Subscribe to Malware Help RSS Feed RSS Feed - Subscribe to Malware Help. Org on Twitter Follow on Twitter - Malware Help YouTube Channel YouTube Channel - Subscribe to Malware Help by Email Subscribe by Email

Spyware Guard 2008 Analysis and Removal

by Shanmuga| Tweet This | Google +1 | Facebook | Stumble It | Reddit | Digg | del.icio.us

Spyware Guard 2008 is a new entrant to the family of rogue security software. It is not to be confused with SpywareGuard a fine freeware from Javacool software.

A rogue security software belongs to a family of software products that call themselves as antivirus, antispyware or registry cleaners and often use deceptive or high pressure sales tactics and deliberate false positives to convince users into buying a license/subscription. They are often repackaged and renamed. They do not actually remove malware instead many of them add more malware of their own.

Note: Visiting any of the malware hosting domains mentioned below may be injurious to the health of your computer system.

Analysis of Spyware Guard 2008 Installation

spyware guard 2008 0010a Spyware Guard 2008 Analysis and Removal

This rogue anti-spyware currently lives in spywareguard2008.com. Spywareguard2008.com has the IP 67.19.176.187 hosted by bb.b0.1343.static.theplanet.com. The domain name appears to be registered by MAMBA on 26-Aug-2008 and the registrant details are protected by Protect Details, Inc out of Saint Petersburg, Russia. This IP is shared with Porn-movies-online.net, notorious for pushing fake video codecs. This IP is also used as a nameserver for pyroscanner.com.

A temporary redirect from gosg2008.com and Sg8go.com points to spywareguard2008.com.

Curiously their payment processor at innovagest2000s.com is not yet working, gives off a message “Invalid product !”.

The executable installer file is named SpywareGuard2008.exe (1.51 MB). This file must be manually executed for the installation of the rogue anti-spyware. At this point only a couple of engines detects this as suspicious over at VirusTotal.

spyware guard 2008 virustotal results Spyware Guard 2008 Analysis and Removal

True to its genre, it installs a few suspicious files of its own in the Windows directory. They are reged.exe, spoolsystem.exe, sys.com, syscert.exe, sysexplorer.exe and vmreg.dll.

Spyware Guard 2008 – Associated Files and Folders

  • C:\Documents and Settings\Shanmuga\Start Menu\Programs\Spyware Guard 2008
  • C:\Program Files\Spyware Guard 2008
  • C:\Program Files\Spyware Guard 2008\quarantine
  • C:\Program Files\Spyware Guard 2008\conf.cfg
  • C:\Program Files\Spyware Guard 2008\mbase.vdb
  • C:\Program Files\Spyware Guard 2008\quarantine.vdb
  • C:\Program Files\Spyware Guard 2008\queue.vdb
  • C:\Program Files\Spyware Guard 2008\spywareguard.exe
  • C:\Program Files\Spyware Guard 2008\uninstall.exe
  • C:\Program Files\Spyware Guard 2008\vbase.vdb
  • C:\Documents and Settings\Shanmuga\Desktop\Spyware Guard 2008.lnk
  • C:\Documents and Settings\Shanmuga\Start Menu\Programs\Spyware Guard 2008\Spyware Guard 2008.lnk
  • C:\Documents and Settings\Shanmuga\Start Menu\Programs\Spyware Guard 2008\Uninstall.lnk
  • C:\Documents and Settings\Shanmuga\Application Data\Microsoft\Internet Explorer\olesys.dll
  • C:\Windows\reged.exe
  • C:\Windows\spoolsystem.exe
  • C:\Windows\sys.com
  • C:\Windows\syscert.exe
  • C:\Windows\sysexplorer.exe
  • C:\Windows\vmreg.dll

Note: File names may be randomly generated.

Spyware Guard 2008 – Associated Registry keys and values

  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\spywareguard
    REG_SZ, 106 bytes, “C:\Program Files\Spyware Guard 2008\spywareguard.exe”
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache\C:\Program Files\Spyware Guard 2008\spywareguard.exe
    REG_SZ, 26 bytes, “spywareguard”
  • HKEY_CURRENT_USER\Software\Spyware Guard\NP\NP
    REG_SZ, 66 bytes, “F620C418B59F44D289B18E1D1B5D896E”
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Spyware Guard 2008\Display Name
    REG_SZ, 38 bytes, “Spyware Guard 2008″
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Spyware Guard 2008\DisplayName
    REG_SZ, 38 bytes, “Spyware Guard 2008″
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Spyware Guard 2008\UninstallString
    REG_SZ, 100 bytes, “C:\Program Files\Spyware Guard 2008\uninstall.exe”

Spyware Guard 2008 – Associated Domains

  • spywareguard2008.com
  • Porn-movies-online.net
  • pyroscanner.com
  • gosg2008.com
  • Sg8go.com
  • innovagest2000s.com

Spyware Guard 2008 – Removal (How to remove Spyware Guard 2008)

At the time of writing this none of the popular free anti-malware programs were detecting this. I tested with MalwareBytes’s Anti-Malware, SuperAntiSpyware, Ad-Aware 2008, Spybot Search & Destroy, A-squared free and PCTools SpywareDoctor starter edition. I will update this post once any of the above vendors include detection and removal for this rogue.

Update Oct 04: SUPERAntiSpyware free version detects and removes this rogue completely with the latest definitions update.

Update Nov 13: Malwarebytes’ Anti-Malware free version is updated to remove this rogue.

Update: If the Internet Explorer and other IE dependent programs have lost their ability to show pictures, try the following, it seems to restore the pictures for some users:

  • Open Internet Options in Control Panel
  • Click on the Advanced tab.
  • Look for the Multimedia section
  • Place a check mark in the Show Pictures option.
  • Restart Internet Explorer if running.

Advanced users may manually remove this pest by deleting the associated folders, files, registry keys and values mentioned above. I would also recommend turning off and on the System Restore to clear any infected restore points and using CCleaner to clear the temp folders and files to avoid recurrence.

If you still see symptoms associated with this rogue anti-spyware, please post your problem at one of the Recommended Online Forums for Malware Help.

Spyware Guard 2008 – Rogue Gallery

Spyware Guard 2008 – Video

Note: The above installation was tested on a fully patched Windows XP SP3 running updated versions of Internet Explorer 7 and Firefox 3. The content provided in this article is not warranted or guaranteed by Malware Help. Org. The content provided is intended for entertainment and/or educational purposes. I am not liable for any negative consequences that may result from implementing any information covered in this article. The above information is correct at the time of my testing, it might change with time and or under different testing conditions.

You may also like to read



{ 225 comments… read them below or add one }

Edy November 1, 2008 at 12:49 PM

When searching for an antispyware scanner that will protect and clean your PC it can get a little confusing. There are so many available it’s hard to know which one will work the best.
Antispyware solution from Search-and-destroy.
If you’re like me, you’ve probably tried a variety of them all and found they basically all find the same types of bugs. Through my experimenting I’ve found that the antispyware solution from Search-and-destroy at search-and-destroy works the best. Search-and-destroy cleans and protects my computer just as good as any scanner, it gets rid of those nasty bugs and it does it all for less than many of the others available.

Reply

Erik November 13, 2008 at 10:57 PM

I used the SUPERantispyware removal tool with some success against the Spyware Guard 2008 malware. Unfortunately it didn’t eradicate it entirely. I still have a problem where I get a little dialog bubble from a Securty Center application that runs in the system tray. I found the process and went into msconfig to try and stop it from loading. There is another application somewhere that spawns an executable (wsc32x.exe) that gets created an installed in the WINDOWS/System32 directory. Then it just generates bogus messages that since I don’t have Spyware Guard 2008 active, my system is at risk. Nothing I have found online addresses this issue. I don’t want to have to wipe my harddrive and start over but I’m very close to doing just that.

Reply

Shanmuga November 13, 2008 at 11:05 PM

Malwarebytes’ Anti-Malware free version is updated to remove this rogue. Try a scan with it. Post back how it goes.

Reply

Vickie November 14, 2008 at 9:04 PM

My desk top is frozen and I am not able to even get it do anything. How can I get this down loaded so that I can use once again use my computer? I have the virus thats called Spy Ware Guard 2008? Any help would be so much appreciated Thanks Vickie

Reply

Erik November 27, 2008 at 12:29 AM

Just a follow-up. The MalwareBytes took care of it and finished-off what the Super AntiSpyware missed. Anyway, I have both and use them fairly regularly now. So, it seems like I’m pretty well back to normal.

Reply

DEnisse November 30, 2008 at 9:02 PM

i want to delete this spyware guard and it keeps popping up. I’ve done it various time and it doesnt deletes.

Reply

jan December 2, 2008 at 7:46 PM

I do not know where to begin to get rid of spyware guard 2008 off my computer. can anyone help

thanks

Reply

Randy December 5, 2008 at 12:39 PM

SmitFraudFix cleaned this up in like 5 minutes for me

Reply

Chris December 6, 2008 at 1:43 AM

If you download it, and in the process find out that it is a rouge, then delete it, does it still take your money? How do I protect my credit?

Reply

hykingo December 8, 2008 at 1:23 PM

I am experiencing what Erik described with the dialog bubble from a Security Center application that runs in the system tray, but I can’t get rid of it
I ran both MalwareBytes and SUPERantispyware with up to date version and still experience the dialog bubble. I can’t seem to locate WINDOWS/System32/wsc32x.exe either and think it has been removed.

