microsoft anitspyware cannot protect you from "Prutect"

[Clam]

Even I installed the microsoft antispyware in my computer
and turned on the real time protection, my computer still
gets infected by "Prutect". It can shut down anitspyware
program and firewall. I tried to clean it with microsoft
antispyware but the "Prutect" comes back everytime I
reboot the system. Is there anyone know how to remove it?
I believe I got infected from www.addictinggames.com or
www.iconcave.com

 

[Russ Pyne]

Clam,

Try this, please report back.

http://www.microsoft.com/security/malwareremove/default.mspx

Russ Pyne

 

[Bill Sanderson]

That second URL would definitely give you adware--it says it right up front
if you actuall read the EULA.

Quite nasty, but not completely undercover.

 

[Bill Sanderson]

Hmm - This download detects and cleans the following families of viruses:

. Berbew

. Blaster

. DoomJuice

. Gaobot

. Mydoom

. Nachi

. Sasser

. Zindos



Unless Prutect is a name given to one of these rather nasty critters, I
don't think this will help.

According to posts at DSLREPORTS, Ad-aware SE with current definitions
should remove Prutect--but it uses several different names for its
executable, so I don't know whether it has changed since Ad-aware started
cleaning it.

Ad-aware:

www.lavasoftusa.com

 

[BiggieX]

From the following site:
http://computercops.biz/postt92245.html

Start your computer in Safe Mode (it may help to print
this out), and find and delete the following two files:

mmups.exe in the C:\Windows folder
prvtect.exe in the C:\Windows\System32 folder

NOTE: To avoid the risk of any of the above not being
found due to them having the 'Hidden' attribute, first
make sure that in Folder Options > View hidden and
operating system files are set to show.

Next, still in Safe Mode, run Hijack This, and have it fix
these items:

R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-
00C04FD64497} - (no file)

O2 - BHO: (no name) - {00000010-6F7D-442C-93E3-
4A4827C2E4C8} - (no file)

O4 - HKLM\..\Run: [mediamotor.exe] C:\WINDOWS\mmups.exe
O4 - HKCU\..\Run: [prvtect] C:\WINDOWS\system32
\prvtect.exe


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersio
n\Run: mediamotor.exe c:\windows\mmups.exe

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion
\Run: prvtct

If you don't know how to edit the registry, then don't
attempt it. Find someone that can help.

Best of luck!

 

[ClifH]

Here's a tried and true thought. Contact the Support
Section of those web sites you think you got the
infection from. Reputable companies will supply a fix. If
they don't then try a restore (if you have XP) to a point
prior to having the problem. If you can't and MS isn't
able to supply a solution, either here or in the updates,
do a clean reinstall.

 

[Eric]

You may have had some garbage on there prior to the MS
beta app. Backup your files, FDISK and reload the OS.
Before you start loading all of your day to day apps, load
zone alarm, then the MS spyware, then all your other stuff.

Eric

 

[Guest]

-----Original Message-----
Even I installed the microsoft antispyware in my computer
and turned on the real time protection, my computer still
gets infected by "Prutect". It can shut down anitspyware
program and firewall. I tried to clean it with microsoft
antispyware but the "Prutect" comes back everytime I
reboot the system. Is there anyone know how to remove it?
I believe I got infected from www.addictinggames.com or
www.iconcave.com
.

The spyware probably is writing hidden dll files in your
registery. When you reboot these dll files rewrite the
prutect back into the registery. You should download
hijackthis and find a discussion board to post the results.
There are also programs on the net that CLAIM to get rid
of prutect but I cannot verify that. Also download
spywareblaster from javacoolsoftware.com. It will help
prevent hijackers and spyware cookies etc. Adaware is good
too. SpybotSearchandDestroy is also something I would
reccommend.

 

[Clam]

Just tried but didn't help at all. It couldn't find any
problem.

Clam

 

[JohnF.]

To manually remove E2Give:

1.. Open a DOS command prompt window (Start->Run, type 'cmd' (for windows
2000/XP) or 'command' (for windows 98/Me).
2.. Enter the following commands,

a.. for the E2GBHO variant:
cd "%WinDir%\System"
regsvr32 /u "\Program Files\E2Give\e2gbho.dll"

b.. for the IeBHOs variant:
cd "%WinDir%\System"
regsvr32 /u "C:\E2G\iebhos.dll"

3.. Restart the computer.
4.. Delete the folder 'E2Give' in Program Files (E2Give variant), or 'E2G'
in the C: drive (IeBHOs variant).
5.. Open the registry editor ( Start->Run, type 'regedit' and click Ok).
Find and delete the key HKEY_LOCAL_MACHINE\SOFTWARE\E2Give.
JohnF.

 

[Gerry Cornell]

Clam

Have you made a report to Microsoft?

--


Hope this helps.

Gerry
~~~~~~~~~~~~~~~~~~~~~~~~
FCA

Using invalid email address

Stourport, Worcs, England
Enquire, plan and execute.
~~~~~~~~~~~~~~~~~~~~~~~~
Please tell the newsgroup how any
suggested solution worked for you.



~~~~~~~~~~~~~~~~~~~~~~~~

 

[Bob kinney]

You bet your Bippy you do.

They are 2 different beasts, spyware does have similarities to viruses as
they replicate in memory, hog cpu usage, etc.

The difference is the code. Spyware does not infect files, wipe your data,
etc.

The internet has come along way since I first went on. Now you need
I-condoms (Internet Condoms) to protect yourself.

1. Firewall

2. Anti Virus

3. Anti spyware/adware

4. anti spam

This is just so you can surf w/o fear.

 

[ScottG]

> To manually remove E2Give:
>
> 1.. Open a DOS command prompt window (Start->Run, type 'cmd' (for windows
> 2000/XP) or 'command' (for windows 98/Me).
> 2.. Enter the following commands,
>
> a.. for the E2GBHO variant:
> cd "%WinDir%\System"
> regsvr32 /u "\Program Files\E2Give\e2gbho.dll"
>
> b.. for the IeBHOs variant:
> cd "%WinDir%\System"
> regsvr32 /u "C:\E2G\iebhos.dll"
>
> 3.. Restart the computer.
> 4.. Delete the folder 'E2Give' in Program Files (E2Give variant), or
> 'E2G' in the C: drive (IeBHOs variant).
> 5.. Open the registry editor ( Start->Run, type 'regedit' and click Ok).
> Find and delete the key HKEY_LOCAL_MACHINE\SOFTWARE\E2Give.
> JohnF.



I tried this same method but it did not work for me. I am at my wit's end with these bast*rds. I have emailed E2Give and the only solution they have provided was to reinstall their software and then use add/remove programs to uninstall. This did not work. I will post my results here.

 

[ScottG]

I have the solution.This link - http://www.yourfilelink.com/get.php?fid=71221 - contains a custom removal program which I obtained from E2Give directly. I emailed the company on Wednesday when I could not successfully remove the program. After several unsuccessful attempts at re-installing the program, I requested that they provide a removal program. Lo and behold, they provided a program which appeared to work like a charm. I would like for someone to check this file and make certain it does not cause any hidden damage while removing the E2G software because I have no experience in programming. I unzipped this file and ran it on the infected machine and when it finished, neither the E2G folder in "Crogram Files" nor the dll files reappeared. Again, please check this file to make sure it does not cause any harm while removing the spyware.

 

[redluck]

i tried the tool. it appeared to work. but then i still got a popup. and e2give still showed up upon further scanning. any other ideas?

 

[ScottG]

If you have followed all of the other steps, I really don't have a good answer for you. I would try the old faithful methods of trying to uninstall the program from add/remove programs, followed by running your anti-spyware software to see if any traces remain, then the manual removal process of deleting the folders/files/registry entries and last use the tool provided by E2G.

 

[redluck]

could you tell me how to contact E2Give directly? I would like to ask them for another uninstall tool. Maybe they've changed something...

 

[ScottG]

The email address I used to contact the company was (e-mail address removed). They will probably ask you to try a few other methods, including reinstalling the e2g software and then using the add/remove programs method to uninstall. This method did not work in my case and the software engineers at E2G claimed it was because the install program was damaged by one of the following - Spybot/AdAware/WindowsDefender. Anyhow, long story short, if you press for a solution they will help you out. Good luck and let me know how it goes.

 

[redluck]

Thanks. I sent them an email at that address. I'll see what happens...