EggXpert

Here

 http://www.bleepingcomputer.com/malware-removal/remove-pc-protection-center-2008

---

It is they are not selling anything at all. All they are doing is making sure how to remove rogue mail ware apps like the one you got.

---

Just wanna let you know, these rogue anti-spyware programs can be some of the more lethal buggers at waxing an OS. Removal can sometimes be near impossible because they're good at hiding and regenerating itself. IF you find that removal isn't successful, your best bet is to back up all personal files, to a media you can scan later of course, and wipe and reinstall. I've dealt with many of these things, so just wanted to let you know, and not be surprised if this is indeed the case. I have seen some successfully removed, but it tends not to be the norm. Best of luck,

If you want to try a trial security package that I've had pretty good luck with, try:  http://www.aec.cz/index.php?english , download link on left, this multiple engne is pretty good at getting the deeper darker drithers of these type of programs.

Penewah!

Penewab2007:

I have seen some successfully removed, but it tends not to be the norm.

lol....depends on who's doing it !   lol  

Tallon41

[Only ever lost one battle, in '03.  I have better tools, and have learned much about the innerworkings of XP since then.  It would lose today.  This year a couple have taken a few days each to track-down, but I don't mind ~ the cheeky bstrds get sneakier all the time !  LOL ]

Tallon41:

lol....depends on who's doing it !   lol  

My friend calling ol' Penewah! a hack again!!?? lol/ j/k

Tallon41:

[Only ever lost one battle, in '03.  I have better tools, and have learned much about the innerworkings of XP since then.  It would lose today.  This year a couple have taken a few days each to track-down, but I don't mind ~ the cheeky bstrds get sneakier all the time !  LOL ]

Peace, Penewah! 

Penewab2007:

Are you using a security app or a manual? One thing I could get better at, is manual hunt and deletes, but that is time consuming.

Both.  The only really killers out there are Root Kits.  I've read about some that will flash the BIOS and render the PC un cleanable even if formatted.....but I've never actually encountered one of these.  I use the gmer root-kit detector.  Once ID'd it can be tracked-down and removed with the Live CD.  RAIDs are a problem though.  don't have a raid driver on a live cd yet.  

I use a live CD to take a quick peek a the registry remotely [there are about 5 places you can quickly peek-at and dis-able nastys,] so that when I boot into "safe mode with networking" I don't need to worry about fighting for control of the system, just load the scan tools and drive-on.

Tallon41

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
ensure AppInit_DLLs is blank....google anything found here, though I've yet to find a legitimate entry.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
check the path to c:\windows\system32\userinit.exe (and that there are no ADDITIONAL listed exe files.)
check that UIHost is logonui.exe
check that System key is blank, google anything found.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\notify
look for any key listed not found in google, (or ID'd in google as Malware.)

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run
export the key, then google everything and delete as needed.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\run
same as above

Then inspect
c:\
c:\windows
c:\windows\system32
c:\windows\system32\drivers [I usually just check here, run CCleaner and let the cleaning tools find the rest ]

reverse date sort by "date created" must add that column first.  see what c**p floats to the top.  the drivers folder is where most rootkits like to put files.

run CCleaner on all the temp files from a portable drive on .  Files deleted in the live CD do not go to the recycle bin.

like anything else you get to know what SHOULD be there and what should not, so it does not take much time for me to do this.

That looks like an awesome tool T, (Should patent the process man, maybe call it "Tallonender" (Tah-al-o-nen-der) lol. Cut gmer some residuals)

I'm gonna try it next gig, can't actually wait for someone to get infected! lmao.

Once again friend, thanx for some great help. Doz eggz!

Pene

Yep got a really bad one last week. Could not get in to safe mode, command prompt or anything. You could only boot windows normally. Had to format the drive which is not a big deal load up the Xbox while the formats going.

Tallon what live CD did you use if you don’t mind me asking?

---

It's a type of BART XP.  XPE  the creator called it "the horse power"

 http://www.bjorn3d.com/read_pf.php?cID=1112

On a side note.

You can boot a Win2000 CD, use the Recovery Console it has to GREAT effect.  Because unlike the stupid XP Recovery Console...it is not handicapped as to what can copy, and to where, and the dos commands behave as expected.....

Tallon41

Thanks Tallon I will download that just in case I get  that nightmare once again.  I agree that the XP Recovery Console is very handicapped. I will have to see if I can locate my old Win 2000 CD.

---

No prob.

You don't need a license as it will only be used to enter the Recovery Console, so you can download any ISO for win2k off the net and use it.  The higher the SP level the betters.  I've got an SP3 one I use.

Tallon41

Yep I have Win 2000 with SP3 on it just the matter of finding it thru all the CDs I have for the PC. I probably will find Doom 2 in that stack as well with Win 95, LOL. 

---