PS Guard . . . . again

[JewishIntent]

ok more stuff i found over at www.msusenet.com is this. It seems to me that they found a way to get rid of the embedded reg key but again the technical talk really makes no sense to me. can any of you guys decipher this and let me know what it is, and could it help me?
the lines starting with > signifies a quote from the previous post

The big issue is I did an OS repair using the Windows Server
> 2003 SP1 installation CD and the entry is still there.

Ya, the "repair" concentrates on OS registry areas for the most
part.

> I don't trust the installation either but have no choice for
> about 5 months.
>
> I think in a previous post you made for sysinternals there was
> something about a C++ registry sample which created and removed
> such keys, can't find the sample do you know where it is?

Ah, if you are a C programmer and can use Native NT APIs then the
information you need is likely to be in the REGHIDE demo.

http://www.sysinternals.com/Informat....html#HiddenKe
ys

reghide.zip 24,749

C:\TEMP>unzip -l reghide.zip
Archive: reghide.zip
Length Date Time Name
-------- ---- ---- ----
38912 98-05-17 22:25 REGHIDE.MDP
5160 98-05-17 22:25 REGHIDE.C
115712 98-05-17 22:25 REGHIDE.NCB
6669 98-05-17 22:25 REGHIDE.MAK
0 98-05-17 22:24 RELEASE/
1691 98-05-17 12:36 REGHIDE.H
4749 98-05-17 22:25 RELEASE/REGHIDE.OBJ
26624 98-05-17 22:25 RELEASE/REGHIDE.EXE
-------- -------
199517 8 files

If that leads you to write a utility... <G>
It's beyond my knowledge and skills but such a little tool could be
useful (and dangerous of course). Hope that gets you somewhere!

--------------------------------------------------------------------------------

Knight Technologies08-19-2005, 04:36 AM
That's just what I needed thank you very much, it's been awhile since I've
messed with C but within a few seconds of analyzing those simple code
snippets I was able to immediately adopt the method to effectively remove
that entry for good.

It appears the method used was the same method as shown in the source code
so using the final step in the removal process came in handy as it's the same
signature, so what I did in simpler terms was changed the existing keys to
match to re-create the effect, the routine already automatically disables
upon clicking OK, thus, it removed the foul registry entry for me, then I did
some minor tidying up in RegEdit to remove the remaining structure.

In simple terms I kicked it's ass.

Thanks again!!!

Also i know that since im posting from work there is really not much to do besides talk about my problem but as soon as i get home today i will be implimenting everything we have talked about and/or decided on and will be finishing coresponding from home to make the fixing process much faster.

[phishphreek]

Originally posted here by nihil
Double post so the link works:

http://elamb.blogharbor.com/hacked/psguardremoval.htm

Full instructions and the tools to get rid of PS Guard

Just a FYI...

You can edit a post and still have it link the urls. For some reason, after your initial submit, it removes the check from " Automatically parse URLs: automatically adds and around internet addresses. " The first option below the reply box. Simply check it off and your link will work right.