Anybody can help?

Reply

RAdkins December 9, 2008 at 1:20 AM

I just been infective with spyware 2008 and it also has tried to install 2009..
Don’t know where I got it from… It won’t let upgrade from norton or any other
reputable company..Takes forever to booth up, but I can still get email & internet..
It trys auto- install at varied times, so I must cancel it immediately on the screen
and the tray.. It will drive you nuts….Thanks for other inputs….

Reply

Nick December 9, 2008 at 5:06 AM

tried malwarebytes..spyware dr..and superantispyware and none of even began to get rid of spywareguard2008…when trying to execute them,they wouldnt even start up or i’d get the windows error report saying there was an error opening them..im pretty pc saavy so this one has me stumped..ive killed all processes and searched all files,folders and registry entries and tried deleting them but it never goes away…any help please!

Reply

paul December 9, 2008 at 8:16 AM

Just use the Malwarebytes’ Anti-Malware system and it took care of it. (hopefully)

Reply

Ty December 9, 2008 at 10:57 AM

I found that Kaspersky is good at removing everything, including that fake dialogue box. Also look at trust sites in Internet Explorer with HijackThis, it’ll add sites that allow it to regenerate!!!!

Reply

Xalkie December 9, 2008 at 11:07 PM

omg…this a pain.
I stupidly downloaded “Antivirus 2009″, and that opened the door for a ton of problems.
Used spywarehunter to kill av 2009.
Then SUPERantispyware for spyware guard 2008.
still have dialog box made to look like “Windows security center”
trying Malwarebytes anti-malware now.
The software company that comes up with the ONE solution will have my money immediatley.

Reply

Lindsey December 10, 2008 at 11:06 PM

I just don’t understand. I have tried AVG, avast, and antispywarebot and NOTHING has gotten rid of this trogan. When I ran a scan through avast it told me that there were 3 infected files but they were linked up to some files in my windows folder and I am worried to delete them, considering it could damage my operating system. Should I just delete them anyway?

Reply

Lindsey December 11, 2008 at 12:39 AM

Alright I fixed it and I wanted to tell everyone how I did it because it is such a life saver!

forget what I said about xxxxsxxxxrexxt.com They are the best!
its is 29.95 for two computers but after you do the scan and if it doesn’t work.. go back to their website and put in your email address and what not and then click on the “live chat” option.

They ended up remote accessing into my computer (no extra charge) and took care of everything!

Please use this site.. if I knew it from the beginning it would had saved me 24+ hours of work on my computer

Edited by Shanmuga: Dangerous URL.

Reply

Ty December 11, 2008 at 3:41 AM

Xalkie, Like I said earlier the Kaspersky anti-virus program (you can get a free 30 day trial) removed the fake windows security center problem for me. I’d also like to note that in the last two daily updates from SUPERAntiSpyware that “Spyware Guard 2008″ was listed in the new threats that it can remove so this is obviously a very recent form of malware when day-by-day the removal programs are learning where to look. I’d also like to note that my SpywareBlaster and Spybot immunization features were partially turned off so you have to turn those back on. This new threat is nastyyyy….good luck all.

Reply

Krista December 11, 2008 at 4:59 AM

My computer is frozen also. I tried safe mode regular and in dos. My brother tried to walk me through deleting it in dos and that didn’t work either!! Later last night I tried safe mode again and chose last best configuration and still nothing. If anybody has any ideas please post otherwise I think we are goiing to just re format the computer.

Reply

Candice December 11, 2008 at 5:37 AM

I tried Malwarebytes software, but the Spy ware guard 2008 kept hijacking it and shutting down my computer. I tried manually deleting but it apparently is in my root directory and I can’t find it to take it out…?? any suggestions?? HELP!!!

Reply

Mark December 11, 2008 at 6:43 AM

i got hit with this over the weekend
after much work and failure we were able to get rid of it using the solution noted above with Super AntiSpyware initially and then ran MalwareBytes and seemed we are good to go with no return now for a couple of days

Reply

Frank December 12, 2008 at 12:43 AM

I go rid of this F@$@@@&%^cking thing by running Malwarebytes’ Anti-Malware a few times with the latest updates. While the program is running I tried to stop running Spyguard everytime it started. IT’S GONE!!

Reply

Udaya December 12, 2008 at 5:48 AM

Deleted files, folders, registry keys and values, and the damn thing still pops up. I am currently running a scan of the latest version of “Malwarebytes Anti-Malware” (12.11.08) . will post back after scanning, quarantining, deleting, then restarting.

Reply

Udaya December 12, 2008 at 6:28 AM

it worked. for now-

Reply

Danny December 12, 2008 at 6:48 AM

i am not able to run the above said softwares. the virus prohibits execution of the Super AntiSpyware and Anti-Malware

Reply

Ray December 12, 2008 at 7:00 AM

I’m working on a pc this week that has spyguard2008 bad. Malwarebytes usually removes stuff like this, but not this time. Spybot, Adaware & AVG have not been able to kill this, even if you pull the hard drive and scan it in another machine. This makes me think I get to spend lots of time going through the registry. This crap is a headache.

Reply

Brian December 12, 2008 at 8:00 AM

…still battling it here… Tried all solutions mentioned on the site and can’t get rid of it.

Reply

nm09 December 12, 2008 at 9:36 AM

The MalwareBytes took care of it and finished-off
THANK YOU EVER SOOOOOOOOOOOOOOOOOO MUCH GUYS
You saved my life

Reply

Bobby Farmer December 12, 2008 at 9:20 PM

Got this horrendous virus yesterday, but have just got rid of it.

Downloaded MalwareBytes on to another PC and put it on to a USB stick. My infected PC would only boot in safe mode – under which MalwareBytes wouldn’t run :-( .

I then restarted the XP machine using ‘Last known good settings’. The virus popped up right away and started to run, but at least now I could install MalwareBytes.

I ran it (quick scan first), and it did find ‘SpyGaurd’ – though SpyGuard itself kept coming on during the scan (I always quickly closed it).

MalwareBytes removed most of it on the first pass, but some elements had to be removed after a reboot – which it seemed to do.

Fingers crossed everything is now clear!

Reply

Vinoth December 13, 2008 at 4:45 AM

I tried malwarebytes, combo fix, but i am still getting the pop ups, as soon as i stop the process and remove the virus folder it pops up again with a new folder in program files and i am not able to delete the spywaregaurd.exe even by using Icesword….what else can i try

Reply

Shelley December 13, 2008 at 5:25 AM

YESSS! Finally!..the bastage is DEAD! Download the free Malwarebytes program. This nasty SOB was interfering with everything…my symantec was rendered powerless. I just made sure the malwarebytes was updated and put it to work. You’ll need to reboot after it finishes. Good luck!

Reply

Shanmuga December 13, 2008 at 8:36 AM

Vinoth, you may have other malware. Please post for help at one of the Recommended Online Forums for Malware Help.

Reply

john December 13, 2008 at 11:54 AM

What’s worked for me is the following….
Install malwarebytes setup by disc downloaded from another computer
rename the malwarebytes set up .bat
during the initial installation stop the process when it hung up
delete all the spywareguard files under program files
start up the malwarebytes
during the scan watch the spywareguard folder under program files and delete the files as they re-appear about every 5 minutes
during the scan also stop the spyware guard from starting up again
have run the scan 2x with the first finding 40+ infected files and a handful that had to be deleted upon reboot.
The second time found 15 files…rebooted
will post again if problem not solved

Reply

john December 13, 2008 at 12:23 PM

Now was able to run Superantispyware….
This seems to have fixed the problem

Reply

harsh December 13, 2008 at 5:54 PM

Hi,
Luckily after half day of trial i am able to get rid of this annoying spyware guard 2008. here is what i did, i hope you can try if it helps.
I am running Windows XP service pack2 on my Vaio laptop.
download: Malwarebytes’ Anti-Malware Download Link (Link edited: Shanmuga)
reboot the PC in safe mode and then install the same.
Install the application.
Before running the scan, from the task manager kill the spyware guraed process and windows security centre process.

And now run quick scan. and follow the instruction.

after just try to delete all the temperory files from the path

C:\Documents and Settings\Harsh\Local Settings\Temporary Internet Files\Content.IE5\

to view the content.IE5 folder you should be administrator on the system.

then reboot the PC, hope this should clean your pc, you can try repeating the steps twice if it didnt worked in the first go.

But i followed the same, and now i am able to remove it completely.

Reply

zoot December 13, 2008 at 10:09 PM

Thanks To Malwarebye’s Anti malware, I am now free of this infection. I have been plagued with it for about 2 weeks, when I originally tried many of the anti spyware removal tools, they did not clean it up, they would catch many of the components of the virus, but something was always left behind that caused it to come back almost instantly after cleaning.

I uploaded the most recent definitions today for Malwarebyte’s and ran the scan. This time it worked and I am virus free.

Give it a try!

Reply

Nolan December 14, 2008 at 5:14 AM

This thing is killing me. Its hidden my dvd drives so i can’t use disks to install this software. Any website I go to it either gives me page cannot be displayed, or it redirects me to some spam. At this point the only way i have to get files in is by gmail, and gmail doesn’t allow me to send exe files and is really picky. This thing is like a puzzle.

Super Anti Spyware wont install, I have Malware Bytes installed but it wont open. The virus won’t allow me to update any of my software.

I’m trying everything you guys are recommending and haven’t found a cure yet. If anyone knows anything useful, please post!

Reply

Denise Rogers December 14, 2008 at 5:57 AM

I finally got rid of this AWFUL virus. Thanks to you guys!!! I first ran the MalwareBytes Anti-Malware but it did not get it. I then ran the SUPER AntiSpyware and it seems to have done the trick! I am keeping my fingers crossed! It took all afternoon but we have been dealing with it for about a week now. Good luck everyone!

Reply

Computer Illiterate December 14, 2008 at 7:59 AM

I tried the latest version of Malwarebyte (Dec. 03, 2008), and it still won’t go away. I got this stupid Spyware Guard on the 10th, is it possible that it’s evolved since the 3rd? Is there a program that was updated this week that might get rid of this. It’s knocked out my internet, so I have to use my friend’s computer to download stuff. HEELLLLPPP!!!!!!

Reply

bob December 14, 2008 at 1:48 PM

if your computer wont let you open malwarebytes it maybe because the virus stops you from opening it.
i had this problem before and was quickly resolced by renaming the mbam.exe to something else. i used notmbam.exe the it worked perfectly.

Reply

ken December 15, 2008 at 12:52 AM

I down loaded both; the SUPERAntiSpyware and the Malwarebytes’ Anti-Malware, the free virsions. Each one found different items and removed them. Things are moving along nicely … for now. Thanks for the advice.

Reply

My Way December 15, 2008 at 2:36 AM

Hey – here is a complete layperson’s approach to a virus problem – I am NOT a computer person – I just figured this stuff out from browsing various websites & from trial & error.

I had a horrible RapidBlaster, SpywareGuard 2008, Windows Security Center Virus combo – I could barely get my computer to start & it was hijacking all my Google searches and actually blocking me from accessing anti-malware sites! It took a couple of days to figure out how to get rid of it – here is what finally worked for me:

Get fast at killing the spywareguard and winscenter processes in the Task Manager (processes tab) – this step will have to be repeated several times as the Malwarebytes scan runs – fastest way to get Task Manager up is to right click in the taskbar area & chose the Task Manager option – actually it’s best just to leave up the Task Manager so you can kill the spywareguard and winscenter processes as soon as they start leaving absolutely no time for them to create further problems.
(By the way, after you kill these processes, the green spywareguard and red winscenter icons might still appear in the Taskbar. But just wave your mouse over them & they disappear.)

Uninstall the SpywareGuard 2008 using the SpywareGuard 2008 uninstall option via the Start  All Programs menu – again, you’ll probably have to do this every time the stupid thing starts to run again. And/or use the uninstall link in the Control Panel  Add/Remove Programs listing.

I had already installed & run a StopZilla scan – it found the Trojans & removed them but it wasn’t cutting it at getting rid of the thing that was actually creating the Trojans (& repeatedly forcing open SpywareGuard 2008 and Windows Security Center) to begin with. However, StopZilla WAS great at blocking RapidBlaster attacks as the Malwarebytes scan ran.

So yes, as this forum suggests, install and run Malwarebytes. StopZilla is optional & it is not free – I just found it before I found Malwarebytes so now I have both. (And for $10 after rebate, I am glad I have both.)

Even with the Malwarebytes scan & removal, I had to manually delete the following files (before the reboot):
C:\Windows\reged.exe
C:\Windows\spoolsystem.exe
C:\Windows\sys.com
C:\Windows\syscert.exe
C:\Windows\sysexplorer.exe
C:\Windows\vmreg.dll

I also searched my C drive – all files & folders – on the word spyware and deleted anything that said Spyware Guard (don’t delete everything that says simply spyware – some of it is legit of course).

Make sure you delete everything out of the Recycle Bin too – before you reboot!

AND I ran the regedit to make sure there were no spyware guard keys. From another site (Malware Help.org), here is a list of keys that might be affected:
(note however that I deleted these before I discovered Malwarebytes – it could be that Malwarebytes does this for you, but you may want to doublecheck anyway)
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\spywareguard
HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache\C:\Program Files\Spyware Guard 2008\spywareguard.exe
HKEY_CURRENT_USER\Software\Spyware Guard\NP\NP
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Spyware Guard 2008\Display Name
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Spyware Guard 2008\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Spyware Guard 2008\UninstallString

I think at some point I also deleted the Viewpoint keys folder too – I have seen a few sites that recommend that.

A couple of final notes:

I rebooted my computer and ran Malwarebytes again (no infections) and I ran StopZilla again (it always says it’s catching all this stuff but I think it is lying – but I run it just for the satisfaction of hitting the Remove button – and because I paid $10 for it).

I already had Bitdefender as my antivirus program and a few times during this whole process it went crazy blocking viruses – more so when StopZilla runs than with the Malwarebytes. It turns out that there are some viruses in C:\Windows\Temp that I guess have been quarantined because I cannot delete them. But every time I click on them (to delete them), Bitdefender pops up & says that that virus is trying to attack. So I think when StopZilla touches them, that is what makes Bitdefender go crazy. So, if you CAN delete them, do so (and remember to delete them from the Recycle Bin) but if it doesn’t let you delete them, just leave them there because again, I think it means they are quarantined. They look like this: SMI76.tmp SMI6E.tmp etc.

Good Luck!

Reply

Jim December 15, 2008 at 4:37 AM

i too got this spyware guard 2008. i had been trying alot of the free antivirus programs as well such as avg, ad aware, SUPERantispyware, and even malwarebytes’ anti-malware. malwarebytes caught most of it but left that stupid security center icon. this was only a few days agao i could not get rid of it, until today when i updated malwarebytes again….FINALLY gone.THANKS malwarebytes and the rest of you guys in this forum.

Reply

Loredana December 15, 2008 at 3:26 PM

I got this spy guard 2008 am 13th December and I spent 24 hours to recovery my computer. I tried to download SmitFraudFix, but internet was directed each time by the malware to different sites. I used my notebook to download the SFF and I followed the instructions, but the malware appeared again everytime I reloaded Windows. Finally I decided to format the HD and only after that I could use may computer again. It’s never happened to me a so terrible experience!

Reply

Matthew December 15, 2008 at 9:38 PM

This was added to Spybot S&D’s list 12.10.08.
Will test later today.

Reply

Tim December 16, 2008 at 2:30 AM

I hope whoever made this virus would just die.
Have had this prob for two days now, and nothing is working. The virus has blocked my internet, therefor i can’t downland Malwarebyte, therefor making it imposible to get rid of this damn curse!!

Reply

Char December 16, 2008 at 4:35 AM

I had just installed AdAware last night and tried to run free online scans from TrendMicro and McAfee, in addition to updating my virus database from Avira. TrendMicro wouldn’t install. THEN, today I get this SpywareGuard 2008. Since I haven’t installed anything else or visited any of those websites, I really wonder if one of these products was poisoned; just seems too coincidental. Unless it was somehow installed at some point and only activated by one of the above products. Why aren’t any of these antivirus and more anti-malware products on top of this??

Reply

Matthew December 16, 2008 at 4:57 AM

Spybot S&D worked perfectly, as expected. If any problems just run it in safe mode or at startup.

Reply

Kendall December 16, 2008 at 8:01 AM

Anyone have any ideas on how I can run the spyware programs. Everytime I get the windows error report screen or my computer freezes.

Reply

Char December 16, 2008 at 8:20 AM

I was finally successful with manual removal. It took several hours because the DLL files kept morphing into other names and I’d have to start from scratch every time I rebooted as it would reinstall itself. I focused on searching out *.dll files created today, and as soon as I found one, I SHIFT-DELeted it. Finally got them all, at least for this outbreak…

Reply

Marcus December 16, 2008 at 10:32 AM

Malwarebytes Anti-Malware cleared up everything! Sooooo happy! Tryit!!

Reply

Jim December 16, 2008 at 10:43 AM

I’ve been trying for hours on this one. Downloaded Malwarebytes Anti-Malware on another computer, transferred it to the infected computer via flash drive. But then I can’t run the installer. Tried extracting the files on the good PC, then moving the folder to the bad one, then uninstalling SpywareGuard, then quickly running Malwarebytes. Nothing doing. How can I get the bad computer to let me install the anti-malware software?
And now my display control panel has been disabled and my desktop picture is the Spyware Guard warning. Aaaagh!

Reply

ajith505 December 16, 2008 at 12:08 PM

I am struggling with this bull sh*t with last 2 days, and tried everuthing listed out here.. I am killing the processes spywareguard.exe and winscenter.exe from the task manager everytime it appears.
I already have McCafe with no use.. I installed MalwareBytes’ Anti Malware and SuperAntiSpyware( The rogue keeps on interrupting at each stages of installation. So I had to downlaod them from another machine, rename the setup exes, install them, and then renamed the main exe of the application. ) I ran both the application exes a couple of times. After these much, it is still coming and I am still killing the exe as write these comments.. Meanwhile, I have taken the backup of my machine in safemode.. Now as Char wrote, need to delete the dlls frm 2morro.. or else I consider writing a desktop app that deletes the malicious exes as and when they are created, delete the registry entries..

Reply

Kendall December 16, 2008 at 2:22 PM

Well I am still working to clear this virus but have found a way to get Malwarebytes Anti-Malware running. What I did was downloaded that and Norman Anti Virus with another computer and put them on a usb stick. Then went into safe mode and copied the files over to the infected computer. Now run Norman Anti Virus and it will scan your computer and delete some of the infected files….The biggest thing is…it will allow you to run Malwarebytes Anti-Malware (before it wouldn’t let me run the program)…so now that is what I am currently doing. I wanted to get this post up because I know how frustrating it can be because no spyware programs will run because of the virus. This should do the trick though.

