 |
 | Home | Contact Us | FAQ | Search & Site Map | Link to Us |
 | Sign In | Join | Other 45 Sites in Network |
Windows Forum / Windows XP / Security and Administration / September 2005YourSiteBar and PSgaurd
I have removed 1500 virus infected files and about twice as many spyware files. But this PC will not let me get ride of these two files. I have rebooted like sypbot said but it still did not delete the file. I have booted to safe mode and run ad-aware, spybot sd, and microsoft antispyware. I have even tried to delete the reg key manually to no avail. i have tried hijackthis. the pc is XP home any help is greatly appricated. frogman, Three ways to remove it as quickly as possible : 1) Download and install a trial version of Kapersky AV http://www.kaspersky.com/trials?chapter=146481750 Read this to learn how to update and configure it : http://castlecops.com/t106277-Bube_d_aka_Win32_Beavis_Removal_isrvs.html 2) Visit an antispyware forum that specializes in the removal of this malware : http://www.bleepingcomputer.com/forums/forum22.html http://forum.aumha.org/viewforum.php?f=30&sid=7b8d9d88f437602d4f9449031d6837fa http://castlecops.com/f67-Hijackthis_Spyware_Viruses_Worms_Trojans_Oh_My.html http://forums.spywareinfo.com/index.php?showforum=44 Make sure you read the guidlines of the forum you decide on 3) Follow this thread and remove it yourself : http://www.geekstogo.com/forum/Psguard-t62696-s15.html Best of luck... MowGreen [MVP 2003-2005] =============== * 343 * FDNY Never Forgotten =============== > I have removed 1500 virus infected files and about twice as many > spyware files. But this PC will not let me get ride of these two [quoted text clipped - 9 lines] > > any help is greatly appricated. From: "frogman" <frogman7@swbell.net> | I have removed 1500 virus infected files and about twice as many | spyware files. But this PC will not let me get ride of these two [quoted text clipped - 9 lines] | | any help is greatly appricated. I think you are confusing "viruses" with non-viral malware such as adware and spyware. They are NOT the same. If you had "...1500 virus infected files..." then it would be really bad and I would suggest wiping the system and reinstalling the OS from scratch. However, you have indicated NO specific virus names and the software you used target non-viral malware not viruses and thus my conclusion. Unfortunately, you wrote a *very poor* post and state -- "But this PC will not let me get ride of these two files. I have rebooted like sypbot said but it still did not delete the file." However you do NOT state what these files are. It would help if you post the fully qualified path and name of the files purported to be infectors and in need of removal. You also stated you use... "ad-aware, spybot sd" but fail to post version information. I hope that is Ad-aware SE v1.06 and SpyBot Search and Destroy v1.4 and they are fully updated. I suggest downloading, installing and updating BHODemon for any Browser Helper Objects that may be on the PC. BHODemon http://www.definitivesolutions.com/bhodemon.htm Please post the fully qualified path and name of the files purported to be infectors and in need of removal.  SignatureDave http://www.claymania.com/removal-trojan-adware.html http://www.ik-cs.com/got-a-virus.htm I used AVG to clean the virus infected files. It took about 10 passes to get the PC clean. the first time I ran it 450 infected files were found and deleted. the second time i ran it 415 were found then the next time i ran it 319 etc. Yes all the tools are latest versions and updated now on to the current problem. I have run Ad-Aware, MS Antispyware, and Spybot search and destroy both MS Antispyware and Spybot find 2 spyware hits. PSGaurd - HKEY_LOCAL_MACHINE\SOFTWARE\ShudderLTD\PSGUARD YourSiteBar - HKEY_LOCAL_MACHINE\SOFTWARE\YourSiteBar these are registry entries the spyware removel programs say the removed them but when they are run again the same 2 reg entries are caught. I have tried to manually delete the entries but get a can not delete selected key. Error while deleting key. Thank you for all your help I used AVG to clean the virus infected files. It took about 10 passes to get the PC clean. the first time I ran it 450 infected files were found and