Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Need New Intell32 & PSGuard Help... [RESOLVED]


  • This topic is locked This topic is locked

#151
totenkopff

totenkopff

    Member

  • Topic Starter
  • Member
  • PipPip
  • 95 posts
Alrighty...I suppose it must have worked! The copy of the "wininet.dll" on my desktop is now gone.

So it must have replaced the old one. Should I run SmitRem to check if it's clean?

And if it is...what next?

PS- I have to leave soon, unfortunately I cannot get out of it. So if I don't reply again real quick, I will be back online to check with you later tonight. Your help has been greatly appreciated...more than I can express in words.

Thanks again!!!:tazz:
  • 0

Advertisements


#152
loophole

loophole

    Malware Expert

  • Retired Staff
  • 9,798 posts
please check it :tazz:
  • 0

#153
loophole

loophole

    Malware Expert

  • Retired Staff
  • 9,798 posts
Cmon Cmon Let me know......lol :tazz: :)
  • 0

#154
totenkopff

totenkopff

    Member

  • Topic Starter
  • Member
  • PipPip
  • 95 posts
Jumpin' Jehosephat!!!! It's clean...! Here's the SmitRem Log:


smitRem log file
version 2.3

by noahdfear


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Pre-run Files Present


~~~ Program Files ~~~



~~~ Shortcuts ~~~

PSGuard spyware remover.lnk
quick launch PSGuard spyware remover.lnk


~~~ Favorites ~~~



~~~ system folder ~~~


oleext.dll


~~~ Icons in system folder ~~~



~~~ Windows directory ~~~



~~~ Drive root ~~~



~~~~ wininet.dll ~~~~

wininet.dll Present!!


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Post-run Files Present


~~~ Program Files ~~~



~~~ Shortcuts ~~~

PSGuard spyware remover.lnk
quick launch PSGuard spyware remover.lnk


~~~ Favorites ~~~



~~~ system folder ~~~


oleext.dll


~~~ Icons in system folder ~~~



~~~ Windows directory ~~~



~~~ Drive root ~~~



~~~~ wininet.dll ~~~~

wininet.dll Clean!! :tazz:
__________________________________________

I knew you could do it...!!!! I amazed that KillBox was the solution all along! Well, at least the world knows now!
If it can clean my effed up Win98 computer...it can clean anybodys!

So...what direct course of action do I take now? A far as "finishing up" goes...?
Such as AdAwareSE or all the other stuff I've downloaded?
  • 0

#155
totenkopff

totenkopff

    Member

  • Topic Starter
  • Member
  • PipPip
  • 95 posts
Ok...Here's the latest E-Trust Scan:
------------------------------------------

intell32.exe Win32.Spudrag.C infected C:\!Submit\

birdihuy32.dll Win32.Fisec.H infected C:\!Submit\

update.exe Win32.Mitglieder.BA infected C:\Program Files\Internet Explorer\

D263.TMP JS.Seeker.Generic infected C:\Program Files\Trend Micro\PC-cillin 2002\QUARANTINE\

80B4.TMP REG.Seeker infected C:\Program Files\Trend Micro\PC-cillin 2002\QUARANTINE\

oleext.dll Win32.Alemod.I infected C:\WINDOWS\SYSTEM\
---------------------------------------------------------------------
  • 0

#156
loophole

loophole

    Malware Expert

  • Retired Staff
  • 9,798 posts
Delete any psguard icons and shortcuts

Delete these two files

C:\WINDOWS\SYSTEM\oleext.dll
C:\Program Files\Internet Explorer\update.exe

Post another Hijack log

Edited by loophole, 11 September 2005 - 08:36 AM.

  • 0

#157
totenkopff

totenkopff

    Member

  • Topic Starter
  • Member
  • PipPip
  • 95 posts
Cool...All remnants of the PSGuard were removed. As well as the oleext.dll & update.exe. I'm online and no punishments have commenced.... :)

Is it ok to delete the quarantine items in the KillBox "!Submit" folder? I'm still scared to go anywhere NEAR anything that say's "Intell32"...! I can barely look it!

Here's my HJT Log:

Logfile of HijackThis v1.99.1
Scan saved at 8:52:22 AM, on 9/11/05
Platform: Windows 98 Gold (Win9x 4.10.1998)
MSIE: Unable to get Internet Explorer version!

