ps guard

I am having trouble with removal of ps guard. I have ran thru all the steps of cleaning system you say to do before asking for help. I am running windows me. I get it deleted and when I restart my computer it is back. I have also located it as intell32 and deleted that. I cannot get online in safe mode so I have to run some things in normal mode and then switch to safe mode for the rest. Any suggestions? Thanks for your time. I have hjt downloaded and can post a log if you would like.

Stacey

 

I downloaded and ran the program you said. I have attached both a hjt log and the smit log. When I looked for ps guard in add/remove programs it was not listed but I found a folder in program files with that name and I deleted it. This is one tough one to get rid of. Thanks for your help
Stacey

 

I did run that but it brought up a black screen that says reg at top left corner and it does nothing. Does that take a while to run and should I just let it go or is there something causing a problem with it. I ran all the other exe files within that smit file but there is one called taskkill.exe that I tried to run and it came up that a required .dll file FRAMEDYN.DLL is not found. Any suggestions?
Stacey

 

I got rid of and reinstalled smit and when I try to run the ltd_fix.exe it still opens up a black screen and stays on the screen and does nothing. there is another file reg.exe that when i ran it it just flashed on the screen and then was done. Also this website won't let me reattach the smit file because it says I have already attached it previously. Thanks
Stacey

 

Yes I was trying to run that from the safe mode. I did do the hjt in safe mode and have rescanned in normal mode and attached that log file. I added the file to the registry. Do you want me to try and run the ltd_fix.reg file again that just keeps hanging everytime I try it? Thanks

 

Ok I had hjt fix the line you said and then deleted intell32.exe. Rebooted computer and everything seemed fine but when I opened up Internet Explorer there is this lovely damn circle with an exclamation mark in the lower right of my screen! The program is back and I am getting really aggravated! What now??? I posted another hjt log.

 

I believe that has got it. I have rebooted opened my browser and don't see the telltale circle in right hand corner. Thanks for all your time. Should I go ahead and run spybot or any of those programs to make sure there is no trace of this monster left anywhere? I have posted new hjt log for you to look at and see if there is anything else I need to repair. Thanks again!

Stacey

 

I ran spybot and it found a total of 38 entries. I had it fix them and then when i opened ie browser that damn circle is back! It is hiding somewhere but I don't know where. Now what???

 

I closed out internet explorer to do hjt and on desktop was psguard shortcut and there was also one in toolbar on bottom of screen on the left side. Grrr!
Stacey

 

I cannot use Ewido as I am using Windows ME.

 

Ok did the steps you posted and it still won't let me run the one program. Just get a black screen that says reg in left hand corner and nothing happens. Ran the other smit programs also and one came up and said that file system file wininet.dll is infected. Could this be our problem?

 

The only folder in windows-system32 is drivers, and i have no 386 folder. I have found on c drive-restore-temp folder there are 2 files intell32.0 and intell32.1. When I try to delete these files it says my access is denied because they may already be in use. Is this any help?

 

yes system restore is off-i just double checked to make sure

 

I have tried several times this morning to run that Panda scan and everytime I do I get to the page that says to press yes for active x to install and I click on yes and then the computer freezes up. It is only the screen that has Panda scan that locks up. I can do other things on the computer but that page locks up. I have gone thru the steps and deleted intell32 where I could find it and tried to run Panda again and it is still locking up. I also disabled avg thinking maybe that was causing a problem. Still no luck.
Stacey

 

Sorry I put that active x window comes up and I meant activescan. I also tried running hjt and deleting line with intell32 and then tried to run panda again and still no luck

 

Ok did as you instructed. I have also found the wininet.dll file and when i click on properties on it, it says it was modified august 19, 2005.

 

Ok followed instruction from your post but it will not allow me to replace that file with the new wininet because the file may be in use by windows. Can I delete the bad wininet file and leave the other one in its place? Also the file was located in the system folder not system 32

 

Will not let me rename old one and wont let me delete it either. Says file is in use by windows. When I try to just replace old with new it tells me "cannot move wininet. A file with the name you specify already exists. specify a different file name"

 

Yes doing this in safe mode-cant go to command prompt because i only have 4 choices
normal
logged
safe
step by step confirmation.

 

I am doing everything I can think of to get smit to run. I have ran spybot twice now-first time found 9 entries, second time found 2 entries. I have tried running in safe and normal mode. I am still working on it and see if I can have any luck. Will let you know shortly if I have any luck. I have hp system recovery disk. Is that what I need?

 

Ok I will have to get the disks-I am working on bosses brothers computer and he has the disks with him. I will get back with you on Monday and let you know how its coming. Thanks for the help and have yourself a good weekend!

 

Ok I have system recovery disk that came with computer. Am I going to be able to just repair system or am I going to have to reformat and reinstall everything? I am hoping for repair cause I would have several things I would have to reinstall! But whatever it takes to get this puter up and running I am ready! Also I sall what chaslang said-yes the files were located in the system folder not system 32-as stated in post #32

 

Are you wanting another hjt log? The computer has been turned off since I talked to you last. I am using another computer to read these instructions.

 

I believe that is the only problem if it is the root of ps guard. I now have a start up disk and am ready for whatever the next step I need to do is.

 

Sorry I just scrolled thru the previous post and saw what you wanted me to do with that start up disk. I will go thru those steps now. After I am done do I need to run spybot, avg, etc to make sure no remnants remain of ps guard?

 

ok with first line but when put in 2nd command it tells me bad file name? I have checked twice to make sure I have typed it in correctly. The first command deleted the file is that correct? Then the second file is replacing the file, and are we replacing the file using what is on the floppy? Grrrr! I think computers were made to drive people CRAZY!

 

ok let me try

 

There is no wininet.dll file located anywhere now. Crapola!!!!!!!

 

I have found a wininet.dll file located in c\program files\online services\earthlink. Can that one be used?

 

modified july 14 1999 accessed todays date

 

I went ahead and copied and pasted that wininet.dll file. Now when I try to open up internet explorer to get on the internet i get an error that reads "Iexplorer has caused an error in urlmon.dll and will now close." I have no other way to access the internet on that computer.

 

Yahoo! that seemed to do the trick. Now I am going to run spybot and adaware and cc cleaner to make sure nothing is remaining. Thanks so much for all your help!

Stacey

 

There was something else you wanted me to do also? I forgot you had said that after we were done you had one more thing. I got the file from the link you sent-had to download. I did find a wininet16.dll file but no other than the one I previously told you about in earthlink.

 

I scrolled down thru posts and saw there is another file you want me to do pocket killbox with. So far so good with computer. I ran spybot,etc and it did find a few instances of psguard but hopefully those were just remnants. Thanks

 

I ran pocket killbox as directed. I also ran spybot, adaware, etc and found no instances of ps guard on computer. I would like to thank you for all your help getting this computer going again. The computer belongs to my bosses brother and they were giving me a hard time saying the computer was going to win and I told them that with your help it would not! You have a good week and thanks again for the help.
Stacey