?
Solved

spyware.Pws.A

Posted on 2006-07-21
9
Medium Priority
?
1,847 Views
Last Modified: 2007-12-19
My Bit Defender virus protection program showe six cases of spyware.Pws.A that it could not remove. Does anyone know how to remove this spyware?

Thanks
0
Comment
Question by:djh27525
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
  • 2
  • +2
9 Comments
 
LVL 3

Expert Comment

by:foad
ID: 17153835
here is what i've found about PWS's in general, as yours is not listed...

Spyware Information: PWS
This application is a password guesser. It is designed to try to break through a password system by guessing millions of passwords until it gets the correct one. Hackers will often use such tools to break into computers on a network; they can set up the password guesser to try to log in to the network, and let it run until it does.

Although you may have never heard of PWS and don't know how it got onto your computer, your computer may have beem compromised and a hacker may have installed the password guesser on it. This allows the hacker to run the guesser without being caught -- if a network administrator sees that someone is trying to guess a password and traces the communication, the trace will end at your computer.

i'm looking for a removal tool or where this is dropped.
0
 
LVL 3

Expert Comment

by:foad
ID: 17153930
I can not find any instance of this name. Is this software microsoft windows defender?
If not, download their free software,
http://www.microsoft.com/downloads/details.aspx?FamilyID=435bfce7-da2b-4a6a-afa4-f7f14e605a0d&displaylang=en

0
 
LVL 47

Expert Comment

by:rpggamergirl
ID: 17155031
Can we look at your hujackthis log?
Please download HijackThis 1.99.1
http://www.cyberanswers.org/forum/uploads/HijackThis1991.exe
Open Hijackthis, click "Do a system scan and save a logfile" don't fix anything yet.

Then go to the below link and login using your Experts-Exchange username and password.
http://www.ee-stuff.com
Click on "Expert Area" tab
type or paste the link to your Question
"Browse" your pc to the location of your Hijackthis log and click "Upload"
Copy the resulting "url" and post it back here.

OR: paste the log to either of these sites:
1. http://www.rafb.net/paste/
then at the bottom left corner click "paste"
Copy the address/url and post it here.

2. or at --> http://www.hijackthis.de/ 
and click "Analyse", click "Save".  Then post the link to the saved list here.

0
Threat Trends for MSPs to Watch

See the findings.
Despite its humble beginnings, phishing has come a long way since those first crudely constructed emails. Today, phishing sites can appear and disappear in the length of a coffee break, and it takes more than a little know-how to keep your clients secure.

 

Author Comment

by:djh27525
ID: 17159516
I tried all the things list and still my morning report says this:

C:\Documents and Settings\David.DJH27523\My Documents\FrontPage Webs\SBCS2006\rockxp.exe=>(RAR Sfx o)=>RAS.exe      Detected: Spyware.Pws.A
C:\Documents and Settings\David.DJH27523\My Documents\FrontPage Webs\SBCS2006\rockxp.exe=>(RAR Sfx o)=>RAS.exe      Disinfection failed
C:\Documents and Settings\David.DJH27523\My Documents\FrontPage Webs\SBCS2006\rockxp.exe=>(RAR Sfx o)=>RAS.exe      Move failed
C:\Documents and Settings\David.DJH27523\My Documents\FrontPage Webs\SBCS2006\rockxp.exe=>(RAR Sfx o)=>RockXp_.exe      Detected: Spyware.Pws.A
C:\Documents and Settings\David.DJH27523\My Documents\FrontPage Webs\SBCS2006\rockxp.exe=>(RAR Sfx o)=>RockXp_.exe      Disinfection failed
C:\Documents and Settings\David.DJH27523\My Documents\FrontPage Webs\SBCS2006\rockxp.exe=>(RAR Sfx o)=>RockXp_.exe      Move failed

This is the report issued by bitdefender at bitdefender.com. This just poped up last week.  Any ideas?

Thanks

0
 

Author Comment

by:djh27525
ID: 17159698
I ran an online scan and found torjan.downloader.Zlob.sy now.
0
 
LVL 32

Expert Comment

by:r-k
ID: 17160521
Download and install HijackThis from http://www.hijackthis.de/ (I am assuming you did this already per advice by rpggamergirl above)

Download fixwareout from:

 http://downloads.subratam.org/Fixwareout.exe

and save it on your desktop.

Save it to your desktop and run it. Click Next, then Install, then make sure "Run fixit" is checked and click Finish. The fix will begin; follow the prompts. You will be asked to reboot your computer; please do so. Your system may take longer than usual to load; this is normal.

When your system reboots, follow the prompts. Afterwards, HijackThis will launch. Please click Scan, and post the scan results to: http://www.hijackthis.de/. Click on "Analyze", and then click on "Save Analysis" at the bottom of the next page.
Finally post a link here to the saved analyzed page.
0
 
LVL 23

Expert Comment

by:phototropic
ID: 17162823
Your log shows 2 instances of PWS.a password stealer. Bitdefender's log is saying that it found an instance, it tried to disinfect it and failed, and then it tried to move it and failed. You might try running the scan in safe mode (f8 at startup) or navigating to the infected files in safe mode and attempting to delete/rename them. Either way, you should follow rpggamergirl's advice: download Hijack This, run a scan and post a link here to the saved scan log page.
0
 
LVL 47

Accepted Solution

by:
rpggamergirl earned 1000 total points
ID: 17162997
If you downloaded that crack tool called RockXP yourself then you have nothing to worry about, that's just a false positive, Avast, Mcafee, and Bit Defender will flag that tool as possible threat. McAfee even flags Hijackthis.exe as a worm.

RockXP tool allows you to:
* retrieve and change your XP Key
* retrieve all Microsoft Products keys
* save your XP activation file
* retrieve your lost XP system passwords
* retrieve your lost RAS (Remote Access Settings) passwords
* generate new passwords

Rockxp.exe is a RAR self extracting archive with 4 files:
Xpkey.exe – rockxp_.exe – ras.exe – keyms.exe


0
 
LVL 47

Expert Comment

by:rpggamergirl
ID: 17164415
Thanks! :)
0

Featured Post

Ransomware Attacks Keeping You Up at Night?

Will your organization be ransomware's next victim?  The good news is that these attacks are predicable and therefore preventable. Learn more about how you can  stop a ransomware attacks before encryption takes place with our Ransomware Prevention Kit!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

PREFACE The purpose of this guide is to explain what the SEPC Status Utility is and how it works. I have written the utility using AutoIt and have included the source code for your review. You are welcome to modify the code to your liking, but I wi…
If you thought ransomware was bad, think again! Doxware has the potential to be even more damaging.
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

765 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question