Author Topic: 007guard  (Read 5167 times)

0 Members and 1 Guest are viewing this topic.

Spiderless

  • Guest
007guard
« on: November 01, 2011, 08:24:21 PM »
I'm more than a bit worried that xxx.007guard.com keeps showing up in Resource Monitor, usually linked to the process firefox.exe, AvastSvc.exe, Origin.exe (which I just installed), its also used Punkbuster's exe files and some Windows ones like svchost. I've attached a jpg screenshot of Resource Monitor.
I've done a few scans with 'Spybot' and 'Malware Bytes' but nothing has come up. Also 007guard is listed on my 'hosts' files (I think that means it should be blocked?) and never comes up on 'netstat'.

Weirdly it has also disappeared from Resource Monitor as I typed the first sentence of this post... now its back.

I disconnected my ethernet cable to see what would happen (I had Hamachi installed) and strangely 007guard stayed there for a long time supposedly sending/receiving millions of bytes of data. I'm really not sure what is going on.

SOMEONE HELP ME!

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: 007guard
« Reply #1 on: November 01, 2011, 08:37:37 PM »
Hi are you using spybotS&D ?  And do you have immunisation set ? http://forums.spybot.info/showthread.php?t=20443


Spiderless

  • Guest
Re: 007guard
« Reply #2 on: November 01, 2011, 10:56:41 PM »
Yes and yes. Its annoying because from what I've seen 007guard is a very well known site, so I'm not sure what is going on with Avast/Spybot/MalwareBytes.

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: 007guard
« Reply #3 on: November 01, 2011, 10:58:58 PM »
If you are using windows 7/Vista then follow the instructions in the last post

Spiderless

  • Guest
Re: 007guard
« Reply #4 on: November 01, 2011, 11:26:22 PM »
Yeah that seems to have solved it, thanks very much. Not sure why it didn't have it in there to begin with, well, it was there but there was a # infront of it. Disaster averted!

Also for anyone who has the problem you have to mess with the permissions of the file to get it to save, then change them back.

Thanks again

Adam