britishtrident
|
| posted on 9/8/05 at 08:07 AM |
|
|
Beware PSGuard --- very nasty trojan
I just spent 8 hours trying to sort out a nasty malware infection for a client, his son had been on porn sites and picked up a nasty trojan (?).
PSGuard is really difficult to get rid of manually and most of the major virus packages are at best only partially effective at clearing it.
It is technically hostage ware --- pay a ransom or the computer is toast.
My best advice so fare is don't visit dodgey sites, use Fire Fox for browsing, update your virus scanner, update ad-aware and get a fresh copy
of HiJackThis. Above all don't click on any links that claim your computer is infected with spyware.
[Edited on 9/8/05 by britishtrident]
|
|
|
|
|
G3OFF
|
| posted on 9/8/05 at 08:32 AM |
|
|
just a tip.. but i was working for a client who had a really bad case of this psguard a month ago
get this program "ewido security suite" free 30 day trial from there website and scan and remove from your machine over and over again..
eventualy it does manage to remove psguard.. but it does take about 10 scans
no such thing as to much power......
|
|
|
bob
|
| posted on 9/8/05 at 08:34 AM |
|
|
Thanks for the warning.
Its funny how the children always get the blame for surfing porn sites was'nt me love it must have been our lad
|
|
|
britishtrident
|
| posted on 9/8/05 at 09:11 AM |
|
|
quote:
Originally posted by G3OFF
just a tip.. but i was working for a client who had a really bad case of this psguard a month ago
get this program "ewido security suite" free 30 day trial from there website and scan and remove from your machine over and over again..
eventualy it does manage to remove psguard.. but it does take about 10 scans
problem is it is a Win ME pc Ewido is NT/Xp only :-(
|
|
|
britishtrident
|
| posted on 9/8/05 at 09:14 AM |
|
|
quote:
Originally posted by bob
Thanks for the warning.
Its funny how the children always get the blame for surfing porn siteswas'nt me love it must have been our lad
His dad only uses the laptop which he takes to spain with him cause he dosen't trust the lad (23!) with it. Give away was the sextracker and
adultfriendfinder cookies.
|
|
|
Hellfire
|
| posted on 9/8/05 at 03:55 PM |
|
|
there is also some spyware which comes in the guise of constantly changing wallpaper (via weblink) is infects and rewrites all over the f****g place.
It also has a nasty habit of re-writing itself very deep in system files. Hijack doesn't pick it up always.... they are getting for ever
cleverer at misleading and hiding!!!
I spent 2 hours trying to delete one for a customer of mine... in the end I gave up! It was in the network!
|
|
|
britishtrident
|
| posted on 11/8/05 at 03:17 PM |
|
|
Yes thats PSGuard, the anti-virus programs are only in the last couple of days getting semi-effective against it it took me 8 hours combined effort
with Ad-aware, Hi-jackThis, AVG, FreeAV, with hand editing of the registry, and downloading a couple of fresh dll files.
Even after that it took about 7 or 8 sweeps with the very latest updates to clear it -- it seems to hide very deeply indeed and reinfect from 5
different files spread around the disc.
I made no progress clearing it at all until I disconnected from the router.
I gave him the PC back with a dual boot Mepis Linux /Win ME when I left he was very happily using Mepis browsing the net -- 24+ hours so far no calls
:-)
|
|
|
