Results 1 to 5 of 5
  1. #1
    3 Star Lounger
    Join Date
    Jan 2011
    Thanked 2 Times in 2 Posts

    Palladium - it's not a security suite!

    Hi there

    My mom-in-law called yesterday to tell me that Palladium had taken over her machine..... could not get past the flash screen that wants her to pay for the "Pro" version..... told her to turn off, and I would check it out last night.

    What I found out is that Palladium is a Trojan - and its nasty! It takes over, making your machine unusable. It tells you you have a whole host of spyware and viruses (in actual fact only one - Palladium!).

    I went into safe mode - same result! but by using Task Manager I managed to stop Palladium.exe from running. NExt I tried to find where the file was located, but could not get explorer.exe to run - it's been deleted!

    I had a look at some of the AV vendors sites, and it seems that this one is a really nasty one - so watch out!

    I will be re-installing the old laptop - XP SP3 here we come!

    Be aware that I had Sophos Antivirus running on this machine all the time. The problem is that the machine is turned on only once or maybe twice a week, so the virus definitions were not up to date enough to catch this bug! Be aware........

  2. #2
    Super Moderator CLiNT's Avatar
    Join Date
    Dec 2009
    California & Arizona
    Thanked 609 Times in 557 Posts
    Manual Removal may need to be effected via the command prompt in safe mode
    or bootable dos disk. One may also need to do a post eradication repair install of the operating system since "sfc /scannow" may be unreliable for post clean up repairs.

    Since this scamware has the potential for other uninvited pests, like potential rootkits, the safest course of action would be a total reformat & clean install.

    Delete palladium antivirus files:

    delete palladium antivirus registry entries:
    palladium pro manual removal guide:
    delete palladium pro files:
    %desktop%\palladium for windows.lnk
    %programs%\palladium for windows.lnk
    delete palladium pro registry entries:
    hkcu\software\microsoft\windows nt\currentversion\winlogon shell=”%appdata%\palladium.exe”
    hkus\s-1-5-21-121440339-1343024091-1060284298-1004\software\microsoft\windows nt\currentversion\winlogon shell=”%appdata%\palladium.exe”

  3. #3
    3 Star Lounger
    Join Date
    Jan 2011
    Thanked 2 Times in 2 Posts
    Clint..... Thanks for the tips.....

    I think I will have to opt for the total re-install, because Windows is damaged beyond repair - there is no file called explorer.exe ...... The trojan knocked that out somehow!

    I will obviously be very careful when trying to recover information and data. I don't want to re-infect the machine with bad data!

    I thought it would be a good thing to warn others that this is a really nasty one - be careful and certainly don't make any payments to these scammers........!

  4. #4
    Join Date
    Dec 2009
    Lubbock, TX
    Thanked 0 Times in 0 Posts
    Exact instructions for its removal without doing a complete reinstall. This one came out I believe Jan 1 of this year and bleeping computer had the fix up pretty quick. Its a bad bug, but you don't have to reinstall.

    Actually, when you terminated palladium, you needed to restart your explorer and fix the shell. Then you would not have had to reinstall. Hope this helps.

    1. When the Task Manager starts, click on the Processes tab.
    2. You will now be at the Processes tab as shown in the image below.

      When you are at the above screen, scroll down through the list of running processes and left-click once on the palladium.exe process.
    3. Once the palladium.exe process is higlighted, click on the End Process button. When you press this button, Windows will ask if you are sure you want to terminate the process. You should press the Yes button to terminate it.
    4. Palladium Pro will now be terminated and you will be at a blank screen with Task Manager running. Now click on the File menu and select New Task (Run...) from the menu.
    5. When the Create New Task prompt appears, type explorer.exe into the Open: field and press the OK button. After a minute or so you should be back at your Windows desktop.
    6. Now that we have the Windows desktop back, the first thing we have to do is fix your Windows Registry Shell value. If we do not fix this entry and palladium.exe is deleted, then your Windows desktop will not be displayed the next time you reboot.

      To fix the Shell entry, simple download the following file to your desktop. If you are having trouble downloading the file, try right-clicking on it and selecting Save as.

      Shell.reg Download Link

    I did a little searching and microsoft also has a link for that shell file too. I know its late for you, but hoping that if someone else gets the bug, they can fix it the easy way.
    Last edited by physician97; 2011-02-10 at 08:47. Reason: updated info

  5. #5
    3 Star Lounger
    Join Date
    Jan 2011
    Thanked 2 Times in 2 Posts
    That's pretty much the repair solution suggested by most sites that I looked at. The problem is that somehow Palladium managed to remove explorer.exe.... I used an Ubuntu Live CD to view the files on the drive, and explorer.exe was gone.....

    No alternative but to re-install.... so a day or so later, the machine was back up and running, with all the data intact! (I scanned all the data first with Sophos before putting it back!) It's all back to normal again!

    Thanks for the support!

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts