Spyware Guard 2008 is a new entrant to the family of rogue security software. It is not to be confused with SpywareGuard a fine freeware from Javacool software.
A rogue security software belongs to a family of software products that call themselves as antivirus, antispyware or registry cleaners and often use deceptive or high pressure sales tactics and deliberate false positives to convince users into buying a license/subscription. They are often repackaged and renamed. They do not actually remove malware instead many of them add more malware of their own.
Note: Visiting any of the malware hosting domains mentioned below may be injurious to the health of your computer system.
Analysis of Spyware Guard 2008 Installation
This rogue anti-spyware currently lives in spywareguard2008.com. Spywareguard2008.com has the IP 67.19.176.187 hosted by bb.b0.1343.static.theplanet.com. The domain name appears to be registered by MAMBA on 26-Aug-2008 and the registrant details are protected by Protect Details, Inc out of Saint Petersburg, Russia. This IP is shared with Porn-movies-online.net, notorious for pushing fake video codecs. This IP is also used as a nameserver for pyroscanner.com.
A temporary redirect from gosg2008.com and Sg8go.com points to spywareguard2008.com.
Curiously their payment processor at innovagest2000s.com is not yet working, gives off a message “Invalid product !”.
The executable installer file is named SpywareGuard2008.exe (1.51 MB). This file must be manually executed for the installation of the rogue anti-spyware. At this point only a couple of engines detects this as suspicious over at VirusTotal.
True to its genre, it installs a few suspicious files of its own in the Windows directory. They are reged.exe, spoolsystem.exe, sys.com, syscert.exe, sysexplorer.exe and vmreg.dll.
Spyware Guard 2008 -- Associated Files and Folders
- C:\Documents and Settings\Shanmuga\Start Menu\Programs\Spyware Guard 2008
- C:\Program Files\Spyware Guard 2008
- C:\Program Files\Spyware Guard 2008\quarantine
- C:\Program Files\Spyware Guard 2008\conf.cfg
- C:\Program Files\Spyware Guard 2008\mbase.vdb
- C:\Program Files\Spyware Guard 2008\quarantine.vdb
- C:\Program Files\Spyware Guard 2008\queue.vdb
- C:\Program Files\Spyware Guard 2008\spywareguard.exe
- C:\Program Files\Spyware Guard 2008\uninstall.exe
- C:\Program Files\Spyware Guard 2008\vbase.vdb
- C:\Documents and Settings\Shanmuga\Desktop\Spyware Guard 2008.lnk
- C:\Documents and Settings\Shanmuga\Start Menu\Programs\Spyware Guard 2008\Spyware Guard 2008.lnk
- C:\Documents and Settings\Shanmuga\Start Menu\Programs\Spyware Guard 2008\Uninstall.lnk
- C:\Documents and Settings\Shanmuga\Application Data\Microsoft\Internet Explorer\olesys.dll
- C:\Windows\reged.exe
- C:\Windows\spoolsystem.exe
- C:\Windows\sys.com
- C:\Windows\syscert.exe
- C:\Windows\sysexplorer.exe
- C:\Windows\vmreg.dll
Note: File names may be randomly generated.
