Personal Guard 2009

Discussion in 'malware problems & news' started by Rico, Nov 3, 2009.

Thread Status:
Not open for further replies.
  1. Rico

    Rico Registered Member

    Joined:
    Aug 19, 2004
    Posts:
    1,699
    Location:
    Texas
    Help,

    I'm cleaning a PC XP machine, MBAM & SAS find the varmit, but require a reboot & Personal Guard comes right back.

    Try Avira rescue CD & can't get to the flag to change languages, nor can I get to the scanner start button. Tried choosing (at start of Avira load) 1, 3, 4 ,5 video modes - alqays the same buttons can't be reached. I have 3 diff Avira rescues, they all act the same on this machine.

    KAV rescue cd scans in 15 seconds & does nothing

    Dr. Web finds nothing, run from windows or boot disc

    HJT finds 04 personal guard, fixing this it just comes back

    Google gives many manual cures, deleting the reg files, allows deleting c:\program files\personalguard folder. but in 30 seconds it's back.

    when manual delete talks of %program files% & %user...% % is a variable? Using search %program files% us searching c:\program files, or am i confused here.

    This rogue is frustrating the hell out of me.

    Thanks
    Rico
     
  2. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    12,883
    Location:
    Canada
    run the msconfig and disable the services and the the program that start with:)
     
  3. BrendanK.

    BrendanK. Registered Member

    Joined:
    Jun 23, 2008
    Posts:
    520
    Location:
    Australia
    Hehe. Sounds like a tough one. Send me your Hijack This log and I may be able to help :)

    Or you can post it on a dedicated Hijack This forum :)
     
  4. G1111

    G1111 Registered Member

    Joined:
    May 11, 2005
    Posts:
    2,127
    Location:
    USA
    Last edited: Nov 3, 2009
  5. zopzop

    zopzop Registered Member

    Joined:
    Apr 6, 2006
    Posts:
    632
    Rico have you been to this site? It lists all the files/registry entries/etc... associated with Personal Guard and where they are located so you can remove them.

    Hope this helps.
     
  6. Franklin

    Franklin Registered Member

    Joined:
    May 12, 2005
    Posts:
    2,517
    Location:
    West Aussie
    XP vm and after a scan/clean with MBAM the rogue Personal Guard 2009 is completely gone on reboot.

    You are updating MBAM before scanning huh?
     
  7. Rico

    Rico Registered Member

    Joined:
    Aug 19, 2004
    Posts:
    1,699
    Location:
    Texas
    Hi Guys,

    I saw several of the above sights & tried but it keeps coming back. I thought if I find "lan.dll" & unregister it that would help, I cannot find the file. MBAM was not the latest.

    Can I manually update MBAM?

    Thanks Guys
    Rico
     
  8. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    12,883
    Location:
    Canada
    did you tried disable it's service withing msconfig?and did you tried to manually delete some registry keys?in safe mode?
     
  9. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    12,883
    Location:
    Canada
    in safe mode?
     
  10. andyman35

    andyman35 Registered Member

    Joined:
    Nov 2, 2007
    Posts:
    2,336
    Another option you could try is uninstalling this rogue using Revo Uninstaller,I've had success with it on similar hard to remove rogues.
     
  11. Rico

    Rico Registered Member

    Joined:
    Aug 19, 2004
    Posts:
    1,699
    Location:
    Texas
    Hi Guys,

    Safe mode I cannot enter.

    I did try deleting registry entries (from the manual removal, links above) no luck.
    Delete the registry entries then delete, program files\persoalguard <folder>, it comes back within a minute.

    Tried Sophos rootkit - came up clean.

    Tried the latest MBAM - it finds & tries to delete, but a reboot & it's back.

    I have not seen a 'service' for this rogue

    I'll try revo & report back
     
  12. Rico

    Rico Registered Member

    Joined:
    Aug 19, 2004
    Posts:
    1,699
    Location:
    Texas
    Hi,

    Revo removed, but it was back instantly.

    F-secure easy clean - did not find anything wrong:thumbd:

    Smit-Fraud - seems to have knocked it out or dazed, personal guard. next scan with SAS which found killbox's attempt to kill personal guard. Tried rebooting to avira boot disc, still in german now way to select start scan or english. Back to windows, now scanning with avast worm.

    I'll be back

    Rico
     
  13. JRViejo

    JRViejo Global Moderator

    Joined:
    Jul 9, 2008
    Posts:
    20,954
    Location:
    U.S.A.
    Rico, did you try Revo in Advanced Mode? That will give you access to all the leftover Registry entries!

    JR
     
  14. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    12,883
    Location:
    Canada
    @Rico try to restore your system 1 day before your problem start;)
     
  15. Mister_Al

    Mister_Al Registered Member

    Joined:
    Aug 20, 2002
    Posts:
    28
  16. Rico

    Rico Registered Member

    Joined:
    Aug 19, 2004
    Posts:
    1,699
    Location:
    Texas
    Hi Guys,

    I did try Revo in advanced mode, still came right back.

    SmitFraudFix - KO'd the sucker, I then deleted its folder, did the SAS which found killbox's attempt at personalguard.exe. Several reboots + clean MBAM & SAS scans. I thinks it's gone. I'll add Mister_Al's solution to my zip drive. Seems like rogue security apps are popular now.

    I like SmitFraud, as it kills all processes, then scans. I guess that's similar to what I tried & failed to do, clean from boot disc, & safe- mode, both have fewer process's running.

    Thanks
    Rico
     
Thread Status:
Not open for further replies.