Personal Guard

[Garibaldi]

I've contracted a nasty bit of malware called Personal Guard 2009, which is basically a fake spyware program that ruins my day. I've run SpyBot, Malwarebytes and various other malware programs, deleted it, eliminated it from the registry, all to no avail, both when Personal Guard was running and in those rare instances when I managed to kill the process, and in safe mode as well, and before the OS (Vista) finished booting up. But like a malevolent Lazarus it keeps coming back. How the fuck can I finally burn away this hydra?

[atg]

Backup, format, then reinstall would be my suggestion.

[Garibaldi]

Is that really the only way? My Windows Install CD is in another country, so I was hoping to find an easier method...

[Mr Bean]

Is that really the only way? My Windows Install CD is in another country, so I was hoping to find an easier method...

Personal Guard 2009 is a nasty one, all the worse because your in Vista not XP which age makes it easier to correct. OK first steps

1. Safe mode
Run MSCONFIG, turn off all items on startup. ALL items

2. Restart go back into safe mode
Verify there are no new items on the MSCONFIG startup page that are turned on (You did turn them all off didn't you?) I've run into a case of PG2009 which re-installed itself by infecting another startup program. It only went "active" when PG2009 refused to start.

3. Start Vista normally, if you have wireless turn it off, if you have wired unplug it.
Verify PG 2009 is not running
If it IS running your talking an explorer level infect I'd go with Format at this point.
If not go onto step 4.

4. Run all your anti-vrius/malware tools. Verify after running each one if you see PG2009 start up.
If you have a clean bill of heath re-connect your internet. Update everything and run a final check.

If this fails to work get back to me with where everything went wrong.

[Garibaldi]

Thank you, that worked and it's finally gone. However, its malignant influence lingers, like a bad hangover...

After it infected the computer, I stopped being able to connect to the Internet through any program other than FireFox. Obviously I don't care about IE being blocked, but I also can't connect through the iTunes Store, or iTunes update, or Windows Update, etc. etc. How can I reverse this problem...?

[Mr Bean]

Thank you, that worked and it's finally gone. However, its malignant influence lingers, like a bad hangover...

After it infected the computer, I stopped being able to connect to the Internet through any program other than FireFox. Obviously I don't care about IE being blocked, but I also can't connect through the iTunes Store, or iTunes update, or Windows Update, etc. etc. How can I reverse this problem...?

What firewall program do you use? Also sounds like you need to run a registry cleaning program(I'm sure someone will be along in a moment to recommend a few) to make sure it's not remnants of PG2009. Most of these fake anti-virus programs go to town on your registry in order to block anything but it from running so deleting all it's modifications is going to be needed to get it back up and running again.

[TheFeniX]

Winsockxpfix was a nifty little free program that corrected many network issues after a bad infection. Googling, Vista seems to have a command built in to do the same thing.

Code: Select all

To repair and reset the Windows Vista

   1. Click on Start button.
   2. Type Cmd in the Start Search text box.
   3. Press Ctrl-Shift-Enter keyboard shortcut to run Command Prompt as Administrator. Allow elevation request.
   4. Type "netsh winsock reset" in the Command Prompt shell, and then press the Enter key.
   5. Restart the computer.

No idea if it works or not, but if it does the same thing as the XP fix, it should.