Worm or not?



Kenny
07-09-2005, 10:11 PM
Trying to figure out why PC was locking up when using CPU intensive tasks I
started trying to identify Processes in Task Manager.
Found an entry "PDSched.exe" which is identified here:
http://www.bleepingcomputer.com/startups/PDSched.exe-2844.html
and many other sites as a worm.
I do have Roxio Perfect Disk on PC which should have a "pdsched.exe", note
the case difference, process which doesn't show, see here:
http://www.liutilities.com/products/wintaskspro/processlibrary/pdsched/
I ran updated AVG free, Panda online and Trend scans and none of them
identified it as a virus/worm.
Also have Zone Alarm free and regularly use AdAware SpyBot etc.
Until my subs ran out recently I had been using Norton Utilities with NAV
2003 and never seemed to have any problems then.

XP Pro with SP2
Asus A7N8X m/b
Athlon 2500XP Barton
512MB PC2700
Internal 120 & 160 GB and external USB 160GB HDD's.
Matrox G450 eTV graphics (this was my first suspect!)

When PC did lock up CPU went to 100%, the 2 progs it happened in mostly were
World Snooker 2005 and Changes, a program my daughter uses to show herself
with different hairstyles etc. This particular program runs perfect on hers
which is only Athlon 600MHz with 256MB and 8MB ATI graphics, (my hand me
down).
Big question is do I have a worm or not? Should I invest in a paid for
anti-virus prog, if so which one if Panda and Trend don't see this as a
risk?

--

Kenny Cargill

MAP
07-09-2005, 10:11 PM
Kenny wrote:
> Trying to figure out why PC was locking up when using CPU intensive
> tasks I started trying to identify Processes in Task Manager.
> Found an entry "PDSched.exe" which is identified here:
> http://www.bleepingcomputer.com/startups/PDSched.exe-2844.html
> and many other sites as a worm.
> I do have Roxio Perfect Disk on PC which should have a "pdsched.exe",
> note the case difference, process which doesn't show, see here:
> http://www.liutilities.com/products/wintaskspro/processlibrary/pdsched/
> I ran updated AVG free, Panda online and Trend scans and none of them
> identified it as a virus/worm.
> Also have Zone Alarm free and regularly use AdAware SpyBot etc.
> Until my subs ran out recently I had been using Norton Utilities with
> NAV 2003 and never seemed to have any problems then.
>
> XP Pro with SP2
> Asus A7N8X m/b
> Athlon 2500XP Barton
> 512MB PC2700
> Internal 120 & 160 GB and external USB 160GB HDD's.
> Matrox G450 eTV graphics (this was my first suspect!)
>
> When PC did lock up CPU went to 100%, the 2 progs it happened in
> mostly were World Snooker 2005 and Changes, a program my daughter
> uses to show herself with different hairstyles etc. This particular
> program runs perfect on hers which is only Athlon 600MHz with 256MB
> and 8MB ATI graphics, (my hand me down).
> Big question is do I have a worm or not? Should I invest in a paid
> for anti-virus prog, if so which one if Panda and Trend don't see
> this as a risk?

Since the link below is from Trend Micro showing registry entrys this worm
creates and you have run an online scan with trend and came up clean I would
say that you do not have it.
http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SDBOT.CN&VSect=T

--
Mike Pawlak

Rick \Nutcase\ Rogers
07-09-2005, 10:11 PM
Hi Kenny,

What folder is it in? PDsched.exe should be in the Raxco program folder. A
worm would not be there, but rather in the system32 folder.

--
Best of Luck,

Rick Rogers, aka "Nutcase" - Microsoft MVP
http://mvp.support.microsoft.com/
Associate Expert - WindowsXP Expert Zone
www.microsoft.com/windowsxp/expertzone
Windows help - www.rickrogers.org

