Re: Can't remove spyware registry entries for PSGuard Spyware?
- From: "Knight Technologies" <KnightTechnologies@xxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Thu, 18 Aug 2005 09:51:02 -0700
What happened was I accidently clicked an advertisement link and browser
popups filled my memory up so I couldn't respond, in the background PSGuard
was installed, took over the desktop, it's designed to fool you by showing a
believable spyware scan in which you are actually seeing your own files and
directory structures being collected in front of you, after completed it's
designed to make your system appear abused then it installs multiple trojans,
viruses, keyloggers, you name it and updates itself. After awhile it's
designed to make hundreds of international 1-900 calls then destroy your
machine when finished to make it harder to track back, luckily I caught it in
time. I used sysinternals connection monitor and took a snapshot of the
remote connection to where it phoned home too.
Anyways, it's pretty cleaned up except for that entry which you're right
about it shows exactly what you said I ran that scanner and it shows
"embedded null's", so what do I do now to get rid of it?
--
Knight Technologies (http://knight-technologies.us)
E4 Chat (http://e4chat.com)
"Mark V" wrote:
> In microsoft.public.win2000.registry
> =?Utf-8?B?S25pZ2h0IFRlY2hub2xvZ2llcw==?= wrote:
>
> > On Windows Server 2003 R2 I'm unable to remove PSGuard registry
> > entries using regedit, even after doing an OS repair the entries
> > still remain.
>
> And PSGuard has provide no help in removing/uninstalling their
> software?
>
> > The registry entry is:
> > HKEY_LOCAL_MACHINE\SOFTWARE\ShudderLTD\PSGuard\PSGuard\License
> >
> > System produces error on key deletion attempt that says I cannot
> > the delete key.
> >
> > I can't delete the root for the entire branch either:
> > HKEY_LOCAL_MACHINE\SOFTWARE\ShudderLTD
> >
> > I've ran some several spyware scanners and on Spybot S & D it
> > comes up and requests reboot to remove, once the system reboots
> > the entry remains.
>
> Often this is a permissions issue on the key or sub-key. Have you
> taken ownership and set new ACLS (or tried to)?
>
> Since this is a licence key one possibility is that the key was
> created in such a way as to be unremovable. Possibly by embedding
> null characters that make the key invalid for access by the Win32
> APIs used in regedit and most Windows registry tools. In practice
> this key may be un-removable.
>
> You might want to run Sysinternals RootkitRevealer to see what can
> be seen about it.
> http://www.sysinternals.com/utilities/rootkitrevealer.html
>
>
.
- Follow-Ups:
- References:
- Can't remove spyware registry entries for PSGuard Spyware?
- From: Knight Technologies
- Re: Can't remove spyware registry entries for PSGuard Spyware?
- From: Mark V
- Can't remove spyware registry entries for PSGuard Spyware?
- Prev by Date: Re: Screen Saver Timeout Registry Setting?
- Next by Date: Re: Can't remove spyware registry entries for PSGuard Spyware?
- Previous by thread: Re: Can't remove spyware registry entries for PSGuard Spyware?
- Next by thread: Re: Can't remove spyware registry entries for PSGuard Spyware?
- Index(es):
Relevant Pages
|
