Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

PSGuard [RESOLVED]


  • This topic is locked This topic is locked

#16
Avohir

Avohir

    Visiting Staff

  • Visiting Consultant
  • 1,002 posts
try uninstalling and reinstalling the modem driver. If you dont know how, I can provide instructions
  • 0

Advertisements


#17
rafter

rafter

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
Ok, I did the modem uninstall and reinstall. It went smoothly, but made no difference. I still cannot create a connection to my ISP.
  • 0

#18
rafter

rafter

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
The infected computer is back online. Running the Panda scan sticks on my mailbox files, so now I'm working on getting that cleared up.
  • 0

#19
Avohir

Avohir

    Visiting Staff

  • Visiting Consultant
  • 1,002 posts
please apply the service pack now
  • 0

#20
rafter

rafter

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
Sorry, I should have mentioned that installing SP1a was the immediate first thing I did after getting back online, before I even opened a browser. I had the installation file already downloaded, so I just launched it and it worked. After that was done, I immediately started the Panda scan. After the scan ran for over 16 hours with no end in sight, I have stopped it to see if there is a way to either either cut down on the size of the Netscape mail inbox file it was working on for almost the entire time, or maybe to just use some other cleaner to fix it problem, and then go back to Panda. However, other virus scans, including Panda's own quick fix downloadable app, are not finding infection in that file, only the main Panda program does, so I am wondering if it is possibly a false positive. It finds Exploit/iFrame paired with W32/Gibe.c or W32/Klez.l - around 200 instances were found and fixed after 16 hours. I have no way of knowing how much of the file was cleaned; it could be just the beginning!


BTW, following the instructions below from Microsoft is what fixed my network connection. It looks like doing an inplace reinstallation of the original XP on top of the service pack can disable the network connection and the wizard.

---------------------------------------------------------------
If you cannot reinstall SP1, verify that the Objectname string value is set to LocalSystem in the following registry subkey:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RasMan

After you do this, delete the following registry subkeys. These subkeys on a Windows XP-based computer that does not have SP1 installed can cause the symptoms that this article describes:

•

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RasMan\PPP\EAP\25

•

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RasMan\PPP\EAP\26

To delete these keys, follow these steps.

Note This procedure includes steps to back up the registry keys before you modify them.
1. Click Start, and then click Run.
2. In the Open box, type regedit, and then click OK.
3. Locate and then click the following key in the registry:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RasMan
4. On the File menu, click Export.
5. In the File Name box, type exported rasman key, and then click Save.
6. In the RasMan key, locate and then click the ObjectName string value.

If this value is not set to LocalSystem, follow these steps:
a. On the Edit menu, click Modify.
b. In the Value data box, type LocalSystem, and then click OK.
7. Locate and then double-click the following key in the registry:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RasMan\PPP\EAP\25
8. On the Edit menu, click Delete.
9. Click Yes to confirm that you want to delete the selected registry key.
10. Repeat steps 7 to 9 to delete the following registry key:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RasMan\PPP\EAP\26
11. Quit registry editor, and then restart your computer.
STATUS
Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.
APPLIES TO
• Microsoft Windows XP Professional
• Microsoft Windows XP Home Edition
[Back to the top] Back to the top
Keywords:
kbhotfixserver kbqfe kberrmsg kbprb KB329441
  • 0

#21
Avohir

Avohir

    Visiting Staff

  • Visiting Consultant
  • 1,002 posts
are you still having other problems?
  • 0

#22
rafter

rafter

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
I just ran the whole set of the basic suggested scans again (CleanUp!, AdAware, CWShredder, Spybot, Ewido, and Housecall instead of Panda, plus McAfee's free scan), and there seems to be no remnants of the PSGuard infection left, and just a few little things came up that appear to have been wiped out. I think the machine is fairly clean. I really do think the problem with Panda and my mail is an anomaly. I haven't really been giving the machine any normal usage since all this started, so I'm not sure how that's going to go, but as far as I can tell it is running ok at the moment.

Thanks for your help.
  • 0

#23
Avohir

Avohir

    Visiting Staff

  • Visiting Consultant
  • 1,002 posts
I'm glad you got your problem resolved :tazz:


Here are some tips, to reduce the potential for spyware infection in the future, I strongly recommend installing the following applications:

Detect and Remove Programs:
  • How to use Ad-Aware to remove Spyware <= If you suspect that you have spyware installed on your computer, here are instructions on how to download, install and then use Ad-Aware.
  • How to use Spybot to remove Spyware <= If you suspect that you have spyware installed on your computer, here are instructions on how to download, install and then use Spybot. Similar to Ad-Aware, I strongly recommend both to catch most spyware.
Prevention Programs:
  • Spywareblaster <= SpywareBlaster will prevent spyware from being installed.
  • Spywareguard <= SpywareGuard offers realtime protection from spyware installation attempts.
  • IE/Spyad <= IE/Spyad places over 4000 websites and domains in the IE Restricted list which will severely impair attempts to infect your system. It basically prevents any downloads (Cookies etc) from the sites listed, although you will still be able to connect to the sites.
  • MVPS Hosts file <= The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your coputer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer
  • Google Toolbar <= Get the free google toolbar to help stop pop up windows.
Other necessary Programs:
  • AntiVirus Program<= An AntiVirus program is a must! Whether it is a free version like AVG or Anti-Vir, or a paid product like NOD32 or Kapersky, this is a must have.
  • Firewall<= A firewall is definatley a must have. Two good free versions are Sygate and Kerio.
  • More Secure Browser<= Internet Explorer is not the most secure and best browser. There are safer and better alternatives available. I recommend Firefox or Opera

And also see TonyKlein's good advice
So how did I get infected in the first place? and AntiSpyware Net's spyware article: Spyware, Adware, Malware: What it is, how it got on my computer, how to get rid of it, and how to prevent it.
  • 0

#24
Avohir

Avohir

    Visiting Staff

  • Visiting Consultant
  • 1,002 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :tazz:

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP