Spyware or Virus

[TheITguy]

Anyone ever had prdtect and or prwtect in the startup my search for these has been useless
Nothing on Mcafee Sarc or any of the startup item list. Yes I have run adaware spybot and hijack this
it will not remove the items. Ran a full virus scan it did not remove them if you manually delete they come right back. Removed them in safe mode also deleted the prefetch files and still they come back

Any ideas or suggestions would be appreciated Google search turns up nothing


I also removed all the entries from the registry.

Deleted all the useless spyware stuff in regedit also

Also Ran CWshredder

 

[Schadenfroh]

try turning off system restore, use hijackthis to delete the registry keys for the startup items, manually delete the file it points too afterwords. try booting in safe mode with networking and run an online scanner like trend micro's housecall while you are at it

 

[TheITguy]

Thanks for the suggestions

I have already done all that and it still comes back. I guess I am really looking more for someone who has seen this before because I want to know what it is more so than how to remove it. I can get rid of it by deleteing all the entries from the registry and deleteing the prefecth files and all the files that are in
the system 32 folder. I just want to know if this is a new virus and or spyware. Thanks for the help

 

[OZEE]

Have you done any of the online scans (housecall or panda activescan)?

How 'bout posting your HJT log so some of us can look it over... It certainly sounds suspicious.

 

[blindtothagame]

try www.trendmicro.com free virus scan

 

[cmv]

BTW, Trend has this online...

Just jerking your chain. Is anyone else actually reading the other posts? 3 guys practically in a row suggesting the same thing.

I ran a google search on web and groups but no hits (I'm sure you already did that too). What is the best place to research virus issues in general?

 

[TheITguy]

Yes this is on a machine at work we use Mcafee ASAP I ran a full scan with ASAP also ran Trend Norton

and panda if you search any of the virus websites you get nothing and Google ask if you are searching

for protect instead of pdrtect or prwtect. If you do a search in the registry and delete the items found

in\HKEY_CURRENT_USERS\Software\Microsoft\Windows\CurrentVersion\Run

and\HKEY_Local_Machine\Software\Microsoft\Windows\CurrentVersion\Run it will stop the process and it

will not come back. It runs twice in task manager. While it is running if you run a scan with adaware it will

cause it to loop the mouse moves around and it will not let you select any items to delete. But as I said it

is very easy to remove just four registry entries and two files in the system32 folder. Hijack this does find

it and allows you to remove it but it will come back. After removing it I was able to delete all the spyware

using adaware and spybot this problem is also fixed. I think I will report it to adaware,spybot and Mcafee

to try to find out what it is I think it is something new. Hope someone can figure out what it is I have been

unsuccessful and I have about 6 years experience as a network engineer and pc tech I also have my A+

and Net+. I gave it to our firewall guy to look at he has tons of certs and about 12 yrs experience no

luck. This is why I love my job always some new garbage to clean up.