Spyware Guard 2008 -- Associated Registry keys and values
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\spywareguard
REG_SZ, 106 bytes, “C:\Program Files\Spyware Guard 2008\spywareguard.exe” - HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache\C:\Program Files\Spyware Guard 2008\spywareguard.exe
REG_SZ, 26 bytes, “spywareguard” - HKEY_CURRENT_USER\Software\Spyware Guard\NP\NP
REG_SZ, 66 bytes, “F620C418B59F44D289B18E1D1B5D896E” - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Spyware Guard 2008\Display Name
REG_SZ, 38 bytes, “Spyware Guard 2008″ - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Spyware Guard 2008\DisplayName
REG_SZ, 38 bytes, “Spyware Guard 2008″ - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Spyware Guard 2008\UninstallString
REG_SZ, 100 bytes, “C:\Program Files\Spyware Guard 2008\uninstall.exe”
Spyware Guard 2008 -- Associated Domains
- spywareguard2008.com
- Porn-movies-online.net
- pyroscanner.com
- gosg2008.com
- Sg8go.com
- innovagest2000s.com
Spyware Guard 2008 -- Removal (How to remove Spyware Guard 2008)
At the time of writing this none of the popular free anti-malware programs were detecting this. I tested with MalwareBytes’s Anti-Malware, SuperAntiSpyware, Ad-Aware 2008, Spybot Search & Destroy, A-squared free and PCTools SpywareDoctor starter edition. I will update this post once any of the above vendors include detection and removal for this rogue.
Update Oct 04: SUPERAntiSpyware free version detects and removes this rogue completely with the latest definitions update.
Update Nov 13: Malwarebytes’ Anti-Malware free version is updated to remove this rogue.
Update: If the Internet Explorer and other IE dependent programs have lost their ability to show pictures, try the following, it seems to restore the pictures for some users:
- Open Internet Options in Control Panel
- Click on the Advanced tab.
- Look for the Multimedia section
- Place a check mark in the Show Pictures option.
- Restart Internet Explorer if running.
Advanced users may manually remove this pest by deleting the associated folders, files, registry keys and values mentioned above. I would also recommend turning off and on the System Restore to clear any infected restore points and using CCleaner to clear the temp folders and files to avoid recurrence.
If you still see symptoms associated with this rogue anti-spyware, please post your problem at one of the Recommended Online Forums for Malware Help.
Spyware Guard 2008 -- Rogue Gallery
Spyware Guard 2008 -- Video
Note: The above installation was tested on a fully patched Windows XP SP3 running updated versions of Internet Explorer 7 and Firefox 3. The content provided in this article is not warranted or guaranteed by Malware Help. Org. The content provided is intended for entertainment and/or educational purposes. I am not liable for any negative consequences that may result from implementing any information covered in this article. The above information is correct at the time of my testing, it might change with time and or under different testing conditions.
If you enjoyed this post, make sure you subscribe to my RSS feed!
You may also like to read
Follow on Twitter
YouTube Channel
RSS Feed
Subscribe by Email
{ 225 comments… read them below or add one }
Next Comments →
When searching for an antispyware scanner that will protect and clean your PC it can get a little confusing. There are so many available it’s hard to know which one will work the best.
Antispyware solution from Search-and-destroy.
If you’re like me, you’ve probably tried a variety of them all and found they basically all find the same types of bugs. Through my experimenting I’ve found that the antispyware solution from Search-and-destroy at search-and-destroy works the best. Search-and-destroy cleans and protects my computer just as good as any scanner, it gets rid of those nasty bugs and it does it all for less than many of the others available.
I used the SUPERantispyware removal tool with some success against the Spyware Guard 2008 malware. Unfortunately it didn’t eradicate it entirely. I still have a problem where I get a little dialog bubble from a Securty Center application that runs in the system tray. I found the process and went into msconfig to try and stop it from loading. There is another application somewhere that spawns an executable (wsc32x.exe) that gets created an installed in the WINDOWS/System32 directory. Then it just generates bogus messages that since I don’t have Spyware Guard 2008 active, my system is at risk. Nothing I have found online addresses this issue. I don’t want to have to wipe my harddrive and start over but I’m very close to doing just that.
Malwarebytes’ Anti-Malware free version is updated to remove this rogue. Try a scan with it. Post back how it goes.
My desk top is frozen and I am not able to even get it do anything. How can I get this down loaded so that I can use once again use my computer? I have the virus thats called Spy Ware Guard 2008? Any help would be so much appreciated Thanks Vickie
Just a follow-up. The MalwareBytes took care of it and finished-off what the Super AntiSpyware missed. Anyway, I have both and use them fairly regularly now. So, it seems like I’m pretty well back to normal.
i want to delete this spyware guard and it keeps popping up. I’ve done it various time and it doesnt deletes.
