Solved

spyware.Pws.A

Posted on 2006-07-21
9
1,833 Views
Last Modified: 2007-12-19
My Bit Defender virus protection program showe six cases of spyware.Pws.A that it could not remove. Does anyone know how to remove this spyware?

Thanks
0
Comment
Question by:djh27525
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
  • 2
  • +2
9 Comments
 
LVL 3

Expert Comment

by:foad
ID: 17153835
here is what i've found about PWS's in general, as yours is not listed...

Spyware Information: PWS
This application is a password guesser. It is designed to try to break through a password system by guessing millions of passwords until it gets the correct one. Hackers will often use such tools to break into computers on a network; they can set up the password guesser to try to log in to the network, and let it run until it does.

Although you may have never heard of PWS and don't know how it got onto your computer, your computer may have beem compromised and a hacker may have installed the password guesser on it. This allows the hacker to run the guesser without being caught -- if a network administrator sees that someone is trying to guess a password and traces the communication, the trace will end at your computer.

i'm looking for a removal tool or where this is dropped.
0
 
LVL 3

Expert Comment

by:foad
ID: 17153930
I can not find any instance of this name. Is this software microsoft windows defender?
If not, download their free software,
http://www.microsoft.com/downloads/details.aspx?FamilyID=435bfce7-da2b-4a6a-afa4-f7f14e605a0d&displaylang=en

0
 
LVL 47

Expert Comment

by:rpggamergirl
ID: 17155031
Can we look at your hujackthis log?
Please download HijackThis 1.99.1
http://www.cyberanswers.org/forum/uploads/HijackThis1991.exe
Open Hijackthis, click "Do a system scan and save a logfile" don't fix anything yet.

Then go to the below link and login using your Experts-Exchange username and password.
http://www.ee-stuff.com
Click on "Expert Area" tab
type or paste the link to your Question
"Browse" your pc to the location of your Hijackthis log and click "Upload"
Copy the resulting "url" and post it back here.

OR: paste the log to either of these sites:
1. http://www.rafb.net/paste/
then at the bottom left corner click "paste"
Copy the address/url and post it here.

2. or at --> http://www.hijackthis.de/ 
and click "Analyse", click "Save".  Then post the link to the saved list here.

0
How Do You Stack Up Against Your Peers?

With today’s modern enterprise so dependent on digital infrastructures, the impact of major incidents has increased dramatically. Grab the report now to gain insight into how your organization ranks against your peers and learn best-in-class strategies to resolve incidents.

 

Author Comment

by:djh27525
ID: 17159516
I tried all the things list and still my morning report says this:

C:\Documents and Settings\David.DJH27523\My Documents\FrontPage Webs\SBCS2006\rockxp.exe=>(RAR Sfx o)=>RAS.exe      Detected: Spyware.Pws.A
C:\Documents and Settings\David.DJH27523\My Documents\FrontPage Webs\SBCS2006\rockxp.exe=>(RAR Sfx o)=>RAS.exe      Disinfection failed
C:\Documents and Settings\David.DJH27523\My Documents\FrontPage Webs\SBCS2006\rockxp.exe=>(RAR Sfx o)=>RAS.exe      Move failed
C:\Documents and Settings\David.DJH27523\My Documents\FrontPage Webs\SBCS2006\rockxp.exe=>(RAR Sfx o)=>RockXp_.exe      Detected: Spyware.Pws.A
C:\Documents and Settings\David.DJH27523\My Documents\FrontPage Webs\SBCS2006\rockxp.exe=>(RAR Sfx o)=>RockXp_.exe      Disinfection failed
C:\Documents and Settings\David.DJH27523\My Documents\FrontPage Webs\SBCS2006\rockxp.exe=>(RAR Sfx o)=>RockXp_.exe      Move failed

This is the report issued by bitdefender at bitdefender.com. This just poped up last week.  Any ideas?

Thanks

0
 

Author Comment

by:djh27525
ID: 17159698
I ran an online scan and found torjan.downloader.Zlob.sy now.
0
 
LVL 32

Expert Comment

by:r-k
ID: 17160521
Download and install HijackThis from http://www.hijackthis.de/ (I am assuming you did this already per advice by rpggamergirl above)

Download fixwareout from:

 http://downloads.subratam.org/Fixwareout.exe

and save it on your desktop.

Save it to your desktop and run it. Click Next, then Install, then make sure "Run fixit" is checked and click Finish. The fix will begin; follow the prompts. You will be asked to reboot your computer; please do so. Your system may take longer than usual to load; this is normal.

When your system reboots, follow the prompts. Afterwards, HijackThis will launch. Please click Scan, and post the scan results to: http://www.hijackthis.de/. Click on "Analyze", and then click on "Save Analysis" at the bottom of the next page.
Finally post a link here to the saved analyzed page.
0
 
LVL 23

Expert Comment

by:phototropic
ID: 17162823
Your log shows 2 instances of PWS.a password stealer. Bitdefender's log is saying that it found an instance, it tried to disinfect it and failed, and then it tried to move it and failed. You might try running the scan in safe mode (f8 at startup) or navigating to the infected files in safe mode and attempting to delete/rename them. Either way, you should follow rpggamergirl's advice: download Hijack This, run a scan and post a link here to the saved scan log page.
0
 
LVL 47

Accepted Solution

by:
rpggamergirl earned 250 total points
ID: 17162997
If you downloaded that crack tool called RockXP yourself then you have nothing to worry about, that's just a false positive, Avast, Mcafee, and Bit Defender will flag that tool as possible threat. McAfee even flags Hijackthis.exe as a worm.

RockXP tool allows you to:
* retrieve and change your XP Key
* retrieve all Microsoft Products keys
* save your XP activation file
* retrieve your lost XP system passwords
* retrieve your lost RAS (Remote Access Settings) passwords
* generate new passwords

Rockxp.exe is a RAR self extracting archive with 4 files:
Xpkey.exe – rockxp_.exe – ras.exe – keyms.exe


0
 
LVL 47

Expert Comment

by:rpggamergirl
ID: 17164415
Thanks! :)
0

Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
dma locker 3 query 7 411
Can't upload license into Microsoft Dynamics Nav flf file 2 71
How do I determine the virus in this email? 5 237
EICAR File 5 79
These are on the increase and getting more common these days. Users who use the Google search engine may complain of having their search redirected to unwanted sites, regardless of what browser is used. This happens when the system is infected with…
PREFACE The purpose of this guide is to provide information to successfully add specific IIS 7.0 role services for the Symantec Endpoint Protection Manager (SEPM) to function properly when installed on Windows 2008. AUDIENCE Information Technol…
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

696 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question