PCGuard intell32.exe Removal

Discussion in 'Desktop & Laptop Computers Forum' started by Kingster IOM, Mar 8, 2006.

  1. Kingster IOM

    Kingster IOM
    Active Member

    Joined:
    Jan 6, 2006
    Messages:
    293
    Products Owned:
    0
    Products Wanted:
    0
    Trophy Points:
    28
    Location:
    Douglas, Isle of Man
    Ratings:
    +50
    Does anyone know how to get rid of this spyware/malware what ever it is?

    No matter what I have tried (Spybot/ Ad Aware) it doesn't completely get rid of it.

    I have tried manually deleting it in the registry, but it wont let me, even in Safe mode.

    It's driving me crazy, as it hijacks the dialup...

    The one saving grace it's on my Dad's PC and not mine.

    Any help would be gratefully recieved.

    :lease:
     
  2. Uridium

    Uridium
    Well-known Member

    Joined:
    Jan 29, 2005
    Messages:
    14,434
    Products Owned:
    0
    Products Wanted:
    0
    Trophy Points:
    136
    Location:
    North West Leicestershire
    Ratings:
    +1,855
  3. smidster

    smidster
    Standard Member

    Joined:
    Jun 4, 2005
    Messages:
    43
    Products Owned:
    0
    Products Wanted:
    0
    Trophy Points:
    8
    Location:
    London
    Ratings:
    +2
  4. Kingster IOM

    Kingster IOM
    Active Member

    Joined:
    Jan 6, 2006
    Messages:
    293
    Products Owned:
    0
    Products Wanted:
    0
    Trophy Points:
    28
    Location:
    Douglas, Isle of Man
    Ratings:
    +50
    I doubt it's Blueyonder. We live on the Isle of Man and our ONLY ISP is Manx Telecom.

    Plus this keeps hijacking the Internet connection and opening alternate windows...

    It wont let me delete it from the registry, and I have found a few references on it being malware on the net but none of the posted suggestions work.
     
  5. Uridium

    Uridium
    Well-known Member

    Joined:
    Jan 29, 2005
    Messages:
    14,434
    Products Owned:
    0
    Products Wanted:
    0
    Trophy Points:
    136
    Location:
    North West Leicestershire
    Ratings:
    +1,855
    take it you've checked "Startup programs" tab in Msconfig for any entries there and also had a look in the registry at HKLM\Software\Microsoft\Windows\Currentversion\Run?
     
  6. Kingster IOM

    Kingster IOM
    Active Member

    Joined:
    Jan 6, 2006
    Messages:
    293
    Products Owned:
    0
    Products Wanted:
    0
    Trophy Points:
    28
    Location:
    Douglas, Isle of Man
    Ratings:
    +50
    "take it you've checked "Startup programs" tab in Msconfig for any entries there and also had a look in the registry at HKLM\Software\Microsoft\Windows\Currentversion\Run ?"

    I've taken intell32.exe out of the RUN, and also deleted all the registry value's under the PSGUARD entry.

    I have also deleted the intell32.exe file from system32 folder, but as soon as you start IE it pops up from somewhere in the system32 directory again.....

    It is driving me mad...
     
  7. Cable Monkey

    Cable Monkey
    Well-known Member

    Joined:
    Feb 10, 2002
    Messages:
    3,494
    Products Owned:
    0
    Products Wanted:
    0
    Trophy Points:
    106
    Location:
    Birmingham
    Ratings:
    +205
    This will be malware that names itself as something familiar. However somewhere on the pc will be another file from which the program re-spawns. As well as the obvious file and the registry entries, you have to find this other file too. I had a pig of a time cleaning up my daughters laptop after she opened something up sent to her on MSN, and I have seen others simply opt to rebuild their Windows install.
     
  8. Uridium

    Uridium
    Well-known Member

    Joined:
    Jan 29, 2005
    Messages:
    14,434
    Products Owned:
    0
    Products Wanted:
    0
    Trophy Points:
    136
    Location:
    North West Leicestershire
    Ratings:
    +1,855
    above poster is spot on.

    Quite often these apps respawn from a DOS bat or cmd file, common places for them to hide are C:\Documents and Settings\%username%\Local Settings\Temp or c:\windows\system32.

    I'd suggest searching these folders, sorting by date and looking for any unusual executables or batch files. common file names are soimething vague like "A.bat", "B.bat or "winupdates.bat"
     
  9. Kingster IOM

    Kingster IOM
    Active Member

    Joined:
    Jan 6, 2006
    Messages:
    293
    Products Owned:
    0
    Products Wanted:
    0
    Trophy Points:
    28
    Location:
    Douglas, Isle of Man
    Ratings:
    +50
    Cheers lads.

    I did clean out the temp files etc...

    I will have another look. If it was at my house I would reinstall the OS. But I'lll leave that as a last resort.

    I'll have another dig round for batch files, and the like.

    Thank you al once again

    :thumbsup:
     

Share This Page

Loading...