I do not know where to begin to get rid of spyware guard 2008 off my computer. can anyone help
thanks
SmitFraudFix cleaned this up in like 5 minutes for me
If you download it, and in the process find out that it is a rouge, then delete it, does it still take your money? How do I protect my credit?
I am experiencing what Erik described with the dialog bubble from a Security Center application that runs in the system tray, but I can’t get rid of it
I ran both MalwareBytes and SUPERantispyware with up to date version and still experience the dialog bubble. I can’t seem to locate WINDOWS/System32/wsc32x.exe either and think it has been removed.
Anybody can help?
I just been infective with spyware 2008 and it also has tried to install 2009..
Don’t know where I got it from… It won’t let upgrade from norton or any other
reputable company..Takes forever to booth up, but I can still get email & internet..
It trys auto- install at varied times, so I must cancel it immediately on the screen
and the tray.. It will drive you nuts….Thanks for other inputs….
tried malwarebytes..spyware dr..and superantispyware and none of even began to get rid of spywareguard2008…when trying to execute them,they wouldnt even start up or i’d get the windows error report saying there was an error opening them..im pretty pc saavy so this one has me stumped..ive killed all processes and searched all files,folders and registry entries and tried deleting them but it never goes away…any help please!
Just use the Malwarebytes’ Anti-Malware system and it took care of it. (hopefully)
I found that Kaspersky is good at removing everything, including that fake dialogue box. Also look at trust sites in Internet Explorer with HijackThis, it’ll add sites that allow it to regenerate!!!!
omg…this a pain.
I stupidly downloaded “Antivirus 2009″, and that opened the door for a ton of problems.
Used spywarehunter to kill av 2009.
Then SUPERantispyware for spyware guard 2008.
still have dialog box made to look like “Windows security center”
trying Malwarebytes anti-malware now.
The software company that comes up with the ONE solution will have my money immediatley.
I just don’t understand. I have tried AVG, avast, and antispywarebot and NOTHING has gotten rid of this trogan. When I ran a scan through avast it told me that there were 3 infected files but they were linked up to some files in my windows folder and I am worried to delete them, considering it could damage my operating system. Should I just delete them anyway?
Alright I fixed it and I wanted to tell everyone how I did it because it is such a life saver!
forget what I said about xxxxsxxxxrexxt.com They are the best!
its is 29.95 for two computers but after you do the scan and if it doesn’t work.. go back to their website and put in your email address and what not and then click on the “live chat” option.
They ended up remote accessing into my computer (no extra charge) and took care of everything!
Please use this site.. if I knew it from the beginning it would had saved me 24+ hours of work on my computer
Edited by Shanmuga: Dangerous URL.
Xalkie, Like I said earlier the Kaspersky anti-virus program (you can get a free 30 day trial) removed the fake windows security center problem for me. I’d also like to note that in the last two daily updates from SUPERAntiSpyware that “Spyware Guard 2008″ was listed in the new threats that it can remove so this is obviously a very recent form of malware when day-by-day the removal programs are learning where to look. I’d also like to note that my SpywareBlaster and Spybot immunization features were partially turned off so you have to turn those back on. This new threat is nastyyyy….good luck all.
My computer is frozen also. I tried safe mode regular and in dos. My brother tried to walk me through deleting it in dos and that didn’t work either!! Later last night I tried safe mode again and chose last best configuration and still nothing. If anybody has any ideas please post otherwise I think we are goiing to just re format the computer.
