Page 1 of 3 123 LastLast
Results 1 to 10 of 28

Thread: Whats the deal with Security iGuard?

  1. #1
    Junior Member
    Join Date
    Mar 2005
    Posts
    9

    Whats the deal with Security iGuard?

    This has been pissing me off for a while now and Ive done everything I could think of to stop it. This pos anti-spyware program continues to find its way onto my computer, Ive even written a few policies to try to remove the ability to have a file named "Security iGuard.exe" on my comp as well as puttung a phantom program with the same name and drivers...it overwrites them and I cant find out which port its coming in on or the ip of whoever keeps sending it to me. If someone could shed some light on the situation id be eternally gratefull



    (also I cant keep my damned homepage from resetting itself to http://letgohome.com/hp.htm?id=9 )

  2. #2
    Hoopy Frood
    Join Date
    Jun 2004
    Posts
    662
    Are you sure you've ever successfully removed it? It could just be reinstalling itself either a) on reboot b) when it notices the files are missing. How exactly are your trying to remove it?

    - Xierox
    "Personality is only ripe when a man has made the truth his own."

    -- Søren Kierkegaard

  3. #3
    Senior Member
    Join Date
    Dec 2003
    Location
    Pacific Northwest
    Posts
    1,675
    Ola SoroDudeman

    Well you probably ought to run "Hijack This" and post the log so the folks can take a look at it. If you don't have it, download it from: Click here and then post the log.

    And surfing habits might have to change some after you get it cleaned out

    cheers

    Edit: And ditto
    Are you sure you've ever successfully removed it? It could just be reinstalling itself either a) on reboot b) when it notices the files are missing. How exactly are your trying to remove it?

    - Xierox
    _________
    Connection refused, try again later.

  4. #4
    AO's Mr Grumpy
    Join Date
    Apr 2003
    Posts
    903

    Re: Whats the deal with Security iGuard?

    Originally posted here by SoroDudeman
    This has been pissing me off for a while now and Ive done everything I could think of to stop it. This pos anti-spyware program continues to find its way onto my computer, Ive even written a few policies to try to remove the ability to have a file named "Security iGuard.exe" on my comp as well as puttung a phantom program with the same name and drivers...it overwrites them and I cant find out which port its coming in on or the ip of whoever keeps sending it to me. If someone could shed some light on the situation id be eternally gratefull

    (also I cant keep my damned homepage from resetting itself to http://letgohome.com/hp.htm?id=9 )
    As above from Relyt

    Also:-

    See here for info:-- Then come back if you cannot solve your problem

    http://www.google.com/search?sourcei...Guard%2Eexe%22
    Computer says no
    (Carol Beer)

  5. #5
    Junior Member
    Join Date
    Mar 2005
    Posts
    9
    here' goes...
    Logfile of HijackThis v1.99.1
    Scan saved at 8:42:40 PM, on 3/9/2005
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
    C:\Program Files\Norton Personal Firewall\NISUM.EXE
    C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
    C:\WINDOWS\System32\nvsvc32.exe
    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
    C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
    C:\Program Files\Norton Personal Firewall\ccPxySvc.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\WINDOWS\System32\vscp9r72tpthd.exe
    C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
    C:\WINDOWS\System32\hphmon03.exe
    C:\Program Files\Norton SystemWorks\Norton CleanSweep\csinsmnt.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\system32\ntvdm.exe
    C:\WINDOWS\System32\HPHipm09.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Documents and Settings\RJ\Desktop\HijackThis.exe
    C:\Program Files\Messenger\msmsgs.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://letgohome.com/sp.htm?id=9
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://letgohome.com/sp.htm?id=9
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://letgohome.com/hp.htm?id=9
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://letgohome.com/hp.htm?id=9
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://letgohome.com/hp.htm?id=9
    O2 - BHO: (no name) - {467FAEB2-5F5B-4c81-BAE0-2A4752CA7F4E} - C:\WINDOWS\System32\L8JM2I~1.DLL
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
    O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
    O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
    O4 - HKLM\..\Run: [TCASUTIEXE] TCAUDIAG.exe -off
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [Control handler] C:\WINDOWS\System32\vscp9r72tpthd.exe
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
    O4 - HKLM\..\Run: [HPHmon03] C:\WINDOWS\System32\hphmon03.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [Security iGuard] C:\Program Files\Security iGuard\Security iGuard.exe
    O4 - Global Startup: CleanSweep Smart Sweep-Internet Sweep.LNK = C:\Program Files\Norton SystemWorks\Norton CleanSweep\csinsmnt.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra button: Microsoft AntiSpyware helper - {2A792617-460E-4D75-B265-B01C9DC1F979} - (no file) (HKCU)
    O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {2A792617-460E-4D75-B265-B01C9DC1F979} - (no file) (HKCU)
    O9 - Extra button: Microsoft AntiSpyware helper - {47529011-D8A0-4F9F-9B40-EC658A5CCF8C} - (no file) (HKCU)
    O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {47529011-D8A0-4F9F-9B40-EC658A5CCF8C} - (no file) (HKCU)
    O9 - Extra button: Microsoft AntiSpyware helper - {6EBFBD6C-92EB-4E0C-91F8-FD273BD2A5DD} - (no file) (HKCU)
    O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {6EBFBD6C-92EB-4E0C-91F8-FD273BD2A5DD} - (no file) (HKCU)
    O9 - Extra button: Microsoft AntiSpyware helper - {A09868F2-57F3-46F6-A3CD-4B1775A9FF65} - (no file) (HKCU)
    O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {A09868F2-57F3-46F6-A3CD-4B1775A9FF65} - (no file) (HKCU)
    O9 - Extra button: Microsoft AntiSpyware helper - {C5671E81-93A7-4D78-9F92-5567962ECB89} - (no file) (HKCU)
    O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {C5671E81-93A7-4D78-9F92-5567962ECB89} - (no file) (HKCU)
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.co...?1109202796843
    O20 - AppInit_DLLs: 913lx34t3uy7c9dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Proxy Service (ccPxySvc) - Symantec Corporation - C:\Program Files\Norton Personal Firewall\ccPxySvc.exe
    O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
    O23 - Service: Norton Personal Firewall Accounts Manager (NISUM) - Symantec Corporation - C:\Program Files\Norton Personal Firewall\NISUM.EXE
    O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: Pml Driver - HP - C:\WINDOWS\System32\HPHipm09.exe
    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
    O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

