                    Your message has been successfully submitted and would be delivered to recipients shortly.