Ramblings, opinions, and general meanderings from the Deep South

Monday, October 03, 2005

PSGuard is Evil!!!

If you see ANYTHING that has to do with PSGuard, run like crazy. This horrible piece of malware will take over your desktop, flood you with popups, create havoc in your registry and all the while pose as a "spyware-removal" tool. If you even think this garbage is trying to infect your machine, literally reach over and pull the plug from the wall socket as fast as possible. NO permissions asked here, they just infect. Why does our government let these creeps exist? Here is a list of needed actions that will help you start repairing an infected PC:

Remove these directories
PSGuard folder %appdata%\Shudder Global Limited
PSGuard folder %startmenu%\programs\PSGuard spyware remover
PSGuard folder \PSGuard
PSGuard folder %appdata%\PSGuard.com
PSGuard folder Documents and Settings\All Users\Start Menu\Programs\PSGuard

Remove these files
PSGuard file %appdata%\Microsoft\Internet Explorer\Quick Launch\PSGuard spyware remover.lnk
PSGuard file \intell32.exe
PSGuard file %desktop%\PSGuard spyware remover.lnk
PSGuard file %desktop%\PSGuard.lnk
PSGuard file %appdata%\Microsoft\Internet Explorer\Quick Launch\PSGuard.lnk
PSGuard file %appdata%\PSGuard.com
PSGuard file \PSGuard\database.dat
PSGuard file \PSGuard\MFC71.dll
PSGuard file \PSGuard\MFC71ENU.dll
PSGuard file \PSGuard\MSIMG32FOR9X.DLL
PSGuard file \PSGuard\msvcp71.dll
PSGuard file \PSGuard\msvcr71.dll
PSGuard file \PSGuard\PSGuard.exe
PSGuard file \PSGuard\PSGuard.exe.local
PSGuard file \PSGuard\PSGuardSkin.dll
PSGuard file \PSGuard\Uninstall.exe
PSGuard file \wppp.html

Remove these registry keys
PSGuard registry key SOFTWARE\Classes\CLSID\{3A3A8C24-8FF0-4140-9731-54D9483EA70B}
PSGuard registry key AVECore.Quarantine.1
PSGuard registry key AVECore.RealTime
PSGuard registry key AVECore.RealTime.1
PSGuard registry key AVECore.RTObject
PSGuard registry key AVECore.RTObject.1
PSGuard registry key AVECore.SafeMode
PSGuard registry key AVECore.SafeMode.1
PSGuard registry key AVECore.Scaner
PSGuard registry key AVECore.Scaner.1
PSGuard registry key AVECore.ScanStatistic
PSGuard registry key AVECore.ScanStatistic.1
PSGuard registry key AVECore.theApp
PSGuard registry key AVECore.theApp.1
PSGuard registry key AVECore.Update
PSGuard registry key AVECore.Update.1
PSGuard registry key AVECore.UpdateInfo
PSGuard registry key AVECore.UpdateInfo.1
PSGuard registry key AVECore.VersionInfo
PSGuard registry key AVECore.VersionInfo.1
PSGuard registry key WndLayer.Window
PSGuard registry key WndLayer.Window.1
PSGuard registry key WndLayer.WindowCollection
PSGuard registry key WndLayer.WindowCollection.1
PSGuard registry key WndLayer.WindowLayer
PSGuard registry key WndLayer.WindowLayer.1
PSGuard registry key {08101C3E-6C90-439E-9734-6E4DD1B53B69}
PSGuard registry key {09B90087-4FFA-4A44-BE69-DA117A710F07}
PSGuard registry key {1449F89C-AD28-427A-97FF-1D5BD812EA43}
PSGuard registry key {1C08D3D0-1E04-4DDE-AB0A-75355EA2585E}
PSGuard registry key {20F8B70D-9F16-4DCB-8788-90A0498E46B9}
PSGuard registry key {28FEDB90-53C7-4928-994A-CEE782606507}
PSGuard registry key {3A350193-C7F7-4E10-B347-02FF4C3CC4E9}
PSGuard registry key {4723879B-8F52-4BE7-9994-626AFA539366}
PSGuard registry key {7B6A3434-8625-4ABF-B79D-09D98C2498C4}
PSGuard registry key {8B6C0168-BAAC-4C7C-911E-0132590F5661}
PSGuard registry key {8EC33B7D-9953-4EDB-ACE2-D4C105968601}
PSGuard registry key {A00E2305-7001-4200-BA00-5779F9A3E7D3}
PSGuard registry key {B803D266-A08D-4A4C-9604-6D35689ABE09}
PSGuard registry key {A917B2F3-A9BF-477C-A0E3-0382D0376159}
PSGuard registry key {B26B5883-F15F-4283-B3D5-A1728077DE47}
PSGuard registry key {B803D266-A08D-4A4C-9604-6D35689ABE09}
PSGuard registry key {CB9385AB-8541-4B2F-A363-48F64C612993}
PSGuard registry key {D6A7D177-0B2F-4283-B2E8-B6310A45E606}
PSGuard registry key {D5D6E9B5-30D5-4457-AC8B-399205F50411}
PSGuard registry key {D6A7D177-0B2F-4283-B2E8-B6310A45E606}
PSGuard registry key {E0D6C30A-B9A3-4181-8099-3B0D5A2B98AF}
PSGuard registry key {F61D1CE1-5199-4B57-B59E-C6819EA92F3B}
PSGuard registry key Interface\{F100A342-3AC5-47FF-B5B3-FCDB6FC9F016}
PSGuard registry key CLSID\{357A87ED-3E5D-437d-B334-DEB7EB4982A3}
PSGuard registry key SOFTWARE\Classes\CLSID\{187A8428-BD94-470D-A178-A2347F940519}
PSGuard registry key SOFTWARE\Classes\CLSID\{2865930B-4588-4FF3-8227-6D4F66C92C7A}
PSGuard registry key SOFTWARE\Classes\CLSID\{2FE2EDC0-9E62-4F34-8A73-BC66DAE48EF3}
PSGuard registry key SOFTWARE\Classes\CLSID\{3A906593-B4BD-48ED-84B0-3249BED65EF9}
PSGuard registry key SOFTWARE\Classes\CLSID\{49B72A72-01F5-4AE8-BBD7-DAA67F1E303B}
PSGuard registry key SOFTWARE\Classes\CLSID\{6AE3ACA6-1BE3-4443-98DD-EFFCFA793D35}
PSGuard registry key SOFTWARE\Classes\CLSID\{6AE3ACA6-1BE3-4443-98DD-EFFCFA793D35}
PSGuard registry key SOFTWARE\Classes\CLSID\{79DDF2EF-D881-464B-B2AF-5AF8816A3964}
PSGuard registry key SOFTWARE\Classes\CLSID\{813C8E86-4C90-4617-B59E-E130CC068140}
PSGuard registry key SOFTWARE\Classes\CLSID\{89133BCE-57D0-4D2B-AFAF-A97B74AD704E}
PSGuard registry key SOFTWARE\Classes\CLSID\{8F40CC34-FE77-4618-AA3D-BD2EFACAA8DC}
PSGuard registry key SOFTWARE\Classes\CLSID\{9F89E240-06A6-4E1C-BA84-F267DE7DB391}
