smitfraud / PSGuard

  • Thread starter Thread starter Rich R
  • Start date Start date
R

Rich R

some time ago i had to remove this pest from a users
computer. MSAS didnt see it at all.

just today the same user had another computer on his
network with the same problem, MSAS was installed, yet
STILL doent see it.

it's called smitfraud or PSguard, and turns your desktop
black, puts a ghostbusters icon on the desktop, and
blocks all access to desktop settings so you cant remove
the active desktop it creates (wppp.html)

also runs intell32.exe in the background.

plus it addes a reg key with null pointers or something
so you cane remove it using regedit(why?)

this is a MAJOR pain in the rectum and i'm wondering why
it's not in MSAS yet? i'd understand if it couldnt remove
it properly for a while, but it's not even detected!

what's the state of play on this? what's the intention?
why the delay? is work still going on on MSAS or has it
been abandoned for that new onecare thingo (which i cant
try yet, i'm in the UK)

there is a tool (open source i think) called smitrem
which i found after a good few hours of trawling (back
then, not now) which removes it.

cheers then!
Rich R
 
Rich R said:
some time ago i had to remove this pest from a users
computer. MSAS didnt see it at all.

just today the same user had another computer on his
network with the same problem, MSAS was installed, yet
STILL doent see it.

it's called smitfraud or PSguard, and turns your desktop
black, puts a ghostbusters icon on the desktop, and
blocks all access to desktop settings so you cant remove
the active desktop it creates (wppp.html)

also runs intell32.exe in the background.

plus it addes a reg key with null pointers or something
so you cane remove it using regedit(why?)

this is a MAJOR pain in the rectum and i'm wondering why
it's not in MSAS yet? i'd understand if it couldnt remove
it properly for a while, but it's not even detected!

what's the state of play on this? what's the intention?
why the delay? is work still going on on MSAS or has it
been abandoned for that new onecare thingo (which i cant
try yet, i'm in the UK)

there is a tool (open source i think) called smitrem
which i found after a good few hours of trawling (back
then, not now) which removes it.
Click to expand...

If no joy with MSAS, try these tools;
<http://www.bleepingcomputer.com/for...itfraud-Quicknavigate-VirtualMaid-t17258.html>
<http://castlecops.com/s10515-PSGuard_spyware_remover.html>

The above are similar in nature and can be removed via the first URL, above.

If you are unable to accomplish this, try this;
Download and run HijackThis;
(http://aumha.org/downloads/hijackthis.zip)
Read this Tutorial *before* first use;
(http://www.bleepingcomputer.com/forums/index.php?showtutorial=42)
Once done > run HijackThis > save a scan log and post it to /any/ of the
following (expert) forums for analysis.
*Note, registration is required prior to posting a log.
- Not listed in any particular order -
(http://aumha.net/viewforum.php?f=30)
(http://www.bleepingcomputer.com/forums/forum22.html)
(http://www.dslreports.com/forum/security)
(http://castlecops.com/forum67.html)
(http://www.cybertechhelp.com/forums/forumdisplay.php?f=25)
(http://www.geekstogo.com/forum/Malware_Removal_HiJackThis_Logs_Go_Here-f37.html)
(http://gladiator-antivirus.com/forum/index.php?showforum=170)
(http://forum.iamnotageek.com/f-130.html)
(http://forums.maddoktor2.com/index.php?showforum=17)
(http://www.spywarewarrior.com/viewforum.php?f=5)
(http://forums.spywareinfo.com/index.php?showforum=18)
(http://forums.techguy.org/f54-s.html)
(http://forums.tomcoyote.org/index.php?showforum=27)
(http://forums.subratam.org/index.php?showforum=7)

Silj

--
siljaline

MS - MVP Windows (IE/OE) & Security, AH-VSOP
_________________________________________
Security Tools Updates
http://aumha.net/viewforum.php?f=31

(Reply to group, as return address
is invalid - that we may all benefit)
 
Back
Top