YourSiteBar and PSgaurd

[frogman]

I have removed 1500 virus infected files and about twice as many
spyware files. But this PC will not let me get ride of these two
files. I have rebooted like sypbot said but it still did not delete
the file.
I have booted to safe mode and run ad-aware, spybot sd, and microsoft
antispyware.
I have even tried to delete the reg key manually to no avail.

i have tried hijackthis.

the pc is XP home

any help is greatly appricated.

 

[MowGreen]

frogman,

Three ways to remove it as quickly as possible :

1) Download and install a trial version of Kapersky AV
http://www.kaspersky.com/trials?chapter=146481750
Read this to learn how to update and configure it :
http://castlecops.com/t106277-Bube_d_aka_Win32_Beavis_Removal_isrvs.html

2) Visit an antispyware forum that specializes in the removal of this
malware :
http://www.bleepingcomputer.com/forums/forum22.html
http://forum.aumha.org/viewforum.php?f=30&sid=7b8d9d88f437602d4f9449031d6837fa
http://castlecops.com/f67-Hijackthis_Spyware_Viruses_Worms_Trojans_Oh_My.html
http://forums.spywareinfo.com/index.php?showforum=44

Make sure you read the guidlines of the forum you decide on

3) Follow this thread and remove it yourself :
http://www.geekstogo.com/forum/Psguard-t62696-s15.html

Best of luck...

MowGreen [MVP 2003-2005]
===============
* 343 * FDNY
Never Forgotten
===============

 

[David H. Lipman]

From: "frogman" <[email protected]>

| I have removed 1500 virus infected files and about twice as many
| spyware files. But this PC will not let me get ride of these two
| files. I have rebooted like sypbot said but it still did not delete
| the file.
| I have booted to safe mode and run ad-aware, spybot sd, and microsoft
| antispyware.
| I have even tried to delete the reg key manually to no avail.
|
| i have tried hijackthis.
|
| the pc is XP home
|
| any help is greatly appricated.

I think you are confusing "viruses" with non-viral malware such as adware and spyware. They
are NOT the same. If you had "...1500 virus infected files..." then it would be really bad
and I would suggest wiping the system and reinstalling the OS from scratch. However, you
have indicated NO specific virus names and the software you used target non-viral malware
not viruses and thus my conclusion.

Unfortunately, you wrote a *very poor* post and state --
"But this PC will not let me get ride of these two files. I have rebooted like sypbot said
but it still did not delete the file."
However you do NOT state what these files are. It would help if you post the fully
qualified path and name of the files purported to be infectors and in need of removal.

You also stated you use... "ad-aware, spybot sd" but fail to post version information.

I hope that is Ad-aware SE v1.06 and SpyBot Search and Destroy v1.4 and they are fully
updated.

I suggest downloading, installing and updating BHODemon for any Browser Helper Objects
that may be on the PC.

BHODemon
http://www.definitivesolutions.com/bhodemon.htm

Please post the fully qualified path and name of the files purported to be infectors and in
need of removal.

 

[frogman]

I used AVG to clean the virus infected files. It took about 10 passes
to get the PC clean. the first time I ran it 450 infected files were
found and deleted. the second time i ran it 415 were found then the
next time i ran it 319 etc.

Yes all the tools are latest versions and updated

now on to the current problem.

I have run Ad-Aware, MS Antispyware, and Spybot search and destroy both
MS Antispyware and Spybot find 2 spyware hits.

PSGaurd - HKEY_LOCAL_MACHINE\SOFTWARE\ShudderLTD\PSGUARD
YourSiteBar - HKEY_LOCAL_MACHINE\SOFTWARE\YourSiteBar

these are registry entries
the spyware removel programs say the removed them but when they are run
again the same 2 reg entries are caught.

I have tried to manually delete the entries but get a can not delete
selected key. Error while deleting key.

Thank you for all your help

 

[frogman]

I used AVG to clean the virus infected files. It took about 10 passes
to get the PC clean. the first time I ran it 450 infected files were
found and deleted. the second time i ran it 415 were found then the
next time i ran it 319 etc.