deleted. the second time i ran it 415 were found then the next time i ran it 319 etc. Yes all the tools are latest versions and updated now on to the current problem. I have run Ad-Aware, MS Antispyware, and Spybot search and destroy both MS Antispyware and Spybot find 2 spyware hits. PSGaurd - HKEY_LOCAL_MACHINE\SOFTWARE\ShudderLTD\PSGUARD YourSiteBar - HKEY_LOCAL_MACHINE\SOFTWARE\YourSiteBar these are registry entries the spyware removel programs say the removed them but when they are run again the same 2 reg entries are caught. I have tried to manually delete the entries but get a can not delete selected key. Error while deleting key. Thank you for all your help From: "frogman" <frogman7@swbell.net> | I used AVG to clean the virus infected files. It took about 10 passes | to get the PC clean. the first time I ran it 450 infected files were | found and deleted. the second time i ran it 415 were found then the | next time i ran it 319 etc. | | Yes all the tools are latest versions and updated < snip > Yikes -- If you had THAT many detected by AVG that is not good ! It is possible that AVG may have missed some viruses, Trojans or other malware. Please use the following tool which provides anti virus scanners from; McAfee, Sophos and Trend Micro. None of which have to pre-exist on your PC. Download MULTI_AV.EXE from the URL -- http://www.ik-cs.com/programs/virtools/Multi_AV.exe It is a self-extracting ZIP file that contains the Kixtart Script Interpreter { http://kixtart.org Kixtart is CareWare } three batch files, five Kixtart scripts, one Link (.LNK) file, a PDF instruction file and two utilities; UNZIP.EXE and WGET.EXE. It will simplify the process of using; Sophos, Trend and McAfee Anti Virus Command Line Scanners to remove viruses, Trojans and various other malware. C:\AV-CLS\StartMenu.BAT -- { or Double-click on 'Start Menu' in C:\AV-CLS} This will bring up the initial menu of choices and should be executed in Normal Mode. This way all the components can be downloaded from each AV vendor’s web site. The choices are; Sophos, Trend, McAfee, Exit the menu and Reboot the PC. You can choose to go to each menu item and just download the needed files or you can download the files and perform a scan in Normal Mode. Once you have downloaded the files needed for each scanner you want to use, you should reboot the PC into Safe Mode [F8 key during boot] and re-run the menu again and choose which scanner you want to run in Safe Mode. It is suggested to run the scanners in both Safe Mode and Normal Mode. When the menu is displayed hitting 'H' or 'h' will bring up a more comprehensive PDF help file. To use this utility, perform the following... Execute; Multi_AV.exe { Note: You must use the default folder C:\AV-CLS } Choose; Unzip Choose; Close Execute; C:\AV-CLS\StartMenu.BAT { or Double-click on 'Start Menu' in C:\AV-CLS } NOTE: You may have to disable your software FireWall or allow WGET.EXE to go through your FireWall to allow it to download the needed AV vendor related files. * * * Please report back your results * * * SignatureDave http://www.claymania.com/removal-trojan-adware.html http://www.ik-cs.com/got-a-virus.htm The process you described found many more problems and made the PC stop having the popup problems but it still did not remove: PSGaurd - HKEY_LOCAL_MACHINE\SOFTWARE\ShudderLTD\PSGUARD YourSiteBar - HKEY_LOCAL_MACHINE\SOFTWARE\YourSiteBar so the next step it to format and reinstall. Thanks for all your help From: "frogman" <frogman7@swbell.net> | The process you described found many more problems and made the PC stop | having the popup problems but it still did not remove: [quoted text clipped - 4 lines] | | Thanks for all your help In this case... I agree with your conclusion. However, you must laern to practice Safe Hex or you will be dealing with future cyclical re-formatting sessions. http://www.claymania.com/safe-hex.html SignatureDave http://www.claymania.com/removal-trojan-adware.html http://www.ik-cs.com/got-a-virus.htm |
Reply to this Message |
 Sign In
 Join
 My Latest Posts My Monitored Threads My Blog My Photo Gallery My Profile My Homepage Start New Thread Enable EMail Alerts Rate this Thread
|
©2008 Advenet LLC Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.