I tried Malwarebytes software, but the Spy ware guard 2008 kept hijacking it and shutting down my computer. I tried manually deleting but it apparently is in my root directory and I can’t find it to take it out…?? any suggestions?? HELP!!!
i got hit with this over the weekend
after much work and failure we were able to get rid of it using the solution noted above with Super AntiSpyware initially and then ran MalwareBytes and seemed we are good to go with no return now for a couple of days
I go rid of this F@$@@@&%^cking thing by running Malwarebytes’ Anti-Malware a few times with the latest updates. While the program is running I tried to stop running Spyguard everytime it started. IT’S GONE!!
Deleted files, folders, registry keys and values, and the damn thing still pops up. I am currently running a scan of the latest version of “Malwarebytes Anti-Malware” (12.11.08) . will post back after scanning, quarantining, deleting, then restarting.
it worked. for now-
i am not able to run the above said softwares. the virus prohibits execution of the Super AntiSpyware and Anti-Malware
I’m working on a pc this week that has spyguard2008 bad. Malwarebytes usually removes stuff like this, but not this time. Spybot, Adaware & AVG have not been able to kill this, even if you pull the hard drive and scan it in another machine. This makes me think I get to spend lots of time going through the registry. This crap is a headache.
…still battling it here… Tried all solutions mentioned on the site and can’t get rid of it.
The MalwareBytes took care of it and finished-off
THANK YOU EVER SOOOOOOOOOOOOOOOOOO MUCH GUYS
You saved my life
Got this horrendous virus yesterday, but have just got rid of it.
Downloaded MalwareBytes on to another PC and put it on to a USB stick. My infected PC would only boot in safe mode – under which MalwareBytes wouldn’t run
.
I then restarted the XP machine using ‘Last known good settings’. The virus popped up right away and started to run, but at least now I could install MalwareBytes.
I ran it (quick scan first), and it did find ‘SpyGaurd’ – though SpyGuard itself kept coming on during the scan (I always quickly closed it).
MalwareBytes removed most of it on the first pass, but some elements had to be removed after a reboot – which it seemed to do.
Fingers crossed everything is now clear!
I tried malwarebytes, combo fix, but i am still getting the pop ups, as soon as i stop the process and remove the virus folder it pops up again with a new folder in program files and i am not able to delete the spywaregaurd.exe even by using Icesword….what else can i try
YESSS! Finally!..the bastage is DEAD! Download the free Malwarebytes program. This nasty SOB was interfering with everything…my symantec was rendered powerless. I just made sure the malwarebytes was updated and put it to work. You’ll need to reboot after it finishes. Good luck!
Vinoth, you may have other malware. Please post for help at one of the Recommended Online Forums for Malware Help.
What’s worked for me is the following….
Install malwarebytes setup by disc downloaded from another computer
rename the malwarebytes set up .bat
during the initial installation stop the process when it hung up
delete all the spywareguard files under program files
start up the malwarebytes
during the scan watch the spywareguard folder under program files and delete the files as they re-appear about every 5 minutes
during the scan also stop the spyware guard from starting up again
have run the scan 2x with the first finding 40+ infected files and a handful that had to be deleted upon reboot.
The second time found 15 files…rebooted
will post again if problem not solved
Now was able to run Superantispyware….
This seems to have fixed the problem
Hi,
Luckily after half day of trial i am able to get rid of this annoying spyware guard 2008. here is what i did, i hope you can try if it helps.
I am running Windows XP service pack2 on my Vaio laptop.
download: Malwarebytes’ Anti-Malware Download Link (Link edited: Shanmuga)
reboot the PC in safe mode and then install the same.
Install the application.
Before running the scan, from the task manager kill the spyware guraed process and windows security centre process.
And now run quick scan. and follow the instruction.
after just try to delete all the temperory files from the path
C:\Documents and Settings\Harsh\Local Settings\Temporary Internet Files\Content.IE5\
to view the content.IE5 folder you should be administrator on the system.
then reboot the PC, hope this should clean your pc, you can try repeating the steps twice if it didnt worked in the first go.
But i followed the same, and now i am able to remove it completely.
