-
March 10th, 2005, 01:18 AM
#1
Junior Member
Whats the deal with Security iGuard?
This has been pissing me off for a while now and Ive done everything I could think of to stop it. This pos anti-spyware program continues to find its way onto my computer, Ive even written a few policies to try to remove the ability to have a file named "Security iGuard.exe" on my comp as well as puttung a phantom program with the same name and drivers...it overwrites them and I cant find out which port its coming in on or the ip of whoever keeps sending it to me. If someone could shed some light on the situation id be eternally gratefull
(also I cant keep my damned homepage from resetting itself to http://letgohome.com/hp.htm?id=9 )
-
March 10th, 2005, 02:05 AM
#2
Are you sure you've ever successfully removed it? It could just be reinstalling itself either a) on reboot b) when it notices the files are missing. How exactly are your trying to remove it?
- Xierox
"Personality is only ripe when a man has made the truth his own."
-- Søren Kierkegaard
-
March 10th, 2005, 02:09 AM
#3
Ola SoroDudeman
Well you probably ought to run "Hijack This" and post the log so the folks can take a look at it. If you don't have it, download it from: Click here and then post the log.
And surfing habits might have to change some after you get it cleaned out
cheers
Edit: And ditto
Are you sure you've ever successfully removed it? It could just be reinstalling itself either a) on reboot b) when it notices the files are missing. How exactly are your trying to remove it?
- Xierox
_________
Connection refused, try again later.
-
March 10th, 2005, 02:16 AM
#4
Re: Whats the deal with Security iGuard?
Originally posted here by SoroDudeman
This has been pissing me off for a while now and Ive done everything I could think of to stop it. This pos anti-spyware program continues to find its way onto my computer, Ive even written a few policies to try to remove the ability to have a file named "Security iGuard.exe" on my comp as well as puttung a phantom program with the same name and drivers...it overwrites them and I cant find out which port its coming in on or the ip of whoever keeps sending it to me. If someone could shed some light on the situation id be eternally gratefull
(also I cant keep my damned homepage from resetting itself to http://letgohome.com/hp.htm?id=9 )
As above from Relyt
Also:-
See here for info:-- Then come back if you cannot solve your problem
http://www.google.com/search?sourcei...Guard%2Eexe%22
Computer says no
(Carol Beer)
-
March 10th, 2005, 04:56 AM
#5
Junior Member
here' goes...
Logfile of HijackThis v1.99.1
Scan saved at 8:42:40 PM, on 3/9/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton Personal Firewall\NISUM.EXE
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Norton Personal Firewall\ccPxySvc.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\System32\vscp9r72tpthd.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
C:\WINDOWS\System32\hphmon03.exe
C:\Program Files\Norton SystemWorks\Norton CleanSweep\csinsmnt.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ntvdm.exe
C:\WINDOWS\System32\HPHipm09.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\RJ\Desktop\HijackThis.exe
C:\Program Files\Messenger\msmsgs.exe
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://letgohome.com/sp.htm?id=9
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://letgohome.com/sp.htm?id=9
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://letgohome.com/hp.htm?id=9
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://letgohome.com/hp.htm?id=9
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://letgohome.com/hp.htm?id=9
O2 - BHO: (no name) - {467FAEB2-5F5B-4c81-BAE0-2A4752CA7F4E} - C:\WINDOWS\System32\L8JM2I~1.DLL
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [TCASUTIEXE] TCAUDIAG.exe -off
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Control handler] C:\WINDOWS\System32\vscp9r72tpthd.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [HPHmon03] C:\WINDOWS\System32\hphmon03.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Security iGuard] C:\Program Files\Security iGuard\Security iGuard.exe
O4 - Global Startup: CleanSweep Smart Sweep-Internet Sweep.LNK = C:\Program Files\Norton SystemWorks\Norton CleanSweep\csinsmnt.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Microsoft AntiSpyware helper - {2A792617-460E-4D75-B265-B01C9DC1F979} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {2A792617-460E-4D75-B265-B01C9DC1F979} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {47529011-D8A0-4F9F-9B40-EC658A5CCF8C} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {47529011-D8A0-4F9F-9B40-EC658A5CCF8C} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {6EBFBD6C-92EB-4E0C-91F8-FD273BD2A5DD} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {6EBFBD6C-92EB-4E0C-91F8-FD273BD2A5DD} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {A09868F2-57F3-46F6-A3CD-4B1775A9FF65} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {A09868F2-57F3-46F6-A3CD-4B1775A9FF65} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {C5671E81-93A7-4D78-9F92-5567962ECB89} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {C5671E81-93A7-4D78-9F92-5567962ECB89} - (no file) (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.co...?1109202796843
O20 - AppInit_DLLs: 913lx34t3uy7c9dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Proxy Service (ccPxySvc) - Symantec Corporation - C:\Program Files\Norton Personal Firewall\ccPxySvc.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Personal Firewall Accounts Manager (NISUM) - Symantec Corporation - C:\Program Files\Norton Personal Firewall\NISUM.EXE
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver - HP - C:\WINDOWS\System32\HPHipm09.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
heh<<>>
Are you sure you've ever successfully removed it? It could just be reinstalling itself either a) on reboot b) when it notices the files are missing. How exactly are your trying to remove it?
Ive use several methods of deleting it...they are as followes:
the uninstall integrated with the program itself
ive simply deleted the files themselve and placed false files in their places
ive found the file that loads the program on my computer in the first place and deleted it
Ive locked out the filename in the windows management console
and with everything ive done, ive deleted its registry keys and even placed false key in there places...
and im at a loss for what to do *tears out a chunk of hair*
...ive also used the "fix problems" key in hijack this(which seems to work for a time then it comes back)
-
March 10th, 2005, 05:06 AM
#6
Until the time when one of the seniors can review your HijackThis log and tell you what to remove, I would suggest trying Ad-Aware SE and Spybot: Search and Destroy. Run both of these from Safe Mode. (I'm assuming you know how to get into Safe Mode. If you don't, try a Google search or ask here.) I'd recommend removing everything they catch. See how that works for ya.
- Xierox
"Personality is only ripe when a man has made the truth his own."
-- Søren Kierkegaard
-
March 10th, 2005, 11:28 AM
#7
those look like they are ausing some trouble. Im not the best at hijackthis logs but if it were mine Id start with deleting those. But make sure you keep a nice backup so if something goes wrong youre not hosed.
-
March 11th, 2005, 03:27 AM
#8
Junior Member
ive used spybot, adaware, spywareblaster, and stopzilla.
-
March 11th, 2005, 03:40 AM
#9
Originally posted here by SoroDudeman
ive used spybot, adaware, spywareblaster, and stopzilla.
From safe mode?
- X
"Personality is only ripe when a man has made the truth his own."
-- Søren Kierkegaard
-
March 11th, 2005, 07:22 AM
#10
Junior Member
yep...and norton windoctor
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|