PCAcme Description:

PCAcme captures keystrokes, chat sessions, and mouse clicks. It is intended as a monitoring tool, but can be used for malicious purposes as well.

PCAcme is intended to run in stealth mode. Installation folders are configurable and file names are random.

When PCAcme is installed, it performs the following actions:

1. Prompts you to select the language.
   
2. Prompts you with "You are about to install PC Acme. Do you wish to continue?"
   
3. If you choose to continue, it displays an End User License Agreement (EULA).
   
4. If the EULA is accepted, it requests that you select an access password.
   
5. By default, it creates Program Files\PCACME to which it installs the files. This folder is configurable. Two detected files in this folder are Control.exe and View.exe.
   
6. Adds files to %System% folder. There are a total of nine files created, but only two have constant names. The file names are:
   • aastor.dat
   • aastor.key
     
7. Creates seven files with random file names, such as jqyeipeh. Four of the file names use the same random character name. These are:
   • <filename>.exe
   • <filename>.cfg
   • <filename>.dll
   • <filename>.key
     
     There are also three randomly named .vxd files, which use their own unique strings.
     
8. Creates a value that refers to the random file name of <filename.exe> in the registry keys:
   
   HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
   
   HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices
   
   An example of this is:
   
   "jqiyhdsh" = %sysdir%\jqiyhdsh.exe /setuser

This spyware has an uninstall feature, but it requires the access password, which is set when the spyware is installed.

Also known as: PC Activity Monitor

PCAcme Automatic Removal:

Using Spyware Doctor to detect and remove PCAcme AUTOMATICALLY!

PCAcme Manual Removal:

Follow these steps to remove PC Acme from your machine. Begin by backing up your registry and your system, and/or setting a Restore Point, to prevent trouble if you make a mistake.

1. Kill these running processes with Task Manager:
   control.exe
   hojxmfac.exe
   huaaevva.exe
   ooqdasbn.exe
   oqlueeas.exe
   pcacme.exe
   pcacmenet.exe
   qaqkweuh.exe
   qzowpaxe.exe
   suneaxiz.exe
   uninst.exe
   view.exe
   yanzzkek.exe
   yyaahsrf.exe
   yzaenbwx.exe
   
2. Unregister these DLLs with Regsvr32, then reboot:
   huaaevva.dll
   qzowpaxe.dll
   respool.dll
   suneaxiz.dll
   yanzzkek.dll
   
3. Remove these files (if present) with Windows Explorer:
   aastor.key
   about.html
   bottom.html
   control.exe
   file.html
   file_id.diz
   general.html
   gjomftox.vxd
   hojxmfac.exe
   huaaevva.dll
   huaaevva.exe
   h_demo_mode.html
   h_distribution_package.html
   h_license.html
   h_logfile_structure.html
   h_logfile_viewing.html
   h_pcacmenet_cc.html
   h_pcacmenet_cc_file_events.html
   h_pcacmenet_cc_general_options.html
   h_pcacmenet_cc_registry_events.html
   h_pcacmenet_cc_sender_options.html
   h_pcacmenet_general_information.html
   h_pcacmenet_installation.html
   h_serv.html
   h_serv_contacts.html
   h_serv_order.html
   h_serv_support.html
   h_uninstallation.html
   iixoniuh.vxd
   index.html
   keylogger files (email is safe).txt
   ki.in_
   license.html
   license.txt
   main.css
   ooqdasbn.exe
   oqlueeas.exe
   order.frm
   order.txt
   pcacme.chm
   pcacme.cn_
   pcacme.exe
   pcacme.hl_
   pcacmenet.exe
   pcacmenet_content.html
   psxadlof.vxd
   qaqkweuh.exe
   qzowpaxe.dll
   qzowpaxe.exe
   readme.txt
   register.txt
   registry.html
   respool.dll
   sender.html
   setup.log
   suneaxiz.cfg
   suneaxiz.dll
   suneaxiz.exe
   support.html
   top.html
   uninst.exe
   uninst.lo_
   vcrond.vx_
   view.exe
   view.html
   vkmler.vx_
   whatsnew.txt
   yanzzkek.dll
   yanzzkek.exe
   yglraavr.sys
   yiuzuunw.sys
   yyaahsrf.exe
   yzaenbwx.exe

More Removal Instructions for Adware/Spyware Programs - 'P'