• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1861
  • Last Modified:

spyware.Pws.A

My Bit Defender virus protection program showe six cases of spyware.Pws.A that it could not remove. Does anyone know how to remove this spyware?

Thanks
0
djh27525
Asked:
djh27525
  • 3
  • 2
  • 2
  • +2
1 Solution
 
foadCommented:
here is what i've found about PWS's in general, as yours is not listed...

Spyware Information: PWS
This application is a password guesser. It is designed to try to break through a password system by guessing millions of passwords until it gets the correct one. Hackers will often use such tools to break into computers on a network; they can set up the password guesser to try to log in to the network, and let it run until it does.

Although you may have never heard of PWS and don't know how it got onto your computer, your computer may have beem compromised and a hacker may have installed the password guesser on it. This allows the hacker to run the guesser without being caught -- if a network administrator sees that someone is trying to guess a password and traces the communication, the trace will end at your computer.

i'm looking for a removal tool or where this is dropped.
0
 
foadCommented:
I can not find any instance of this name. Is this software microsoft windows defender?
If not, download their free software,
http://www.microsoft.com/downloads/details.aspx?FamilyID=435bfce7-da2b-4a6a-afa4-f7f14e605a0d&displaylang=en

0
 
rpggamergirlCommented:
Can we look at your hujackthis log?
Please download HijackThis 1.99.1
http://www.cyberanswers.org/forum/uploads/HijackThis1991.exe
Open Hijackthis, click "Do a system scan and save a logfile" don't fix anything yet.

Then go to the below link and login using your Experts-Exchange username and password.
http://www.ee-stuff.com
Click on "Expert Area" tab
type or paste the link to your Question
"Browse" your pc to the location of your Hijackthis log and click "Upload"
Copy the resulting "url" and post it back here.

OR: paste the log to either of these sites:
1. http://www.rafb.net/paste/
then at the bottom left corner click "paste"
Copy the address/url and post it here.

2. or at --> http://www.hijackthis.de/ 
and click "Analyse", click "Save".  Then post the link to the saved list here.

0
Building an Effective Phishing Protection Program

Join Director of Product Management Todd OBoyle on April 26th as he covers the key elements of a phishing protection program. Whether you’re an old hat at phishing education or considering starting a program -- we'll discuss critical components that should be in any program.

 
djh27525Author Commented:
I tried all the things list and still my morning report says this:

C:\Documents and Settings\David.DJH27523\My Documents\FrontPage Webs\SBCS2006\rockxp.exe=>(RAR Sfx o)=>RAS.exe      Detected: Spyware.Pws.A
C:\Documents and Settings\David.DJH27523\My Documents\FrontPage Webs\SBCS2006\rockxp.exe=>(RAR Sfx o)=>RAS.exe      Disinfection failed
C:\Documents and Settings\David.DJH27523\My Documents\FrontPage Webs\SBCS2006\rockxp.exe=>(RAR Sfx o)=>RAS.exe      Move failed
C:\Documents and Settings\David.DJH27523\My Documents\FrontPage Webs\SBCS2006\rockxp.exe=>(RAR Sfx o)=>RockXp_.exe      Detected: Spyware.Pws.A
C:\Documents and Settings\David.DJH27523\My Documents\FrontPage Webs\SBCS2006\rockxp.exe=>(RAR Sfx o)=>RockXp_.exe      Disinfection failed
C:\Documents and Settings\David.DJH27523\My Documents\FrontPage Webs\SBCS2006\rockxp.exe=>(RAR Sfx o)=>RockXp_.exe      Move failed

This is the report issued by bitdefender at bitdefender.com. This just poped up last week.  Any ideas?

Thanks

0
 
djh27525Author Commented:
I ran an online scan and found torjan.downloader.Zlob.sy now.
0
 
r-kCommented:
Download and install HijackThis from http://www.hijackthis.de/ (I am assuming you did this already per advice by rpggamergirl above)

Download fixwareout from:

 http://downloads.subratam.org/Fixwareout.exe

and save it on your desktop.

Save it to your desktop and run it. Click Next, then Install, then make sure "Run fixit" is checked and click Finish. The fix will begin; follow the prompts. You will be asked to reboot your computer; please do so. Your system may take longer than usual to load; this is normal.

When your system reboots, follow the prompts. Afterwards, HijackThis will launch. Please click Scan, and post the scan results to: http://www.hijackthis.de/. Click on "Analyze", and then click on "Save Analysis" at the bottom of the next page.
Finally post a link here to the saved analyzed page.
0
 
phototropicCommented:
Your log shows 2 instances of PWS.a password stealer. Bitdefender's log is saying that it found an instance, it tried to disinfect it and failed, and then it tried to move it and failed. You might try running the scan in safe mode (f8 at startup) or navigating to the infected files in safe mode and attempting to delete/rename them. Either way, you should follow rpggamergirl's advice: download Hijack This, run a scan and post a link here to the saved scan log page.
0
 
rpggamergirlCommented:
If you downloaded that crack tool called RockXP yourself then you have nothing to worry about, that's just a false positive, Avast, Mcafee, and Bit Defender will flag that tool as possible threat. McAfee even flags Hijackthis.exe as a worm.

RockXP tool allows you to:
* retrieve and change your XP Key
* retrieve all Microsoft Products keys
* save your XP activation file
* retrieve your lost XP system passwords
* retrieve your lost RAS (Remote Access Settings) passwords
* generate new passwords

Rockxp.exe is a RAR self extracting archive with 4 files:
Xpkey.exe – rockxp_.exe – ras.exe – keyms.exe


0
 
rpggamergirlCommented:
Thanks! :)
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

The 14th Annual Expert Award Winners

The results are in! Meet the top members of our 2017 Expert Awards. Congratulations to all who qualified!

  • 3
  • 2
  • 2
  • +2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now