    heh<<>>

    Are you sure you've ever successfully removed it? It could just be reinstalling itself either a) on reboot b) when it notices the files are missing. How exactly are your trying to remove it?
    Ive use several methods of deleting it...they are as followes:

    the uninstall integrated with the program itself
    ive simply deleted the files themselve and placed false files in their places
    ive found the file that loads the program on my computer in the first place and deleted it
    Ive locked out the filename in the windows management console
    and with everything ive done, ive deleted its registry keys and even placed false key in there places...
    and im at a loss for what to do *tears out a chunk of hair*

    ...ive also used the "fix problems" key in hijack this(which seems to work for a time then it comes back)

  6. #6
    Hoopy Frood
    Join Date
    Jun 2004
    Posts
    662
    Until the time when one of the seniors can review your HijackThis log and tell you what to remove, I would suggest trying Ad-Aware SE and Spybot: Search and Destroy. Run both of these from Safe Mode. (I'm assuming you know how to get into Safe Mode. If you don't, try a Google search or ask here.) I'd recommend removing everything they catch. See how that works for ya.

    - Xierox
    "Personality is only ripe when a man has made the truth his own."

    -- Søren Kierkegaard

  7. #7
    Senior Member
    Join Date
    May 2003
    Posts
    1,199
    R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://letgohome.com/sp.htm?id=9
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://letgohome.com/sp.htm?id=9
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://letgohome.com/hp.htm?id=9
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://letgohome.com/hp.htm?id=9
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://letgohome.com/hp.htm?id=9

    O2 - BHO: (no name) - {467FAEB2-5F5B-4c81-BAE0-2A4752CA7F4E} - C:\WINDOWS\System32\L8JM2I~1.DLL

    O4 - HKLM\..\Run: [Control handler] C:\WINDOWS\System32\vscp9r72tpthd.exe

    O4 - HKLM\..\Run: [Security iGuard] C:\Program Files\Security iGuard\Security iGuard.exe

    those look like they are ausing some trouble. Im not the best at hijackthis logs but if it were mine Id start with deleting those. But make sure you keep a nice backup so if something goes wrong youre not hosed.
    Everyone is going to die, I am just as good of a reason as any.

    http://think-smarter.blogspot.com

  8. #8
    Junior Member
    Join Date
    Mar 2005
    Posts
    9
    ive used spybot, adaware, spywareblaster, and stopzilla.

  9. #9
    Hoopy Frood
    Join Date
    Jun 2004
    Posts
    662
    Originally posted here by SoroDudeman
    ive used spybot, adaware, spywareblaster, and stopzilla.
    From safe mode?

    - X
    "Personality is only ripe when a man has made the truth his own."

    -- Søren Kierkegaard

  10. #10
    Junior Member
    Join Date
    Mar 2005
    Posts
    9
    yep...and norton windoctor

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •