Trying to Restore after PSguard

[Guest]

I got infected with PSguard malware. I believe I have it cleaned out, but I
don't know how to get my system back to where I can use the computer again.

From Start, program Files shows empty. I can, however, go to the shortcuts
on the desktop, right click, open and then run most programs. Internet
explorer does not work but Mozilla Firefox does.

I tried running compmgmt.msc but it gives the message "MMC cannot open the
file. This may be because the file does not exist (it does), is not an MMC
console, or was created by a later version of MMC. This may also be because
you do not have sufficient rights to the file."

I am logged in as Owner which I thought had all the rights.

I tried running eventvwr.msc and get the same message.

I cannot access control panel either.

I do not want to use system recovery and lose all the programs I have
installed, especially since the \windows\system32\restore\SR-RP file has many
entries like below

RestorePointName=System Checkpoint, RestorePointStatus=[VALID], Number=301l,
Date=Thursday September 1, 2005 15:26:13

which I take to mean that many restore points exist.

Will appreciate any help solving this problem!!

 

[PA Bear]

Checking for/Help with Hijackware
http://aumha.org/a/parasite.htm
http://aumha.org/a/quickfix.htm
http://aumha.net/viewtopic.php?t=5878
http://mvps.org/winhelp2002/unwanted.htm
http://inetexplorer.mvps.org/data/prevention.htm
http://inetexplorer.mvps.org/archive/tshoot.html
http://www.mvps.org/sramesh2k/Malware_Defence.htm
http://defendingyourmachine.blogspot.com/

When all else fails, HijackThis v1.99.1
(http://aumha.net/downloads/hijackthis.zip) is the preferred tool to use.
It will help you to both identify and remove any hijackware/spyware. **Post
your log to http://forums.spywareinfo.com/,
http://castlecops.com/forum67.html or http://aumha.net/viewforum.php?f=30
for expert analysis, not here.**

 

[Guest]

Thank you for taking time to answer. My question, however, is not how to
remove PSguard. That is already done. My question is how to perform system
rsetore when the standard method does not work.

Checking for/Help with Hijackware
http://aumha.org/a/parasite.htm
http://aumha.org/a/quickfix.htm
http://aumha.net/viewtopic.php?t=5878
http://mvps.org/winhelp2002/unwanted.htm
http://inetexplorer.mvps.org/data/prevention.htm
http://inetexplorer.mvps.org/archive/tshoot.html
http://www.mvps.org/sramesh2k/Malware_Defence.htm
http://defendingyourmachine.blogspot.com/

When all else fails, HijackThis v1.99.1
(http://aumha.net/downloads/hijackthis.zip) is the preferred tool to use.
It will help you to both identify and remove any hijackware/spyware. **Post
your log to http://forums.spywareinfo.com/,
http://castlecops.com/forum67.html or http://aumha.net/viewforum.php?f=30
for expert analysis, not here.**

--
~Robear Dyer (PA Bear)
MS MVP-Windows (IE/OE, Shell/User, Security), AH-VSOP

I got infected with PSguard malware. I believe I have it cleaned out, but
I don't know how to get my system back to where I can use the computer
again.

From Start, program Files shows empty. I can, however, go to the shortcuts
on the desktop, right click, open and then run most programs. Internet
explorer does not work but Mozilla Firefox does.

I tried running compmgmt.msc but it gives the message "MMC cannot open the
file. This may be because the file does not exist (it does), is not an MMC
console, or was created by a later version of MMC. This may also be
because you do not have sufficient rights to the file."

I am logged in as Owner which I thought had all the rights.

I tried running eventvwr.msc and get the same message.

I cannot access control panel either.

I do not want to use system recovery and lose all the programs I have
installed, especially since the \windows\system32\restore\SR-RP file has
many entries like below

RestorePointName=System Checkpoint, RestorePointStatus=[VALID],
Number=301l, Date=Thursday September 1, 2005 15:26:13

which I take to mean that many restore points exist.

Will appreciate any help solving this problem!!

 

[Leythos]

My question is how to perform system
rsetore when the standard method does not work.

Look in google for "Windows XP repair reinstall instructions" - if you
follow the directions properly you will not have to reinstall everything
from scratch - but you may have to reactivate.

 

[Bert Kinney]

Hi,

Have you tried running System Restore?
All About System Restore in WinXP
http://bertk.mvps.org
Are there any error messages when you do?

Warning, restoring the system to a point when the system was still infected could
re-infect the system. This may not necessarily be a bad thing if the system regains it
functionality. Just be ready to remove PSGuard. See the link below.

How long ago did the system become infected?

Remove PSGuard
http://labs.paretologic.com/spyware.aspx?remove=PSGuard

 

[PA Bear]

I was positing that perhaps PSGuard wasn't completely removed and was still
causing problems.

IMO, once an expert gives your HijackThis log a clean bill of health, you
should flush all System Restore points.
--
~Robear Dyer (PA Bear)
MS MVP-Windows (IE/OE, Shell/User, Security), AH-VSOP

Thank you for taking time to answer. My question, however, is not how to
remove PSguard. That is already done. My question is how to perform system
rsetore when the standard method does not work.

Checking for/Help with Hijackware
http://aumha.org/a/parasite.htm
http://aumha.org/a/quickfix.htm
http://aumha.net/viewtopic.php?t=5878
http://mvps.org/winhelp2002/unwanted.htm
http://inetexplorer.mvps.org/data/prevention.htm
http://inetexplorer.mvps.org/archive/tshoot.html
http://www.mvps.org/sramesh2k/Malware_Defence.htm
http://defendingyourmachine.blogspot.com/

When all else fails, HijackThis v1.99.1
(http://aumha.net/downloads/hijackthis.zip) is the preferred tool to
use. It will help you to both identify and remove any
hijackware/spyware. **Post your log to http://forums.spywareinfo.com/,
http://castlecops.com/forum67.html or
http://aumha.net/viewforum.php?f=30 for expert analysis, not here.**

--
~Robear Dyer (PA Bear)
MS MVP-Windows (IE/OE, Shell/User, Security), AH-VSOP

I got infected with PSguard malware. I believe I have it cleaned out,
but I don't know how to get my system back to where I can use the
computer again.

From Start, program Files shows empty. I can, however, go to the
shortcuts on the desktop, right click, open and then run most
programs. Internet explorer does not work but Mozilla Firefox does.

I tried running compmgmt.msc but it gives the message "MMC cannot
open the file. This may be because the file does not exist (it does),
is not an MMC console, or was created by a later version of MMC. This
may also be because you do not have sufficient rights to the file."

I am logged in as Owner which I thought had all the rights.

I tried running eventvwr.msc and get the same message.

I cannot access control panel either.

I do not want to use system recovery and lose all the programs I have
installed, especially since the \windows\system32\restore\SR-RP file
has many entries like below

RestorePointName=System Checkpoint, RestorePointStatus=[VALID],
Number=301l, Date=Thursday September 1, 2005 15:26:13

which I take to mean that many restore points exist.

Will appreciate any help solving this problem!!

 

[garney]

check thes
psguar
removal instruction