Go Back   Computer Forums > General Computing > Hardware
Click Here to Login
Join Computer forums Today


Reply
 
Thread Tools Search this Thread Display Modes
 
Old 10-17-2005, 02:04 PM   #1
In Runtime
 
Join Date: Aug 2004
Posts: 223
Default SPYWARE - How do I remove it?

Just a few weeks ago i reformatted my whole system. I reinstalled everything including McAfee Virus Scan 2005 and Spybot Search & Destroy as well as Lavasoft Ad-Aware6. I was downloading some movie codec packs and one of them must have contained a trojan because my virus alert came up during the install. I went ahead and scaned for virus as well as used both spyware removers to try and get rid of this program but so far no luck.

The program has flashing alerts in my taskbar every so often and when i click them it brings up pop-ups. Also automatic pop-ups come up every 10 minutes or so. It is very annoying and its called PC-Guard. Is there a way to remove this spyware?

Thanks in advance
-rymort
__________________

rymort is offline   Reply With Quote
Old 10-17-2005, 02:11 PM   #2
Golden Master
 
Kage's Avatar
 
Join Date: Nov 2004
Posts: 13,873
Send a message via MSN to Kage
Default Re: SPYWARE - How do I remove it?

Hmm...usually if there are viruses/trogans in a downloaded file, the Antivirus will warn you, and stop the download progress while you decide what to do. Usually that means that it will delete the entire downloaded file, and your computer won't get infected from the start...

Anyhow, PC-Guard...

I think it actually comes with your internet connection. I've done some searches, and I can't find it to be a trogan or anything.

Go to the Start menu, and find the Startup tab. If its listed there, delete it, and it won't start up again when the computer boots back up.

If its not listed there, check in the Add/Remove programs.

I hope this helps
__________________

__________________
Abit IP35 Pro / Q6600 G0 / Zalman 9700 / 8800GTS 640mb / 4x 2GB Corsair XMS / X-FI Xtreme M / 1x 1TB / Antec 900 / Logitech Z-5500 / Samsung 20inch
Kage is offline   Reply With Quote
Old 10-17-2005, 02:28 PM   #3
In Runtime
 
Join Date: Aug 2004
Posts: 223
Default Re: SPYWARE - How do I remove it?

I checked start-up as well as went into Start menu > Run > msconfig and nothing in there either.

It was a .exe file that i downloaded and once i ran it it installed this advertising spyware...

one of the pop-ups are this as well
http://spy-trooper.com

I went into add-remove prgrams and it isnt in ther either.
rymort is offline   Reply With Quote
Old 10-17-2005, 02:42 PM   #4
In Runtime
 
Join Date: Aug 2004
Posts: 223
Default Re: SPYWARE - How do I remove it?

http://img120.imageshack.us/img120/2807/spam12tb.jpg

is one of the pop-ups that just came up as a result of this Spyware


Edit: I will link more as they come up.
Edit*: Heres the little alert in my taskbar that wont go away unless i goto theirsite.
http://img207.imageshack.us/img207/7254/spam27cn.jpg

Edit**: Another website it forced me to was http://www.worldantispy.com
rymort is offline   Reply With Quote
Old 10-17-2005, 03:55 PM   #5
In Runtime
 
Join Date: Aug 2004
Posts: 223
Default Re: SPYWARE - How do I remove it?

The website where i originally thought i was downloading a video codec pack but downloaded this spyware is: http://www.vcodec.com
rymort is offline   Reply With Quote
Old 10-17-2005, 04:00 PM   #6
In Runtime
 
Join Date: Aug 2004
Posts: 223
Default Re: SPYWARE - How do I remove it?

MORE crap spyware, this is a error message that takes me out of games.

http://img20.imageshack.us/img20/4749/spam38cx.jpg
rymort is offline   Reply With Quote
Old 10-17-2005, 04:06 PM   #7
In Runtime
 
Join Date: Aug 2004
Posts: 223
Default Re: SPYWARE - How do I remove it?

I went and downloaded Hijack This and was hoping some of you could help me decide what to delete.

Also I apoligize for so many posts, I just really want to get rid of this


Logfile of HijackThis v1.99.1
Scan saved at 4:00:39 PM, on 10/17/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9 AA.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
c:\program files\mcafee.com\mps\mscifapp.exe
C:\WINDOWS\system32\intmonp.exe
C:\WINDOWS\system32\msole32.exe
C:\WINDOWS\system32\shnlog.exe
C:\WINDOWS\system32\intmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\popuper.exe
C:\Documents and Settings\Ryan\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.fuck-portal.com
R3 - URLSearchHook: Cram Toolbar - {01E69986-A054-4C52-ABE8-EF63DF1C5211} - C:\Program Files\Cram Toolbar\untitled.dll (file missing)
F2 - REG:system.ini: Shell=Explorer.exe, msmsgs.exe
O2 - BHO: HP Class - {FFFFFFFF-FFFF-FFFF-FFFF-FFFFFFFFFFFA} - C:\WINDOWS\system32\hp5C2B.tmp
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: Cram Toolbar - {01E69986-A054-4C52-ABE8-EF63DF1C5211} - C:\Program Files\Cram Toolbar\untitled.dll (file missing)
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [MPSExe] c:\PROGRA~1\mcafee.com\mps\mscifapp.exe /embedding
O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MskDetct.exe /startup
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [WordPerfect Office 1215] C:\Program Files\WordPerfect Office 12\Programs\Registration.exe /title="WordPerfect Office 12" /date=102505 serial=WS12WTX-9999998-UYR
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [EPSON Stylus CX4600 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9 AA.EXE /P26 "EPSON Stylus CX4600 Series" /O6 "USB001" /M "Stylus CX4600"
O4 - HKLM\..\Run: [RegSvr32] C:\WINDOWS\system32\msmsgs.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [Steam] C:\Program Files\Steam\Steam.exe -silent
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/sh...0/mcinsctl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsof...?1128966852890
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1128966845703
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/sh...23/mcgdmgr.cab
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Filter: text/html - {03974811-C15F-462c-B6B0-2D2336AA57D0} - (no file)
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - McAfee, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
O23 - Service: Qian350u - Sonic Solutions - (no file)
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPSer
rymort is offline   Reply With Quote
Old 10-17-2005, 04:07 PM   #8
Baseband Member
 
Join Date: Sep 2005
Posts: 74
Send a message via AIM to jollybluegiant Send a message via Yahoo to jollybluegiant
Default Re: SPYWARE - How do I remove it?

Hmmmm...well, get all the programs necessary to get rig of anything like:
<<spybot search and destroy 1.4
<<Ad-aware 1.06 (Professional edition if you can find it for free)
<<Spywareblaster (little spyware firewall)
<<Hijack This (learn about what it finds before you delete it because it lists EVERYTHING)
<<Trojan Hunter

those right there should be enough to get rid of it. If you still cant get rid of it, do some research on what its doing (error messages) once you identify it, then find a removal tool. STILL cant get rid of it, find the name of the virus(es) in start> run> regedit and delete them, not the whole folder its in thoug....just the file.

*Edit* LOL NICE STARTING IE PAGE!!!!!! OMG................didnt your mother ever tell you those sites are able to GIVE YOU VIRUSES AND/OR SPYWARE!?!?!?
jollybluegiant is offline   Reply With Quote
Old 10-17-2005, 04:20 PM   #9
In Runtime
 
Join Date: Aug 2004
Posts: 223
Default Re: SPYWARE - How do I remove it?

Thanks ill give this a try
rymort is offline   Reply With Quote
Old 10-17-2005, 05:16 PM   #10
In Runtime
 
Join Date: Aug 2004
Posts: 223
Default Re: SPYWARE - How do I remove it?

Quote:
*Edit* LOL NICE STARTING IE PAGE!!!!!! OMG................didnt your mother ever tell you those sites are able to GIVE YOU VIRUSES AND/OR SPYWARE!?!?!?

what page?
__________________

rymort is offline   Reply With Quote
Reply

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off



All times are GMT -5. The time now is 12:35 AM.


Powered by vBulletin® Version 3.8.8 Beta 4
Copyright ©2000 - 2017, vBulletin Solutions, Inc.
Search Engine Friendly URLs by vBSEO 3.6.0