007guard.com...how to get rid of?

shandypants5

Hi... anyone heard of this thing 007guard.com ???
I have tried lots of antispyware scans but it still keeps returning.
most of the time it doesnt do anything, I think it may be slowing the comp down slightly.
But when I am on the internet it occasionally redirects me to an error page and says the page cannot be found, (007guard.com is in the address bar at this point) and when I try to close the page it closes the whole IE..:mad:

have tried so far.. turning off sys restore and running all my anti spy stuff
have run 1 adaware
2 spybot search and destroy
3 spyware terminator
4 Crap Cleaner
All with sys restore OFF, but it still comes back?

Any advice??

Browntoa

* Please download SmitfraudFix (by S!Ri)

* Reboot into Safe Mode ( without networking support)

°To get into the Safe mode as the computer is booting press and hold your "F8 Key". Use your arrow keys to move to "Safe Mode" and press your Enter key.

Browntoa

Doubleclick SmitFraudFix to start the tool.

Select option #2 - Clean by typing 2 and press "Enter" to delete infected files.

You will be prompted : "Registry cleaning - Do you want to clean the registry ?"; answer "Yes" by typing Y and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection.

The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing Y and press "Enter".

The tool may need to restart your computer to finish the cleaning process; if it doesn't, please restart it into Normal Windows.
A text file will appear onscreen, with results from the cleaning process.

Post the log from smitfraudfix in your next reply together with a hijackthis log.

shandypants5

thanks Browntoa.
No time to try tonight but will get right on it in the morning.

Miroslav

I've had this !!!!!! before. It comes in many guises - 007guard, 2-search, trojans, browser hijackers and so on

http://www.superantispyware.com/

http://www.majorgeeks.com/download.php?det=903

http://www.error-repair-pro.com/

http://www.softpedia.com/progDownload/VundoFix-Download-33165.html

Bretween them, those 4 killed all forms of it for me.

The error repair may not be free - I have the full version.

Vundofix stopped all the popups but 007guard returned in changing pages I was on into another page so it only killed the popups - but between them all, they killed it

shandypants5

thanks Miroslav.. but I am fixed already from browntoa,s advice.
may still download this stuff too though so I am better armed for the next attack..

alsmith_3

Browntoa wrote: »

* Please download SmitfraudFix (by S!Ri)

* Reboot into Safe Mode ( without networking support)

°To get into the Safe mode as the computer is booting press and hold your "F8 Key". Use your arrow keys to move to "Safe Mode" and press your Enter key.

USE THIS VERY CAREFULLY- IF AT ALL. I TRIED AND WAS IMMEDIATELY WARNED ABOUT 3 INFECTED FILES BY MY ANTI-VIRUS PROGRAM THAT WERE IN THE INSTALLED FILES. IT PROBABLY SAYS USE SAFE MODE SO YOUR ANTI-VIRUS IS DISABLED.

Reluctant_spender

IN REPLY TO THE ABOVE POST;

Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.
http://www.beyondlogic.org/consulting/proc...processutil.htm