Reply

Dave December 16, 2008 at 7:48 PM

Regarding Spyware Guard 2008 – SUPERAntiSpyware downloaded from this site worked first time for me. Just make sure you click the update button to get the latest updates (Dec 15) as there is specific files for Spyware Guard 2008. Was a nasty virus/malware. Someone should be put in jail – I heard they are tracking down the authors in Russia.

Reply

Rishi December 16, 2008 at 8:32 PM

Thanks to this page, I was able to eradicate the virus using a combination of methods. Basically, what I had to do was download SuperAntiVirus on another computer and manually move it to via a flash drive to the infected computer. I then renamed the setup file, and SuperAntiVirus was installed. I could not get it to run at all, but manually deleted some of the registry keys. I then noticed that SuperAntiVirus has an “alternate start” option from the Program menu which allows it to run even if the virus prevents it. It caught enough of the virus to allow Malwarebytes Anti-Malware to run, which got the rest of it.

Also, if you are on Firefox and you are noticing a lot of popups (even with the popup blocker on), that’s the early sign of the program. At that point, it’s not too late to download and install Malwarebytes Anti-Malware (my second computer also got infected by the same program – but I was able to recognize the signs early before it got too bad).

Hope everyone else is able to get rid of this! Good luck!

Reply

wayne December 16, 2008 at 9:10 PM

Smitfraudfix is not a removal tool. It actually installs more malware on to your computer. I learned this the hard way. I’ve tried Spyware doctor and it just reinstalls apparently on bootup along with another trojan whose name I forget (I’m at work now) It has removed enough malware so that I may now be able to run malwarebytes, before it wouldn’t let me open the insatll file. thanks for all the hints and tips everyone. Good luck to all.

Reply

S. B . Remmark December 16, 2008 at 10:25 PM

Help! Everytime I delete one of these files from Windows it regenerates within seconds. I can’t delete any of these files. The Super anti-spyware software seems to have the same problem. It lists the program as being removed and then when I re-boot it is still there.

Reply

Shanmuga December 16, 2008 at 10:39 PM

@ Wayne: “Smitfraudfix is not a removal tool. It actually installs more malware on to your computer.”

Smitfraudfix is a trusted software, certain components are flagged as malware by many antivirus vendors due to the nature of compression algorithm used, otherwise its clean.

Reply

wayne December 16, 2008 at 10:52 PM

Shanmuga
Well, whatever it is it did zilch to remove spyguard 2008. I think it was symantec that fingered it as malware installer.

Reply

Myka December 17, 2008 at 11:21 PM

My laptop caught this virus Saturday 12/13. I new something was up when I started getting weird pop ups. I updated my Norton Antivirus and did a scan…no luck. Dowloaded Adaware, tried running scans, Norton (I think or was it spyware guard messing with me?) kept saying I needed to restart. Well, duh…then adaware couldn’t finish the scan. Once I stopped being fooled by that Spyware Guard would somehow stop Adaware from scanning.

Found this site, dowloaded SuperAntiSpyware (do your best to stop Spyware Guard 2008 from scanning…and just focus on following the download and install process for Super Anti Spyware) Ran SuperAnitSpyware and it removed most of the Spyware Guard stuff.

I still had the ad stuck as my background and couldn’t change my display so I downloaded Malwarebytes and ran that. It removed the rest. Make sure to shut off you system restore at some point like this page says and turn it back on once your system is clean.

Reply

LEONARD M. ROTH December 18, 2008 at 2:41 AM

For the past 2 days I have been inundated with ads from Spyware Guard 2008 and from what is alleged to be from Microsoft Internet Explorer–Antispyware Scanner. It continually interrupts my use of my computer (even writing this note). I have Norton Internet Security and Norton Antivirus, wheich, I thought, was doing a good job. Is there any way to stop these ads? Please and Thank you. I am dying here.

Leonard Roth

Reply

Titto December 18, 2008 at 10:04 PM

I had to struggle several hours with this damn programm. But that is how I did it. I used the task manager to kill it as soon as it pooped up, deleted it everytime afterwards as soon as possible and at the same time ran Spybot search and drestroy as well as malwarebytes parrallel. First time I let them run the hole scan which deleted quite a bit. Then I restarted but still had problems. Then I deleted all files listed above manually and begann a second round of scanning. While I let the malwarebites programm run through the hole scan I canceled the Spybot scan ass soon as it found something and just deleted that. I repeated the process. After a second restart everything seems to be fine. Ok that was probably quite a crude method, but it did the job.