PSGuard registry key SOFTWARE\Classes\CLSID\{B60A0E56-548D-40AE-9383-D752531F653F}
PSGuard registry key SOFTWARE\Classes\CLSID\{B67B0756-2528-4996-B4BD-C993614CC0B6}
PSGuard registry key SOFTWARE\Classes\CLSID\{BCC51EA9-6340-4EBE-8736-13A752ECB0BE}
PSGuard registry key SOFTWARE\Classes\CLSID\{E9719D38-EC55-4C8B-9DF0-080ADE95A9FA}
PSGuard registry key SOFTWARE\Classes\CLSID\{F4B3E25A-33B4-4647-9A78-B627DDE211A6}
PSGuard registry key SOFTWARE\Classes\TypeLib\{982392F9-9C65-48B4-B667-3459C46630D1}
PSGuard registry key CLSID\{187A8428-BD94-470D-A178-A2347F940519}
PSGuard registry key CLSID\{2865930B-4588-4FF3-8227-6D4F66C92C7A}
PSGuard registry key CLSID\{2FE2EDC0-9E62-4F34-8A73-BC66DAE48EF3}
PSGuard registry key CLSID\{3A3A8C24-8FF0-4140-9731-54D9483EA70B}
PSGuard registry key CLSID\{3A906593-B4BD-48ED-84B0-3249BED65EF9}
PSGuard registry key CLSID\{49B72A72-01F5-4AE8-BBD7-DAA67F1E303B}
PSGuard registry key CLSID\{6AE3ACA6-1BE3-4443-98DD-EFFCFA793D35}
PSGuard registry key CLSID\{6AE3ACA6-1BE3-4443-98DD-EFFCFA793D35}
PSGuard registry key CLSID\{79DDF2EF-D881-464B-B2AF-5AF8816A3964}
PSGuard registry key CLSID\{813C8E86-4C90-4617-B59E-E130CC068140}
PSGuard registry key CLSID\{89133BCE-57D0-4D2B-AFAF-A97B74AD704E}
PSGuard registry key CLSID\{8F40CC34-FE77-4618-AA3D-BD2EFACAA8DC}
PSGuard registry key CLSID\{9F89E240-06A6-4E1C-BA84-F267DE7DB391}
PSGuard registry key CLSID\{B60A0E56-548D-40AE-9383-D752531F653F}
PSGuard registry key CLSID\{B67B0756-2528-4996-B4BD-C993614CC0B6}
PSGuard registry key CLSID\{BCC51EA9-6340-4EBE-8736-13A752ECB0BE}
PSGuard registry key CLSID\{E9719D38-EC55-4C8B-9DF0-080ADE95A9FA}
PSGuard registry key CLSID\{F4B3E25A-33B4-4647-9A78-B627DDE211A6}
PSGuard registry key SOFTWARE\Classes\CLSID\{04F3168F-5AFC-4531-B3B4-16CA93720415}
PSGuard registry key SOFTWARE\SHUDDERLTD
PSGuard registry key typelib\{982392f9-9c65-48b4-b667-3459c46630d1}
PSGuard registry key clsid\{787dec39-69d0-40b3-b173-e0411c59b300}
PSGuard registry key clsid\{057e242f-2947-4e0a-8e61-a11345d97ea6}
PSGuard registry key SOFTWARE\PSguard.com
PSGuard registry key SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PSGuard
PSGuard registry key AVECore.FoundCollection
PSGuard registry key AVECore.FoundCollection.1
PSGuard registry key AVECore.FoundObject
PSGuard registry key AVECore.FoundObject.1
PSGuard registry key AVECore.KilledProcessesCollection
PSGuard registry key AVECore.KilledProcessesCollection.1
PSGuard registry key AVECore.KilledProcessInfo
PSGuard registry key AVECore.KilledProcessInfo.1
PSGuard registry key AVECore.License
PSGuard registry key AVECore.License.1
PSGuard registry key AVECore.Options
PSGuard registry key AVECore.Options.1
PSGuard registry key AVECore.Quarantine

This is only the beginning. Paretologic Labs has a tool called XoftSpy they claim will remove this dungware. They will even scan your PC for free. To use the removal software it will cost you. This is NOT freeware or shareware. It's $39.95 for a single home PC and and pricing varies on multiple license. It wasn't used in this case. Instead I went to several forums, read their advice and hacked away at the registry, files, etc., for several days. Search for PSGuard and read about the nightmares people have encountered. Google Search produced 21,000 hits about this cretinware. If I ever am elected emporer of the known universe these Shudder Global Limited (parent company of PSGuard) jerks will be some of the first hurled into the volcano. Shudder my ass! I am going to take my meds and rest now.

"He who does not punish evil commands it to be done."
-Leonardo da Vinci

No comments: