Removal From Protected Status

Discussion in 'ProcessGuard' started by Antibuddha, Dec 27, 2004.

Thread Status:
Not open for further replies.
  1. Antibuddha

    Antibuddha Registered Member

    Joined:
    Dec 27, 2004
    Posts:
    3
    After reading good things about ProcessGuard in these forms, I downloaded the free trial version. I'm wondering if I understand the program correctly. Under the "Protection" tab I went through all the entries and found three that looked like trouble. They are: explore.exe, isass.exe, and spoolsvc.exe. I removed them from protected status using the appropriate button. I then ran my Kaspersky and Spy Sweeper programs to see if they could locate these programs as I'm assuming that what ProcessGuard did was merely make them visible. Neither program found any problems. The ProcessGuard help section wasn't much help. Am I understanding this thing correctly? If these nasties are indeed hiding on my system and AV and spy detection programs don't find them what do I do?
     
  2. rickontheweb

    rickontheweb Registered Member

    Joined:
    Nov 14, 2004
    Posts:
    129
    I would definately download AdawareSE and Spybot Search & Destroy, update them to the latest signatures and do some serious spyware removal! Your system needs to be clean before you run processguard. Or else it'll learn in the nasties as well as you just found out. At this point I would definately set their permissions to deny always and kill those processes.

    All three of those are nasties that are named similar to legitimate system processes. The real services should be explorer.exe, lsass.exe and spoolsv.exe (no c at the end).

    I've never tried Spy Sweeper so I do not know how good it is, but if you have it running and you still got ickies, it wouldn't hurt to get AdAwareSE and Spybot and run them periodically also since they are free.

    Processguard can't do any good if you are already compromised. Well, it can help since you can deny permissions once you found the problems, but you really should try and be squeaky clean before using the learning feature in processguard.
     
    Last edited: Dec 27, 2004
  3. Pilli

    Pilli Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    6,217
    Location:
    Hampshire UK
    Hi Antibuddha,

    Thanks rickontheweb - good advice:)

    Can I also suggest that you download a copy of TDS3 trial: http://tds.diamondcs.com.au/
    Install it and reboot, get the lataest radius file from here: http://tds.diamondcs.com.au/index.php?page=update
    put it in the main TDS3 folder , sy yes to overwrite the original version, then reload TDS3.
    Now shutdown and restart your PC, just before windows starts to load press F8 several times and get into Safe mode, once lin safe mode open TDS3 and in Scan control enable all of the scans shown.
    Select scan all logical drives. This is a very deep scan and will take some time, when completed you can right click any entries in the lower console to see their properties or delete them.

    HRH Pilli
     
Thread Status:
Not open for further replies.