Sign In
Create Account
1
I am attempting to get rid of Spyware Guard 2009, but on the desktop where it has appeared, I am no longer able to access Malwarebytes program, or the website via IE7 or Firefox. I don't believe I can access this forum from that computer either, it appears to either block website access or redirect me. What next?
Back to top
#2
Posted 09 January 2009 - 03:33 PM
-
- Members
-
- 4 posts
New Member
Eagerly awaiting a replay also. I have a Spywareguard 2009 infection on an XP laptop. Mbam-setup, HijackThis, ComboFix will not install or run, even in safe mode. Spybot will install but not run. I have tried deleting the folder in Program Files, stopping the SpywareGuard process using MSConfig, and these instructions from Yahoo Answers -
Please try these:
1)boot in safe mode. (reboot system press F8)
2) remove folders listed in program files referencing to Spywareguard 2008/2009 (make sure the files are deleted in the recycle bin too).
3)check system config utility. (start, run, msconfig) uncheck spywareguard 2008/2009 on the start up items and services tab. do not restart yet.
4) look for dll files in c:\windows\system32 that are current, sort files into dates. the most recent refers to malware. if you find the fake windows security center alert or icon, remove it.
5) Open Avenger, copy and paste the dll files and fake wsc c:\windows\system32\winscenter.exe), then execute. check the box that says ’scan for rootkits’. include the full windows folder e.g. c:\windows\system32\DLL files
6) reboot system in normal mode.
7) Good luck!
however the part about Avenger is confusing me. What is it?
Thanks in advance.
Please try these:
1)boot in safe mode. (reboot system press F8)
2) remove folders listed in program files referencing to Spywareguard 2008/2009 (make sure the files are deleted in the recycle bin too).
3)check system config utility. (start, run, msconfig) uncheck spywareguard 2008/2009 on the start up items and services tab. do not restart yet.
4) look for dll files in c:\windows\system32 that are current, sort files into dates. the most recent refers to malware. if you find the fake windows security center alert or icon, remove it.
5) Open Avenger, copy and paste the dll files and fake wsc c:\windows\system32\winscenter.exe), then execute. check the box that says ’scan for rootkits’. include the full windows folder e.g. c:\windows\system32\DLL files
6) reboot system in normal mode.
7) Good luck!
however the part about Avenger is confusing me. What is it?
Thanks in advance.
#3
Posted 09 January 2009 - 03:46 PM
-
- Members
-
- 4 posts
New Member
I also just tried downloading and installing SmitFraudFix, it crashes with the usual and useless "tell Microsoft about this problem - send error report " dialog box.
#4
Posted 09 January 2009 - 04:55 PM
-
- Members
-
- 4 posts
New Member
OK - getting somewhere now. I went thru a bunch of stuff several times, using the info in this thread -
http://www.malwarehelp.org/spyware-guard-2...moval-2008.html
I got superantispyware installed by renaming the install file, I had to kill the install process when it hung at the end
I then rebooted the PC - it would not start in safe mode, so I had to run in regular mode and log in as administrator
In task manager I killed the spywareguard.exe and wincenter.exe processes everytime they started
I launched superantispyware using the alternate launch option off the menu
I kept killing the 2 rogue processes listed above whenever they started in task manager
when superantispyware finished I let it delete the stuff it found and then reboot
After the reboot, malware appears gone and a second scan was clean
I will try running malwarebytes now
http://www.malwarehelp.org/spyware-guard-2...moval-2008.html
I got superantispyware installed by renaming the install file, I had to kill the install process when it hung at the end
I then rebooted the PC - it would not start in safe mode, so I had to run in regular mode and log in as administrator
In task manager I killed the spywareguard.exe and wincenter.exe processes everytime they started
I launched superantispyware using the alternate launch option off the menu
I kept killing the 2 rogue processes listed above whenever they started in task manager
when superantispyware finished I let it delete the stuff it found and then reboot
After the reboot, malware appears gone and a second scan was clean
I will try running malwarebytes now
#5
Posted 09 January 2009 - 05:22 PM
-
- Members
-
- 4 posts
New Member
Malwarebytes wouldn't run until I uninstalled/reinstalled it, including loading the latest updates. then it ran and found 13 items, which I removed. A second scan was clean, I think I finally killed this thing.
And re: the guy who wrote Spyware Guard 2009 - I want five minutes alone , a windowless room and a shovel.
And re: the guy who wrote Spyware Guard 2009 - I want five minutes alone , a windowless room and a shovel.
#6
Posted 09 January 2009 - 07:27 PM
-
- Administrators
-
- 22,571 posts
Forum Deity
- Gender:Male
- Location:US
Hello and Welcome to Malwarebytes.org
Please read and follow the instructions provided here: I'm infected - What do I do now?
Someone will be happy to assist you further with cleaning your system if required
During this scan and cleanup process you should not install any other software unless requested to do so.
Please read and follow the instructions provided here: I'm infected - What do I do now?
Someone will be happy to assist you further with cleaning your system if required
During this scan and cleanup process you should not install any other software unless requested to do so.
#7
Posted 09 January 2009 - 09:51 PM
-
- Members
-
- 2 posts
New Member
The instructions from "I'm infected...what do I do now?" weren't as helpful to me, as I was unable to access Malwarebytes or the homepages of Malwarebytes or Superantispyware. I followed the instructions below; once for Malwarebytes and again for Superantispyware, then re-loaded both programs under a new file name, and running both, twice, appear to have gotten rid of Spyware Guard 2009. I am also running AVG, and it has detected and quarantined several infected files as well.
• Click on Start, click Run, and then type devmgmt.msc and click OK
• On the View menu click on Show hidden devices
• Browse to Non-Plug and Play Drivers and you should see something like TDSSserv.sys
• Highlight that driver and right click on it and select DISABLE
• Now RESTART your computer.
• Download a copy of Malwarebytes but DO NOT run it yet.
• Rename the downloaded installer file to any generic name such as your own name but keep the .EXE extension on the file and run it.
• Once the program is installed go to the UPDATE tab and try to update the program if you can.
• Then go to the SCANNER tab and run a Quick Scan and allow MBAM to fix anything found.
• Click on Start, click Run, and then type devmgmt.msc and click OK
• On the View menu click on Show hidden devices
• Browse to Non-Plug and Play Drivers and you should see something like TDSSserv.sys
• Highlight that driver and right click on it and select DISABLE
• Now RESTART your computer.
• Download a copy of Malwarebytes but DO NOT run it yet.
• Rename the downloaded installer file to any generic name such as your own name but keep the .EXE extension on the file and run it.
• Once the program is installed go to the UPDATE tab and try to update the program if you can.
• Then go to the SCANNER tab and run a Quick Scan and allow MBAM to fix anything found.
1 user(s) are reading this topic
0 members, 1 guests, 0 anonymous users