"Kenny" <me@privacy.net> wrote in message
news:uu0$eKQYFHA.3184@TK2MSFTNGP15.phx.gbl...
> Trying to figure out why PC was locking up when using CPU intensive tasks
> I started trying to identify Processes in Task Manager.
> Found an entry "PDSched.exe" which is identified here:
> http://www.bleepingcomputer.com/startups/PDSched.exe-2844.html
> and many other sites as a worm.
> I do have Roxio Perfect Disk on PC which should have a "pdsched.exe", note
> the case difference, process which doesn't show, see here:
> http://www.liutilities.com/products/wintaskspro/processlibrary/pdsched/
> I ran updated AVG free, Panda online and Trend scans and none of them
> identified it as a virus/worm.
> Also have Zone Alarm free and regularly use AdAware SpyBot etc.
> Until my subs ran out recently I had been using Norton Utilities with NAV
> 2003 and never seemed to have any problems then.
>
> XP Pro with SP2
> Asus A7N8X m/b
> Athlon 2500XP Barton
> 512MB PC2700
> Internal 120 & 160 GB and external USB 160GB HDD's.
> Matrox G450 eTV graphics (this was my first suspect!)
>
> When PC did lock up CPU went to 100%, the 2 progs it happened in mostly
> were World Snooker 2005 and Changes, a program my daughter uses to show
> herself with different hairstyles etc. This particular program runs
> perfect on hers which is only Athlon 600MHz with 256MB and 8MB ATI
> graphics, (my hand me down).
> Big question is do I have a worm or not? Should I invest in a paid for
> anti-virus prog, if so which one if Panda and Trend don't see this as a
> risk?
>
> --
>
> Kenny Cargill
>
>
>

Kenny
07-09-2005, 10:11 PM
Thanks for the reply. Tried running the
prog with "PDSched" ended and the problem's still there.

Did a Find for this file and the only place it appears is the Perfect Disk
program.

Also followed advice here and I have none of these registry entries:

http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SDBOT.CN&VSect=T


Looks like I'm not infected but don't understand why so many places see this
as a worm.




--

Kenny Cargill



"MAP" <mikepawlak2REM@OVEhotmail.com> wrote in message
news:uSK57kQYFHA.2128@TK2MSFTNGP15.phx.gbl...
> Kenny wrote:
>> Trying to figure out why PC was locking up when using CPU intensive
>> tasks I started trying to identify Processes in Task Manager.
>> Found an entry "PDSched.exe" which is identified here:
>> http://www.bleepingcomputer.com/startups/PDSched.exe-2844.html
>> and many other sites as a worm.
>> I do have Roxio Perfect Disk on PC which should have a "pdsched.exe",
>> note the case difference, process which doesn't show, see here:
>> http://www.liutilities.com/products/wintaskspro/processlibrary/pdsched/
>> I ran updated AVG free, Panda online and Trend scans and none of them
>> identified it as a virus/worm.
>> Also have Zone Alarm free and regularly use AdAware SpyBot etc.
>> Until my subs ran out recently I had been using Norton Utilities with
>> NAV 2003 and never seemed to have any problems then.
>>
>> XP Pro with SP2
>> Asus A7N8X m/b
>> Athlon 2500XP Barton
>> 512MB PC2700
>> Internal 120 & 160 GB and external USB 160GB HDD's.
>> Matrox G450 eTV graphics (this was my first suspect!)
>>
>> When PC did lock up CPU went to 100%, the 2 progs it happened in
>> mostly were World Snooker 2005 and Changes, a program my daughter
>> uses to show herself with different hairstyles etc. This particular
>> program runs perfect on hers which is only Athlon 600MHz with 256MB
>> and 8MB ATI graphics, (my hand me down).
>> Big question is do I have a worm or not? Should I invest in a paid
>> for anti-virus prog, if so which one if Panda and Trend don't see
>> this as a risk?
>
> Since the link below is from Trend Micro showing registry entrys this worm
> creates and you have run an online scan with trend and came up clean I
> would
> say that you do not have it.
> http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SDBOT.CN&VSect=T
>
> --
> Mike Pawlak
>
>

da_test
07-09-2005, 10:11 PM
On Wed, 25 May 2005 06:01:59 -0400, "Rick \"Nutcase\" Rogers"
<rick@mvps.org> wrote:

>Hi Kenny,
>
>What folder is it in? PDsched.exe should be in the Raxco program folder. A
>worm would not be there, but rather in the system32 folder.
Unless it's a hidden file ?
Try the command prompt.
Enter CD \
Enter Dir /s /ah pdsched.exe

That command will search the entire C: partition for any files
that have the hidden attribute called pdsched.exe.

Dave


Worm or not?