Thanks To Malwarebye’s Anti malware, I am now free of this infection. I have been plagued with it for about 2 weeks, when I originally tried many of the anti spyware removal tools, they did not clean it up, they would catch many of the components of the virus, but something was always left behind that caused it to come back almost instantly after cleaning.
I uploaded the most recent definitions today for Malwarebyte’s and ran the scan. This time it worked and I am virus free.
Give it a try!
This thing is killing me. Its hidden my dvd drives so i can’t use disks to install this software. Any website I go to it either gives me page cannot be displayed, or it redirects me to some spam. At this point the only way i have to get files in is by gmail, and gmail doesn’t allow me to send exe files and is really picky. This thing is like a puzzle.
Super Anti Spyware wont install, I have Malware Bytes installed but it wont open. The virus won’t allow me to update any of my software.
I’m trying everything you guys are recommending and haven’t found a cure yet. If anyone knows anything useful, please post!
I finally got rid of this AWFUL virus. Thanks to you guys!!! I first ran the MalwareBytes Anti-Malware but it did not get it. I then ran the SUPER AntiSpyware and it seems to have done the trick! I am keeping my fingers crossed! It took all afternoon but we have been dealing with it for about a week now. Good luck everyone!
I tried the latest version of Malwarebyte (Dec. 03, 2008), and it still won’t go away. I got this stupid Spyware Guard on the 10th, is it possible that it’s evolved since the 3rd? Is there a program that was updated this week that might get rid of this. It’s knocked out my internet, so I have to use my friend’s computer to download stuff. HEELLLLPPP!!!!!!
if your computer wont let you open malwarebytes it maybe because the virus stops you from opening it.
i had this problem before and was quickly resolced by renaming the mbam.exe to something else. i used notmbam.exe the it worked perfectly.
I down loaded both; the SUPERAntiSpyware and the Malwarebytes’ Anti-Malware, the free virsions. Each one found different items and removed them. Things are moving along nicely … for now. Thanks for the advice.
Hey – here is a complete layperson’s approach to a virus problem – I am NOT a computer person – I just figured this stuff out from browsing various websites & from trial & error.
I had a horrible RapidBlaster, SpywareGuard 2008, Windows Security Center Virus combo – I could barely get my computer to start & it was hijacking all my Google searches and actually blocking me from accessing anti-malware sites! It took a couple of days to figure out how to get rid of it – here is what finally worked for me:
Get fast at killing the spywareguard and winscenter processes in the Task Manager (processes tab) – this step will have to be repeated several times as the Malwarebytes scan runs – fastest way to get Task Manager up is to right click in the taskbar area & chose the Task Manager option – actually it’s best just to leave up the Task Manager so you can kill the spywareguard and winscenter processes as soon as they start leaving absolutely no time for them to create further problems.
(By the way, after you kill these processes, the green spywareguard and red winscenter icons might still appear in the Taskbar. But just wave your mouse over them & they disappear.)
Uninstall the SpywareGuard 2008 using the SpywareGuard 2008 uninstall option via the Start All Programs menu – again, you’ll probably have to do this every time the stupid thing starts to run again. And/or use the uninstall link in the Control Panel Add/Remove Programs listing.
I had already installed & run a StopZilla scan – it found the Trojans & removed them but it wasn’t cutting it at getting rid of the thing that was actually creating the Trojans (& repeatedly forcing open SpywareGuard 2008 and Windows Security Center) to begin with. However, StopZilla WAS great at blocking RapidBlaster attacks as the Malwarebytes scan ran.
So yes, as this forum suggests, install and run Malwarebytes. StopZilla is optional & it is not free – I just found it before I found Malwarebytes so now I have both. (And for $10 after rebate, I am glad I have both.)
