TheManaDrain.com
January 18, 2026, 11:17:10 pm *
Welcome, Guest. Please login or register.

Login with username, password and session length
News:
 
   Home   Help Search Calendar Login Register  
TheManaDrain.com > Vintage Community Discussion > General Community Discussion (Moderators: Zherbus, The Atog Lord, Godder, Demonic Attorney) > Computer Issue: 007guard malware
Pages: [1]
  Print  
Author Topic: Computer Issue: 007guard malware  (Read 1212 times)
Demonic Attorney
Administrator
Basic User
*****
Posts: 2312

ravingderelict17
View Profile
« on: June 12, 2009, 07:58:23 pm »
So here's a problem.  About a month ago, I start my browser only to get routed, no matter what URL I enter, to my ISP's startup page.  This is odd because I've been using their internet services for 10 months by now and have never had this happen before.  I call them and their customer service drone goes through the usual motions of having me restart my computer, my router, my modem, etc.  All to no avail.  They check some things on their end and can't find the problem. 

So I run a netstat on my machine and some weird connections come up that go to www dot 007guard dot com.  Aha.  I run Spybot S/D, and it finds nothing.  I Google 007guard (from my girlfriend's computer) and discover that it's a persistent form of malware.  So I check my hosts file and sure enough, what should be the localhost entry has been changed to 007guard.  Fine.  I change it back, and my internet works again.  I congratulate myself on my computer acumen and continue on my way.

This afternoon, I have to restart my computer because Microsoft needs to patch another security flaw in its fine Windows XP software.  I reboot and start my browser to discover, much to my dismay, that I'm back to my ISP's startup page.  Remembering what I did last time, I re-edit my host file and again the problem is fixed.  But now I'm a bit more concerned.  On the advice of a TMD'er in the computer sector, I download and run malwarebytes, which finds some registry bugs, though not ones that seem to be connected to 007guard.  I remove them anyway and get a restart prompt.

Here's where it gets weird.   I reboot and start up my browser, and get sent to the ISP startup page.  I check my hosts file.  It's normal.  I cannot for the life of me figure out why I'm still having the problem.  I do another netstat check and it comes back clean.  Yet still the problem persists.  I end up having to do a system restore to the day before yesterday, and that undoes whatever malwarebytes did, allowing me to get back online.  But I still have a problem.  This 007guard crap is still on my machine.  I'm afraid to restart because I don't know what manner of ill fate will befall my internets if I do.

So here's where you come in.  I need to know what exactly the problem is, and how to get rid of it.  I run XP Pro, use Firefox as my browser, use updated Norton (a resource hog, I know) and run Spybot as my spyware removal tool.  All spyware and virus definitions are current.  I can post HijackThis logs if they will help.  What now? 
Logged
Quote from: AmbivalentDuck on June 03, 2014, 08:27:40 pm
Seems like a troll post
JACO
Full Members
Basic User
***
Posts: 1215


Don't be a meatball.


View Profile WWW
« Reply #1 on: June 12, 2009, 10:27:07 pm »
Boot into safe mode and run SuperAntiSpyware. After you reboot following that (it will probably boot up normally), then disable your Anti-Virus client and run ComboFix. These programs might look weak, but they are legit and you can Google both of these to grab them as free downloads. After you run both of those successfully you'll probably be good to go, but let me know.
Logged
Want to write about Vintage, Legacy, Modern, Type 4, or Commander/EDH? Eternal Central is looking for writers! Contact me. Follow me on Twitter @JMJACO. Follow Eternal Central on Twitter @EternalCentral.
Pages: [1]
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.21 | SMF © 2015, Simple Machines Valid XHTML 1.0! Valid CSS!
Page created in 0.029 seconds with 20 queries.