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON UTILITIES\NPROTECT.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\MEDIASCAPE\ONE-TOUCH MULTIMEDIA KEYBOARD\KEYBDMGR.EXE
C:\WINDOWS\TASKMON.EXE
C:\PROGRAM FILES\MEDIASCAPE\ONE-TOUCH MULTIMEDIA KEYBOARD\MMKEYBD.EXE
C:\PROGRA~1\MEDIAS~1\ONSCRE~1\OSD.EXE
C:\HJT\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by EarthLink
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [Keyboard Manager] C:\Program Files\Mediascape\One-touch Multimedia Keyboard\KeybdMgr.exe
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [NPROTECT] C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [NPROTECT] C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O4 - Startup: America Online 7.0 Tray Icon.lnk = C:\Program Files\America Online 7.0\aoltray.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM\Shdocvw.dll
O12 - Plugin for .mov: C:\PROGRA~1\INTERN~1\PLUGINS\npqtw32.dll
O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.c...ers/play365.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/s...nfo/webscan.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (ASquaredScanForm Element) - http://www.windowsec...scan/axscan.cab
------------------------------------------------------------------------------------

Also, question concerning a few of the above "items"...these in particular:
----------------------------------------------------------------------------
The "Earthlink" one...I don't use Earthlink...and I never will again!

The www.live365.com...I don't even know what it is, so I don't want it.

The www.windowsecurity.com...I simply visited the site...I didn't even use it!
Why did they infest me...? I want them to go away...!
----------------------------------------------------------------------------
Other than that...should I still run the "AdAwareSE" and/or SpyBot S&D...?
Just to make sure of any "loose ends"...?

Thanks again...I can't believe we're about finally done... :tazz:
(I'm pretty sure I lost a few marbles over this one...of which I'll never recover!)
  • 0

#158
loophole

loophole

    Malware Expert

  • Retired Staff
  • 9,798 posts
Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below.

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by EarthLink
O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.c...ers/play365.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (ASquaredScanForm Element) - http://www.windowsec...scan/axscan.cab


Now close all windows other than HiJackThis, then click Fix Checked.

You can delete that submit folder

should I still run the "AdAwareSE" and/or SpyBot S&D...?


Cant Hurt :)

Let me know how it goes :tazz:

Edited by loophole, 11 September 2005 - 10:28 AM.

  • 0

#159
totenkopff

totenkopff

    Member

  • Topic Starter
  • Member
  • PipPip
  • 95 posts
Alrighty...good...BOTH AdAwareSE & SpyBot S&D found PLENTY of PSGuard left overs!!

I removed them and am back online...so far so good.

I am now firmly convinced that you are now the single, most authoritive expert on the PSGuard malware! You should put it under your title!

If it should return...I'll now know what to do. THANKS A MILLION!! :)

Any other requests that I should complete...or am I pushing my luck? :tazz:
  • 0

#160
loophole

loophole

    Malware Expert

  • Retired Staff
  • 9,798 posts

Any other requests that I should complete...or am I pushing my luck


Pushin your luck :tazz:

I admire your persistance. You are officialy my longest thread

Good luck to you......and we don't like repeat customers around here :)

your system is clean :)

Here are some tips, to reduce the potential for spyware infection in the future, I strongly recommend installing the following applications:

Detect and Remove Programs:
  • How to use Ad-Aware to remove Spyware <= If you suspect that you have spyware installed on your computer, here are instructions on how to download, install and then use Ad-Aware.
  • How to use Spybot to remove Spyware <= If you suspect that you have spyware installed on your computer, here are instructions on how to download, install and then use Spybot. Similar to Ad-Aware, I strongly recommend both to catch most spyware.
Prevention Programs:
  • Spywareblaster <= SpywareBlaster will prevent spyware from being installed.
  • Spywareguard <= SpywareGuard offers realtime protection from spyware installation attempts.
  • IE/Spyad <= IE/Spyad places over 4000 websites and domains in the IE Restricted list which will severely impair attempts to infect your system. It basically prevents any downloads (Cookies etc) from the sites listed, although you will still be able to connect to the sites.
  • MVPS Hosts file <= The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your coputer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer
  • Google Toolbar <= Get the free google toolbar to help stop pop up windows.
Other necessary Programs:
  • AntiVirus Program<= An AntiVirus program is a must! Whether it is a free version like AVG or Anti-Vir, or a shareware version like Norton or Kapersky, this is a must have.
  • Firewall<= A firewall is definatley a must have. Two good free versions are Sygate and ZoneLabs.
  • More Secure Browser<= Internet Explorer is not the most secure and best browser. There are safer and better alternatives available. I recommend Firefox, however Opera and SlimBrowsers are good as well.
And also see TonyKlein's good advice
So how did I get infected in the first place? and Spyware Aid's spyware article: Spyware, Adware, Malware: What it is, how it got on my computer, how to get rid of it, and how to prevent it.
  • 0

Advertisements


#161
loophole

loophole

    Malware Expert

  • Retired Staff
  • 9,798 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :tazz:

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP