Removal From Protected Status

Discussion in 'ProcessGuard' started by Antibuddha, Dec 27, 2004.

Thread Status:
Not open for further replies.
  1. Antibuddha

    Antibuddha Registered Member

    Dec 27, 2004
    After reading good things about ProcessGuard in these forms, I downloaded the free trial version. I'm wondering if I understand the program correctly. Under the "Protection" tab I went through all the entries and found three that looked like trouble. They are: explore.exe, isass.exe, and spoolsvc.exe. I removed them from protected status using the appropriate button. I then ran my Kaspersky and Spy Sweeper programs to see if they could locate these programs as I'm assuming that what ProcessGuard did was merely make them visible. Neither program found any problems. The ProcessGuard help section wasn't much help. Am I understanding this thing correctly? If these nasties are indeed hiding on my system and AV and spy detection programs don't find them what do I do?
  2. rickontheweb

    rickontheweb Registered Member

    Nov 14, 2004
    I would definately download AdawareSE and Spybot Search & Destroy, update them to the latest signatures and do some serious spyware removal! Your system needs to be clean before you run processguard. Or else it'll learn in the nasties as well as you just found out. At this point I would definately set their permissions to deny always and kill those processes.

    All three of those are nasties that are named similar to legitimate system processes. The real services should be explorer.exe, lsass.exe and spoolsv.exe (no c at the end).

    I've never tried Spy Sweeper so I do not know how good it is, but if you have it running and you still got ickies, it wouldn't hurt to get AdAwareSE and Spybot and run them periodically also since they are free.

    Processguard can't do any good if you are already compromised. Well, it can help since you can deny permissions once you found the problems, but you really should try and be squeaky clean before using the learning feature in processguard.
    Last edited: Dec 27, 2004
  3. Pilli

    Pilli Registered Member

    Feb 13, 2002
    Hampshire UK
    Hi Antibuddha,

    Thanks rickontheweb - good advice:)

    Can I also suggest that you download a copy of TDS3 trial:
    Install it and reboot, get the lataest radius file from here:
    put it in the main TDS3 folder , sy yes to overwrite the original version, then reload TDS3.
    Now shutdown and restart your PC, just before windows starts to load press F8 several times and get into Safe mode, once lin safe mode open TDS3 and in Scan control enable all of the scans shown.
    Select scan all logical drives. This is a very deep scan and will take some time, when completed you can right click any entries in the lower console to see their properties or delete them.

    HRH Pilli
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.