Yes all the tools are latest versions and updated

now on to the current problem.

I have run Ad-Aware, MS Antispyware, and Spybot search and destroy both
MS Antispyware and Spybot find 2 spyware hits.

PSGaurd - HKEY_LOCAL_MACHINE\SOFTWARE\ShudderLTD\PSGUARD
YourSiteBar - HKEY_LOCAL_MACHINE\SOFTWARE\YourSiteBar

these are registry entries
the spyware removel programs say the removed them but when they are run
again the same 2 reg entries are caught.

I have tried to manually delete the entries but get a can not delete
selected key. Error while deleting key.

Thank you for all your help

 

[David H. Lipman]

From: "frogman" <[email protected]>

| I used AVG to clean the virus infected files. It took about 10 passes
| to get the PC clean. the first time I ran it 450 infected files were
| found and deleted. the second time i ran it 415 were found then the
| next time i ran it 319 etc.
|
| Yes all the tools are latest versions and updated
|

< snip >

Yikes -- If you had THAT many detected by AVG that is not good !
It is possible that AVG may have missed some viruses, Trojans or other malware.

Please use the following tool which provides anti virus scanners from; McAfee, Sophos and
Trend Micro.
None of which have to pre-exist on your PC.


Download MULTI_AV.EXE from the URL --
http://www.ik-cs.com/programs/virtools/Multi_AV.exe

It is a self-extracting ZIP file that contains the Kixtart Script Interpreter {
http://kixtart.org Kixtart is CareWare } three batch files, five Kixtart scripts, one Link
(.LNK) file, a PDF instruction file and two utilities; UNZIP.EXE and WGET.EXE. It will
simplify the process of using; Sophos, Trend and McAfee Anti Virus Command Line Scanners to
remove viruses, Trojans and various other malware.

C:\AV-CLS\StartMenu.BAT -- { or Double-click on 'Start Menu' in C:\AV-CLS}
This will bring up the initial menu of choices and should be executed in Normal Mode. This
way all the components can be downloaded from each AV vendor’s web site.
The choices are; Sophos, Trend, McAfee, Exit the menu and Reboot the PC.

You can choose to go to each menu item and just download the needed files or you can
download the files and perform a scan in Normal Mode. Once you have downloaded the files
needed for each scanner you want to use, you should reboot the PC into Safe Mode [F8 key
during boot] and re-run the menu again and choose which scanner you want to run in Safe
Mode. It is suggested to run the scanners in both Safe Mode and Normal Mode.

When the menu is displayed hitting 'H' or 'h' will bring up a more comprehensive PDF help
file.

To use this utility, perform the following...
Execute; Multi_AV.exe { Note: You must use the default folder C:\AV-CLS }
Choose; Unzip
Choose; Close

Execute; C:\AV-CLS\StartMenu.BAT
{ or Double-click on 'Start Menu' in C:\AV-CLS }

NOTE: You may have to disable your software FireWall or allow WGET.EXE to go through your
FireWall to allow it to download the needed AV vendor related files.

* * * Please report back your results * * *

 

[frogman]

The process you described found many more problems and made the PC stop
having the popup problems but it still did not remove:
PSGaurd - HKEY_LOCAL_MACHINE\SOFTWARE\ShudderLTD\PSGUARD
YourSiteBar - HKEY_LOCAL_MACHINE\SOFTWARE\YourSiteBar

so the next step it to format and reinstall.

Thanks for all your help

 

[David H. Lipman]

From: "frogman" <[email protected]>

| The process you described found many more problems and made the PC stop
| having the popup problems but it still did not remove:
| PSGaurd - HKEY_LOCAL_MACHINE\SOFTWARE\ShudderLTD\PSGUARD
| YourSiteBar - HKEY_LOCAL_MACHINE\SOFTWARE\YourSiteBar
|
| so the next step it to format and reinstall.
|
| Thanks for all your help

In this case... I agree with your conclusion.

However, you must laern to practice Safe Hex or you will be dealing with future cyclical
re-formatting sessions.

http://www.claymania.com/safe-hex.html