007guard.com is Spyware!
Well it appears that the 007guard.com spyware somehow got onto my Windows 7 RC system. I have no clue how it got on at this point since I am really careful about downloading and browsing the web in general. I never use Internet Explorer (or exploder he he ), I use firefox 3.0 with the no-script add on and adblock plus as well. I also checked a virtual machine of windows 7 just to make sure that my media wasn’t compromised or tampered with, and sure enough it didn’t have any connections to 007guard.com in the netstat output.
Here is a sample output of what I see when I run the netstat -f command in the terminal:
As you can see there are a ton of connections going to 007guard.com on various ports. The local address is 127.0.0.1 which is localhost for those who didn’t know.
One way to block 007guard.com from connecting to it’s “Mothership” or master is to edit the hosts file in windows to localhost. That way when the malware tries to open a connection to its remote location on the web, it will be redirected to 127.0.0.1 which will go no where and stay locally on the machine. You can do the same thing in linux and other operating systems as well.
The Windows hosts file is located in “C:\Windows\System32\drivers\etc\hosts” (use notepad to edit it)
So at this point it’s still in my machine somewhere, and spybot, adaware, avg, avast and pretty much all the scanners cant get rid of it. I may have to wipe and reload my machine just to make sure it’s gone for good this time, which is really annoying since it takes a ton of time to re-install Windows plus get everything back to the way it was before this crap happened.
Here are some references for more information on 007guard.com spyware/malware:
http://www.sevenforums.com/system-security/3262-007guard-how-remove.html
