PDA

View Full Version : No cure found...HELP!



craig
2005-10-29, 19:43
Hi everyone, new here because you guessed it, computer really infected...
I have run several virus / antiSpy / ad-ware programs and can not get rid of it. Spybot shows it embedded in;
HKEY_Local_Machine:software\psguard.com\
I tried to edit it out and no luck. On rebooting my computer it registered a fatal error and wanted to boot in safe mode.
When I go to the internet (IE) I get immediatly redirected to the spyware page that probably has infected me.
I now get periodic pop-ups saying your computer is infected..... Goes on and on
I use Norton Anti Virus always, now running Ad-Aware SE Personal, Microsoft Antispyware (Beta), and Spybot-S&D. any ideas where to go from here, seems to be propergating (just another pop-up) through my computer.
Can anyone help with this?
Thanks
Craig

tashi
2005-10-29, 20:05
Hello craig, welcome to the forum. :)

We are not currently setup to work HJT logs (which helpers use to remove infections)

Certainly you could post a Spybot-S&D log for us to see what is going on with the system and if there are any new variants in the infection which could be added to our database to help prevent such.

If you would like to do that:
Spybot-S&D
Open SpyBot, check for and get any updates available, close all browsers, check for problems and fix everything found. Then on the toolbar menu select mode and switch to advanced mode, on the left lower down select tools, and view report, ensure all the options are selected near the bottom except (Spybot version 1.4)

uncheck[ ] Include a list of services in report.
Uncheck[ ] Include uninstall list in report.

Now select (near the top) view report.
Press export in the save in box choose a place such as your my documents folder, then in your next post near the bottom select the "browse" button; navigate to and attach that report.

If you have any problems attaching the Spybot log please go ahead and copy paste the log.

If you are running an older version of Spybot-S&D.

Spybot-S&D 1.4 Final has been released.
Uninstalling Previous Spybot-S&D (http://www.safer-networking.org/en/faq/27.html)
Spybot-S&D Version 1.4 Download (http://www.spybot.info/en/download/index.html)

Tutorial (http://www.spybot.info/en/tutorial/index.html)

If you would prefer to go straight to a site with a malware removal forum.

A good place to start:
http://asap.maddoktor2.com/

Chose a site from the list on the left hand side of that page.
It is a long list so to shorten it in no particular order:

TomCoyote
MalWare Removal
Atribune.org
BleepingComputer
Spyware Warrior
Subratam.org

Once at the site read the procedure for posting a HJT log, start your own topic and an authorized helper will assist you as soon as possible.

Be sure to read the site's faqs for tips on prevention and tightening up your computer security.

Hope that helps. :)

md usa spybot fan
2005-10-29, 20:14
In addition:

You said that you are running Norton Anti Virus. See if this looks like what you have:
Trojan.Desktophijack.C
http://securityresponse.symantec.com/avcenter/venc/data/trojan.desktophijack.c.html

craig
2005-10-29, 20:34
--- Report generated: 2005-10-28 09:21 ---

Avenue A, Inc.: Tracking cookie (Firefox: default) (Cookie, fixed)


MediaPlex: Tracking cookie (Firefox: default) (Cookie, fixed)



--- Spybot - Search & Destroy version: 1.4 (build: 20050523) ---

2005-05-31 blindman.exe (1.0.0.1)
2005-05-31 SpybotSD.exe (1.4.0.3)
2005-05-31 TeaTimer.exe (1.4.0.2)
2005-10-25 unins000.exe (51.41.0.0)
2005-05-31 Update.exe (1.4.0.0)
2005-05-31 advcheck.dll (1.0.2.0)
2005-05-31 aports.dll (2.1.0.0)
2005-05-31 borlndmm.dll (7.0.4.453)
2005-05-31 delphimm.dll (7.0.4.453)
2005-05-31 Tools.dll (2.0.0.2)
2005-05-31 UnzDll.dll (1.73.1.1)
2005-05-31 ZipDll.dll (1.73.2.0)
2005-10-21 Includes\Cookies.sbi (*)
2005-10-21 Includes\Dialer.sbi (*)
2005-10-21 Includes\Hijackers.sbi (*)
2005-10-21 Includes\Keyloggers.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2005-10-21 Includes\Malware.sbi (*)
2005-10-21 Includes\PUPS.sbi (*)
2005-10-21 Includes\Revision.sbi (*)
2005-10-21 Includes\Security.sbi (*)
2005-10-21 Includes\Spybots.sbi (*)
2005-02-16 Includes\Tracks.uti
2005-10-21 Includes\Trojans.sbi (*)

tashi
2005-10-29, 20:49
Hello craig, the log is showing the header only.

If you follow the directions I posted you will get quite a long log.

Thanks.

craig
2005-10-29, 20:51
I'm also running the most up-to-date norton professional antivirus software with auto updating for new definitions. Who knows...The HKEY has me baffled, it's where most, if not the whole problem, virus lives. psguard.com is the culpert, I tried deleating it out but unable to. I am now periodically getting an icon in my menu bar (yellow triangle with ! in middle) and pop-ups saying your computer is infected.
I was hoping that one of the software products offered here would fix it but don't just want to throw money away and no fix. Any suggestions, I'm running the free download from Spybot.
Thanks
Craig

craig
2005-10-29, 21:01
Will not let me upload the report, It states "To big" !

tashi
2005-10-30, 02:42
Ok.
I was unsure the upload would take the log if it was very large and that is why I said.

If you have any problems attaching the Spybot log please go ahead and copy paste the log. :)