Even with the Malwarebytes scan & removal, I had to manually delete the following files (before the reboot):
C:\Windows\reged.exe
C:\Windows\spoolsystem.exe
C:\Windows\sys.com
C:\Windows\syscert.exe
C:\Windows\sysexplorer.exe
C:\Windows\vmreg.dll
I also searched my C drive – all files & folders – on the word spyware and deleted anything that said Spyware Guard (don’t delete everything that says simply spyware – some of it is legit of course).
Make sure you delete everything out of the Recycle Bin too – before you reboot!
AND I ran the regedit to make sure there were no spyware guard keys. From another site (Malware Help.org), here is a list of keys that might be affected:
(note however that I deleted these before I discovered Malwarebytes – it could be that Malwarebytes does this for you, but you may want to doublecheck anyway)
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\spywareguard
HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache\C:\Program Files\Spyware Guard 2008\spywareguard.exe
HKEY_CURRENT_USER\Software\Spyware Guard\NP\NP
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Spyware Guard 2008\Display Name
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Spyware Guard 2008\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Spyware Guard 2008\UninstallString
I think at some point I also deleted the Viewpoint keys folder too – I have seen a few sites that recommend that.
A couple of final notes:
I rebooted my computer and ran Malwarebytes again (no infections) and I ran StopZilla again (it always says it’s catching all this stuff but I think it is lying – but I run it just for the satisfaction of hitting the Remove button – and because I paid $10 for it).
I already had Bitdefender as my antivirus program and a few times during this whole process it went crazy blocking viruses – more so when StopZilla runs than with the Malwarebytes. It turns out that there are some viruses in C:\Windows\Temp that I guess have been quarantined because I cannot delete them. But every time I click on them (to delete them), Bitdefender pops up & says that that virus is trying to attack. So I think when StopZilla touches them, that is what makes Bitdefender go crazy. So, if you CAN delete them, do so (and remember to delete them from the Recycle Bin) but if it doesn’t let you delete them, just leave them there because again, I think it means they are quarantined. They look like this: SMI76.tmp SMI6E.tmp etc.
Good Luck!
i too got this spyware guard 2008. i had been trying alot of the free antivirus programs as well such as avg, ad aware, SUPERantispyware, and even malwarebytes’ anti-malware. malwarebytes caught most of it but left that stupid security center icon. this was only a few days agao i could not get rid of it, until today when i updated malwarebytes again….FINALLY gone.THANKS malwarebytes and the rest of you guys in this forum.
I got this spy guard 2008 am 13th December and I spent 24 hours to recovery my computer. I tried to download SmitFraudFix, but internet was directed each time by the malware to different sites. I used my notebook to download the SFF and I followed the instructions, but the malware appeared again everytime I reloaded Windows. Finally I decided to format the HD and only after that I could use may computer again. It’s never happened to me a so terrible experience!
This was added to Spybot S&D’s list 12.10.08.
Will test later today.
I hope whoever made this virus would just die.
Have had this prob for two days now, and nothing is working. The virus has blocked my internet, therefor i can’t downland Malwarebyte, therefor making it imposible to get rid of this damn curse!!
I had just installed AdAware last night and tried to run free online scans from TrendMicro and McAfee, in addition to updating my virus database from Avira. TrendMicro wouldn’t install. THEN, today I get this SpywareGuard 2008. Since I haven’t installed anything else or visited any of those websites, I really wonder if one of these products was poisoned; just seems too coincidental. Unless it was somehow installed at some point and only activated by one of the above products. Why aren’t any of these antivirus and more anti-malware products on top of this??
Spybot S&D worked perfectly, as expected. If any problems just run it in safe mode or at startup.
Anyone have any ideas on how I can run the spyware programs. Everytime I get the windows error report screen or my computer freezes.
I was finally successful with manual removal. It took several hours because the DLL files kept morphing into other names and I’d have to start from scratch every time I rebooted as it would reinstall itself. I focused on searching out *.dll files created today, and as soon as I found one, I SHIFT-DELeted it. Finally got them all, at least for this outbreak…
Next Comments →