PSGUARD infection

Having problems here - have read all the advice given by everyone on this site with same sort of infection incl. installing Adaware personal SE and Spybot, both of which say they have deleted PSGuard and smit etc but when I reboot, there is PSGuard again...spent all of today on this (not my idea of a relaxing Sunday!) and, as my father got this PC for me 2nd hand at a computer fair and as he was a complete expert in computer programming (he was a senior research officer at the RMCS) I know he would be able to suggest something that works! Unfortunately he passed away a month ago and now his not-so-pc-savvy daughter is tearing her hair out...PLEASE help...anyone?!! I have kept a copy of a hijackthis log as wel, if that helps...don't want to have to buy new computer as Dad got me this so it has sentimental value.
Thanks in advance
Bee

 

Chaslang - did as you suggested (only not in safe mode as every time tried to reboot in safe mode with either ctrl key or F8 key, I got 'keyboard failure' and so extracted smitrem.exe in normal mode) PSGuard popped up when it tried to clean files although did get the text file, which reads as follows:
(thanks, Bryony)


smitRem log file
version 2.7

by noahdfear


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Remaining Pre-run Files
~~~ Program Files ~~~
~~~ Shortcuts ~~~
~~~ Favorites ~~~
~~~ system folder ~~~


oleext.dll
~~~ Icons in system folder ~~~
~~~ Windows directory ~~~
~~~ Drive root ~~~
~~~ Miscellaneous Files/folders ~~~
~~~~ wininet.dll ~~~~

wininet.dll Present!!


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Remaining Post-run Files


~~~ Program Files ~~~
~~~ Shortcuts ~~~
~~~ Favorites ~~~
~~~ system folder ~~~


oleext.dll
~~~ Icons in system folder ~~~
~~~ Windows directory ~~~
~~~ Drive root ~~~
~~~ Miscellaneous Files/folders ~~~
~~~~ wininet.dll ~~~~

wininet.dll INFECTED!!

 

PSGuard and Smit infected (10 hrs on this today!)

Dear anyone (who are more computer knowledgable than I)
I have a Dell Optiplex GX110 127 MB ram Win98 4.10.
Having problems here - have read all the advice given by everyone on this site with same sort of infection incl. installing Adaware personal SE and Spybot, both of which say they have deleted PSGuard and smit etc but when I reboot, there is PSGuard again...spent all of today on this (not my idea of a relaxing Sunday!) and, as my father got this PC for me 2nd hand at a computer fair and as he was a complete expert in computer programming (he was a senior research officer at the RMCS) I know he would be able to suggest something that works! Unfortunately he passed away a month ago and now his not-so-pc-savvy daughter is tearing her hair out...PLEASE help...anyone?!! I have kept a copy of a hijackthis log as well, and Smittextfile as Chaslang suggested (unfortunately cannot reboot in safe mode to run this smit.exe prog as every time I try my PC has 'keyboard failure'), if that helps...don't want to have to buy new computer as Dad got me this so it has sentimental value. Have attached smittextfile as Chaslang told me to in hope he sees it, or someone else who knows what it means and can help. Many thanks, Bryony

 

Re: PSGuard and Smit infected (10 hrs on this today!)

Please follow the steps below:

- Run ALL the steps in this Sticky thread READ & RUN ME FIRST Before Asking for Support

Make sure you check version numbers and get all updates.

- Very Important: Make sure you tell us the results from running the tutorial...was anything found? Were you unable to complete any of the scans?...Were you unable to download any of the tools?...Did you do the on-line scans as suggested? etc.

After doing ALL of the above you still have a problem make sure you have booted to normal mode and run the steps in the below link to properly use HijackThis:

Downloading, Installing, and Running HijackThis

What is important here is we get a HijackThis log posted as an ATTACHMENT. If you can't run the scans in Safe Mode, run them in Normal Mode.

 

Do apologise - never used a thread or forum before....managed to get my pc to work in safe mode and ran smit exe, adaware and spybot....PSGuard still popping up though...will keep trying
Thank you
Bryony

 

Hi Chaslang

I have a Dell Optiplex GX110 127 MB ram Win98 4.10. No CD's to re-boot, as I said, my Dad got it from a computer fair 2nd hand so it's a creaky old thing! However, in 2 years, this is first time I have had such a serious infection, have had other spyware protection, Sophos antivirus and firewall Mozilla on it for quite a while and do perform updates...in answer to your question(s) yes, the wininet.dll is still there. Have uninstalled all antispyware apart from spybot now adn adaware plus hijackthis. Have been through all the steps that S_P_dude recommended and have attached hijackthis file - many thanks for your help...
regards, Bryony

 

The problem is that my what is infected?!
Should I reinstall hijack this in the right place, would that make a difference?
And if I obtain a win98 CD, and reboot with it, does that mean I will lose info on my PC?
Thank you
Regards
Bryony

 

Thanks Chaslang
It was 2.00 am here by the time I wrote that last posting to you so called it a day and went to bed! When I get home tonight, I will do all the procedures you have asked me to (forgive me, I did miss the online scan, thought it was part of the CCleaner which I had done earlier, will repeat everything to the letter now I am slightly more awake...14 hours in front of my PC, not v healthy!)
Speak later on
Thanks again
Bryony

 

Hi Chaslang

Haven't been through the whole 'read me and run first' process again yet..but have obtained version number of wininet.dll: 6.00.2800.1405

hope this helps
thanks, Bryony

 

Thank you - will print this off at work tomorrow (have no printer at home) and follow...in the meantime, I did another smitrem run in safe mode (still infected :-( ) and have attached Hijack this log file (saved, extracted and run from correct place this time!)
Thank you
Regards, Bryony