Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium



Posted on 2006-07-21
Medium Priority
Last Modified: 2007-12-19
My Bit Defender virus protection program showe six cases of spyware.Pws.A that it could not remove. Does anyone know how to remove this spyware?

Question by:djh27525
  • 3
  • 2
  • 2
  • +2

Expert Comment

ID: 17153835
here is what i've found about PWS's in general, as yours is not listed...

Spyware Information: PWS
This application is a password guesser. It is designed to try to break through a password system by guessing millions of passwords until it gets the correct one. Hackers will often use such tools to break into computers on a network; they can set up the password guesser to try to log in to the network, and let it run until it does.

Although you may have never heard of PWS and don't know how it got onto your computer, your computer may have beem compromised and a hacker may have installed the password guesser on it. This allows the hacker to run the guesser without being caught -- if a network administrator sees that someone is trying to guess a password and traces the communication, the trace will end at your computer.

i'm looking for a removal tool or where this is dropped.

Expert Comment

ID: 17153930
I can not find any instance of this name. Is this software microsoft windows defender?
If not, download their free software,

LVL 47

Expert Comment

ID: 17155031
Can we look at your hujackthis log?
Please download HijackThis 1.99.1
Open Hijackthis, click "Do a system scan and save a logfile" don't fix anything yet.

Then go to the below link and login using your Experts-Exchange username and password.
Click on "Expert Area" tab
type or paste the link to your Question
"Browse" your pc to the location of your Hijackthis log and click "Upload"
Copy the resulting "url" and post it back here.

OR: paste the log to either of these sites:
1. http://www.rafb.net/paste/
then at the bottom left corner click "paste"
Copy the address/url and post it here.

2. or at --> http://www.hijackthis.de/ 
and click "Analyse", click "Save".  Then post the link to the saved list here.

Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.


Author Comment

ID: 17159516
I tried all the things list and still my morning report says this:

C:\Documents and Settings\David.DJH27523\My Documents\FrontPage Webs\SBCS2006\rockxp.exe=>(RAR Sfx o)=>RAS.exe      Detected: Spyware.Pws.A
C:\Documents and Settings\David.DJH27523\My Documents\FrontPage Webs\SBCS2006\rockxp.exe=>(RAR Sfx o)=>RAS.exe      Disinfection failed
C:\Documents and Settings\David.DJH27523\My Documents\FrontPage Webs\SBCS2006\rockxp.exe=>(RAR Sfx o)=>RAS.exe      Move failed
C:\Documents and Settings\David.DJH27523\My Documents\FrontPage Webs\SBCS2006\rockxp.exe=>(RAR Sfx o)=>RockXp_.exe      Detected: Spyware.Pws.A
C:\Documents and Settings\David.DJH27523\My Documents\FrontPage Webs\SBCS2006\rockxp.exe=>(RAR Sfx o)=>RockXp_.exe      Disinfection failed
C:\Documents and Settings\David.DJH27523\My Documents\FrontPage Webs\SBCS2006\rockxp.exe=>(RAR Sfx o)=>RockXp_.exe      Move failed

This is the report issued by bitdefender at bitdefender.com. This just poped up last week.  Any ideas?



Author Comment

ID: 17159698
I ran an online scan and found torjan.downloader.Zlob.sy now.
LVL 32

Expert Comment

ID: 17160521
Download and install HijackThis from http://www.hijackthis.de/ (I am assuming you did this already per advice by rpggamergirl above)

Download fixwareout from:


and save it on your desktop.

Save it to your desktop and run it. Click Next, then Install, then make sure "Run fixit" is checked and click Finish. The fix will begin; follow the prompts. You will be asked to reboot your computer; please do so. Your system may take longer than usual to load; this is normal.

When your system reboots, follow the prompts. Afterwards, HijackThis will launch. Please click Scan, and post the scan results to: http://www.hijackthis.de/. Click on "Analyze", and then click on "Save Analysis" at the bottom of the next page.
Finally post a link here to the saved analyzed page.
LVL 23

Expert Comment

ID: 17162823
Your log shows 2 instances of PWS.a password stealer. Bitdefender's log is saying that it found an instance, it tried to disinfect it and failed, and then it tried to move it and failed. You might try running the scan in safe mode (f8 at startup) or navigating to the infected files in safe mode and attempting to delete/rename them. Either way, you should follow rpggamergirl's advice: download Hijack This, run a scan and post a link here to the saved scan log page.
LVL 47

Accepted Solution

rpggamergirl earned 1000 total points
ID: 17162997
If you downloaded that crack tool called RockXP yourself then you have nothing to worry about, that's just a false positive, Avast, Mcafee, and Bit Defender will flag that tool as possible threat. McAfee even flags Hijackthis.exe as a worm.

RockXP tool allows you to:
* retrieve and change your XP Key
* retrieve all Microsoft Products keys
* save your XP activation file
* retrieve your lost XP system passwords
* retrieve your lost RAS (Remote Access Settings) passwords
* generate new passwords

Rockxp.exe is a RAR self extracting archive with 4 files:
Xpkey.exe – rockxp_.exe – ras.exe – keyms.exe

LVL 47

Expert Comment

ID: 17164415
Thanks! :)

Featured Post

Evaluating UTMs? Here's what you need to know!

Evaluating a UTM appliance and vendor can prove to be an overwhelming exercise.  How can you make sure that you're getting the security that your organization needs without breaking the bank? Check out our UTM Buyer's Guide for more information on what you should be looking for!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

OVERVIEW This guide provides information on the process performed when the Symantec Endpoint Protection (SEP) client checks in with the Symantec Endpoint Protection Manager (SEPM). AUDIENCE Information Technology personnel responsible for suppo…
An introduction to the wonderful sport of Scam Baiting.  Learn how to help fight scammers by beating them at their own game. This great pass time helps the world, while providing an endless source of entertainment. Enjoy!
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

564 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question