Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows Police Pro Update


  • Please log in to reply
1 reply to this topic

#1 ComputerGeek01

ComputerGeek01

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:02:13 AM

Posted 19 October 2009 - 01:57 PM

Hi let me start by saying I am a huge fan of this site. It has always provided accurate information and I know that it does NOT promote or 'bump' itself on google searches for things that it does not have an entry for.

Ok I just finished walking someone through removing this obnoxious program Windows Police Pro but I noticed that the psuedo-shell that he had was not either of the listed varients on your site. The restarter was listed as svohost.exe. I know it is impossible to keep up with every little change to every virus but I thought that instead of naming exactly what to look for you should point users to the Hijack log entry for O23 - Service: AntipyProex (AntipPro2009_100) - Unknown owner - C:\WINDOWS\(immitation of svchost.exe).

Alternativley they could find the entry for this application under the services administrator tool in the control panel. This would be great if for some reason running or installing HTJ was not an option.

I know that this complicates things for some users who don't want to do an ounce of thinking for themselves; but in the long run it might be a more accurate practice?

This is my first post on this site but I keep this ID virtually everywhere I log into, and I know that everybody online calls themselves an "expert" but to call myself advanced would be misleadingly modest.

BC AdBot (Login to Remove)

 


#2 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,593 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:02:13 AM

Posted 27 October 2009 - 11:31 AM

Hi ComputerGeek,

Sorry for not responding sooner. We have updated the guide to include this information. I understand what you are saying about shutting down the service based on the service name and what it is trying to imitate. Unfortunately, the service name changes frequently so it may make it hard for people to find it. For example, the service name and executable combinations have been the following so far:

O23 - Service: AntipyProex (AntipPro2009_100) - Unknown owner - C:\WINDOWS\svchasts.exe
O23 - Service: AntipyProex (AntipPro2009_100) - Unknown owner - C:\WINDOWS\svchast.exe
O23 - Service: AntiPol - Unknown owner - C:\WINDOWS\svchast.exe
O23 - Service: WDefend - Unknown owner - C:\WINDOWS\svohost.exe

You have to understand that BC was created to contain easy to understand instructions for people of ALL experience levels with computers. That means that there are many people who just would not be able to determine what file would be similar to svchost.exe or not. Technology and computers can be confusing for many people, regardless of how bright they are.

I have updated the guide, though, to make it easier for our users to kill these restarters and process killers so that the user can then run their normal antivirus programs.

Welcome to the site btw :thumbsup:




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users