Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

System Live Protect Issues


  • Please log in to reply
4 replies to this topic

#1 pcarjim

pcarjim

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver, Canada
  • Local time:11:46 PM

Posted 11 June 2007 - 01:11 PM

Somehow the program "System Live Protect" was loaded onto my WinXP Pro machine (probably by my MSN using teen). The program has a legit looking website but the software (or some trojan attached to it) has left a persistant popup on my taskbar after I uninstalled the main program. It shows a red icon similar to the Windows security warning shield on the taskbar and it pops up a conversation box advising that "Windows has detected a spyware infection.... etc" When you click on the icon or the popup box the only option is Yes or No to download the System Protect Live program. There is no obvious way to get rid of the program that drives the popup.


If anyone has any ideas on how to eliminate this I would greatly appreciate some help.

Thanks,

Jim G.

Edited by pcarjim, 11 June 2007 - 04:17 PM.


BC AdBot (Login to Remove)

 


m

#2 buddy215

buddy215

  • BC Advisor
  • 12,619 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:10:46 PM

Posted 11 June 2007 - 03:23 PM

I have not found any sure cure for the malware you have. I did find one site where it was advised to use the SDFix.
Download SDFix and save it to your Desktop.

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please then reboot your computer in Safe Mode by doing the following :
Restart your computer
After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
Instead of Windows loading as normal, the Advanced Options Menu should appear;
Select the first option, to run Windows in Safe Mode, then press Enter.
Choose your usual account.
Open the extracted SDFix folder and double click RunThis.bat to start the script.
Type Y to begin the cleanup process.
It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
Press any Key and it will restart the PC.
When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
http://downloads.andymanchesta.com/RemovalTools/SDFix.exe
--------------------------------------------------------------------------------

Install Super Antispyware. Run it in safe mode. Allow it to quarantine whatever it finds.
http://www.superantispyware.com/
--------------------------------------------------------------------------------

Post a Hijack This log in the Hijack This Forum by following the directions in the link below if the programs above have not removed ALL malware. DO NOT post the log in this forum.
http://www.bleepingcomputer.com/forums/t/34773/preparation-guide-for-use-before-using-malware-removal-tools-and-requesting-help/
--------------------------------------------------------------------------------

How To start Windows in Safe Mode
http://www.bleepingcomputer.com/tutorials/how-to-start-windows-in-safe-mode/

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss

A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”


#3 pcarjim

pcarjim
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver, Canada
  • Local time:11:46 PM

Posted 11 June 2007 - 04:21 PM

Thanks buddy215.

I will try your suggestions and report results.

Jim G.

#4 chuzie

chuzie

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:11:46 PM

Posted 11 June 2007 - 05:48 PM

I tried the SDFIX and it did nothing for me.

Ended up doing a few things that seemed to have worked. I am not sure if they had any negative effects but everything seems to be fine as of right now and the stupid program is off my computer.


Booted in safe mode then did a system search for "ipmon" and deleted the files but made sure not to confuse them with the good files with a similar spelling of IPMONTR
Ran MSCONFIG and unchecked anything in the SERVICES and STARTUP tab that had IPMON
Ran RegEdit and did a search for IPMON and deleted the couple of instances of that.

Rebooted the computer and the icon was gone and everything seemed to work fine.

I do not know a lot about this stuff so I kind of went out on a limb by deleting what I did so I do not recommend doing so until someone credible on the forum confirms that this is ok to do.

:thumbsup:

#5 buddy215

buddy215

  • BC Advisor
  • 12,619 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:10:46 PM

Posted 11 June 2007 - 05:59 PM

Thanks for posting back. yeah, ipmon.exe is what is showing up in the computers infected with "system live protect". If I were you I would go ahead and post a Hijack This log to get in line and get a clean bill of health. Be sure to post in the Hijack This Forum. Thanks again for the feedback.

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss

A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users