R
Rudy
Tonite, I Contracted 39 versions of what SuperAntiSpyware calls:
ROGUE.AGENT/GEN in my Registry
HKUS\S-1-5-21 (see below) etc (in 39 different file endings) and
TROJAN.AGENT/GEN-FakeSpy[Broad] 3 copies
1. in
HKUS\S-1-5-21-2952124706-32014773-2762605872-1007Software\Microsoft\Windows\CurrentVersion\Run(jdfecxfs-
C:\Documentsand
Settings\Alan\LocalSettings\ApplicationData\ubqllk\cpxrsysguard.exe and
The other two in C:\ DocSettings\Alan\LocalSettings\ApplicationData where
it again opened a Folder named UBQLLK and inserted 2 copies of
CPXRSYSGUARD.EXE
It began opening copy after copy of its version of an Anti Virus etc
demanding that I let it search and fix my problems.
At the same time, it was busy repeatedly opening WEBPAGES: VIAGRA.COM,
PORNO.COM and ADULTSEX (or something) .com
** I'm running AVG free Ver 8.5 and SuperAnti spyware** but neither saw
this thing coming.
My SecurityCenter settings said that my AV wasnt working ( it looked like
this thing shut down AVG) while this thing did its 70+ attempts to start and
run while I tried to stop it. I managed to get SuperAntiSpyware up and
running and it finally found all the above after fighting with the JUNK for
an hour..
Once finished, I got SAS to quarantine all those entries (42) and
restarted. I found a STARTUP line in MSCONFIG/startup for CPRXSYSGUARD so I
unchecked that and restarted in SAFE MODE. I then ran a full AVG scan which
found nothing.
I restarted again but was unable to get IE8 to go to my HOME website. I
tried several sites, no luck, just Windows "advice" page to try again or
retype etc.
I did a regular SEARCH (Left menu) for CPXRSYSGUARD and it revealed 3
copies in something called:
[Explorer Icon]
kaka://C:\DocumentsandSettings\Alan\LocalSettings\AppData\ubqllk\cpxrsysguard.exe/alert.htm
and in Explorer]kaka://C:\ SAME
..exe/mtmlMain.htm
and Explorer] kaka://C:\ SAME .exe/netalert.htm
I deleted these directly from SEARCH but all to no avail.
I can't get IE8 to bring up any webpage. I tried my OUTLOOK thru the same
connection and went to Newsgroups just fine..but no internet.
I found more similar copies/pieces of this thing in odd places in my
Registry so I ran a Registry Scan With REG Cleaner WINASO Ver 3.0
I ve run it before with no problems. All the pieces I could find, in
Registry, I removed. It did also find another piece of EVIL in
C:/Windows/Temp/ named 3812937264.exe which may have been the start of all
this. It was removed also but still no luck.
Everything LOOKS ok and seems to RUN OK, but cannot get IE8 to go online.
I figured WTH, and went to SYSTEM RESTORE.. I tried 4 "restores" going back
Dec 12, 10 8 and Nov 25..No luck, simply:
Computer CANNOT be restored to...the various dates..
I just recently U/G to IE8 from IE6. It seems that this significantly
SLOWED my USENET /newsgroups responses but I may be dreaming.
Any advice on how to try and get this problem fixed would be much
appreciated...I ve been at it for 4+ hours now
ROGUE.AGENT/GEN in my Registry
HKUS\S-1-5-21 (see below) etc (in 39 different file endings) and
TROJAN.AGENT/GEN-FakeSpy[Broad] 3 copies
1. in
HKUS\S-1-5-21-2952124706-32014773-2762605872-1007Software\Microsoft\Windows\CurrentVersion\Run(jdfecxfs-
C:\Documentsand
Settings\Alan\LocalSettings\ApplicationData\ubqllk\cpxrsysguard.exe and
The other two in C:\ DocSettings\Alan\LocalSettings\ApplicationData where
it again opened a Folder named UBQLLK and inserted 2 copies of
CPXRSYSGUARD.EXE
It began opening copy after copy of its version of an Anti Virus etc
demanding that I let it search and fix my problems.
At the same time, it was busy repeatedly opening WEBPAGES: VIAGRA.COM,
PORNO.COM and ADULTSEX (or something) .com
** I'm running AVG free Ver 8.5 and SuperAnti spyware** but neither saw
this thing coming.
My SecurityCenter settings said that my AV wasnt working ( it looked like
this thing shut down AVG) while this thing did its 70+ attempts to start and
run while I tried to stop it. I managed to get SuperAntiSpyware up and
running and it finally found all the above after fighting with the JUNK for
an hour..
Once finished, I got SAS to quarantine all those entries (42) and
restarted. I found a STARTUP line in MSCONFIG/startup for CPRXSYSGUARD so I
unchecked that and restarted in SAFE MODE. I then ran a full AVG scan which
found nothing.
I restarted again but was unable to get IE8 to go to my HOME website. I
tried several sites, no luck, just Windows "advice" page to try again or
retype etc.
I did a regular SEARCH (Left menu) for CPXRSYSGUARD and it revealed 3
copies in something called:
[Explorer Icon]
kaka://C:\DocumentsandSettings\Alan\LocalSettings\AppData\ubqllk\cpxrsysguard.exe/alert.htm
and in Explorer]kaka://C:\ SAME
..exe/mtmlMain.htm
and Explorer] kaka://C:\ SAME .exe/netalert.htm
I deleted these directly from SEARCH but all to no avail.
I can't get IE8 to bring up any webpage. I tried my OUTLOOK thru the same
connection and went to Newsgroups just fine..but no internet.
I found more similar copies/pieces of this thing in odd places in my
Registry so I ran a Registry Scan With REG Cleaner WINASO Ver 3.0
I ve run it before with no problems. All the pieces I could find, in
Registry, I removed. It did also find another piece of EVIL in
C:/Windows/Temp/ named 3812937264.exe which may have been the start of all
this. It was removed also but still no luck.
Everything LOOKS ok and seems to RUN OK, but cannot get IE8 to go online.
I figured WTH, and went to SYSTEM RESTORE.. I tried 4 "restores" going back
Dec 12, 10 8 and Nov 25..No luck, simply:
Computer CANNOT be restored to...the various dates..
I just recently U/G to IE8 from IE6. It seems that this significantly
SLOWED my USENET /newsgroups responses but I may be dreaming.
Any advice on how to try and get this problem fixed would be much
appreciated...I ve been at it for 4+ hours now