Reply

alison December 18, 2008 at 11:01 PM

So can anyone please help me? this spywareguard2008 is the f*cking worst! It wont even allow me to keep my computer on for more than 2 minutes, then it automatically restarts and the same thing keeps happening. It has gotten progressively worse. What can I do if I can’t even get my computer to stay on????

Reply

Shelby December 19, 2008 at 4:09 AM

Alright, my problem seems to be somewhat unique. Every time I boot up my computer freezes within 5 minutes, & that’s only if I stay in windows task manager & end the process every time it starts back up. I can keep it running in safe mode, & I have malewarebites on a flash drive, but my computer won’t recognize the flash drive in safe mode. If anyone has any suggestions, please, PLEASE tell me! I am at my wit’s end with this stupid thing, & it’s rendered my desktop completely useless. Thanks!

Reply

Anthony December 19, 2008 at 6:43 AM

Wow! after screwing with this thing for 2 days I finally got it doing just what everyone has been sayin. superantispy, malwarebyte, and killing winscenter and spywareguard . exe everytime it poped up in processes. The problem i am having now is i get about 30 error pop ups of a bad image .dll associated with almost all my program names. its a simple annoyance that is nothing compared to the spyware guard but if anyone has suggestions on how to stop this “side effect” I’d appreciate it.

Reply

Nily D December 19, 2008 at 11:00 AM

I also spent several hours battling this stupid thing. Here’s what I did:
- Googled for “spyware guard 2008 removal” and found Malwarebyte
- The spyware prevented me from going to this site. Intercepted browser and sent me to some porn site
- Downloaded Malwarebyte from another computer and transferred to via USB
- Cannot double click on the .exe.
- Renamed the .exe, and it installed malwarebyte, but couldn’t execute the program
- Had to run devmgmt to disable TDSSserv.sys
- Finally able to run malwarebyte. it scanned and found a bunch of files.
- Deleted and rebooted but the stupid thing was still there!!!
- Tried scanning again, while deleting spyware files and registry entries. Rebooted and still there!!
- Updated malwarebyte. There were several versions
- This time, left computer alone while scanning. It found a bunch of things.
- Deleted, rebooted, and it’s GONE!!!

I think deleting the files while scanning caused it not to fully work. I’m SOOOO happy it’s gone!

“Breaking rocks in the hot sun,
I fought the spyware, and I won,
I fought the spyware, and I WON!!!”

Reply

Adam December 19, 2008 at 2:20 PM

When this Spyware Guard 2008 first launched, I knew not to buy into it, but it kept coming, so I closed my browser. It think that was too late as the hard drive was doing its cranking noises by then, like if it was being scanned.

By this time (15 minutes or less) I knew something was seriously wrong, as I could not launch any of my spyware programs. So off to Google to do a search on this Spyware Guard 2008 and I stumble upon this web site, which is fantastic BTW!

I first tried to follow the manual removal of the bug, without any luck. The dang thing kept coming back up and doing the popup. This was occuring on both FireFox or Internet Explorer.

I had McAfee Security Suite installed but apparently they have not caught up to this bug yet. Of course this software and some of IE graphics capabilities were disabled by the bug. I stil had internet and the CD drives operatonal.

I did not try to download or install MalwareBytes and SUPERantispyware from the infected PC, I downloaded them to a flash drive on my laptop instead. Then I did the following:

1) renamed the **.exe for both programs on the flash drive before connecting it. I just renamed them with the word “not” in front of the files.

2) trying to install SUPERantispyware I was locked out because of Admin permissions, but that did work in SAFE MODE or as the Admin. I was stuck on that one.

3) I was able to install MalwareBytes when I renamed the file to notmbam-setup.exe and it worked.

4) however Spyware Guard 2008 would not let the program launch, so I renamed the launch file notbam.exe and then it worked. I ran a Quick Scan first to get it going.

5) like some of the others above, I just kept the task manager and stopping Spyware Guard 2008.exe when it opened as well as windows explorer open to the c:/program files/ and kept deleting SpywareGuard2008 folder everytime it spawned.

6) 20 minutes later the popups stopped and I was greeted with 385 rouge files found by MalwareBytes. I let it finish then I chose to delete the suckers. I then allowed MalwareBytes to log in and update the virus definitions. I ran it again and it found another 87 rouge files. Deleted those again and ran it one more time to be sure. It found another 2 files and I deleted those. I made sure the recycle bin was emptied and then a reboot.

7) this time I tried to install SUPERantispyware and it ran, so I proceeded to complete that and let its do its job. Found another 53 files and I deleted those and ran the definition update and did another scan. It found another 5 files and I was more than happy to get rid of them. One more scan for the road and it came back clean.

8) I tried to run Spyware Doctor but some of its files were corrupted and it would not launch. I ran Ad-Aware Personal Edition, did a difinition update and it found 123 files so I proceeded to delete those as well.

9) I ran Glary Registry Repair and it found 231 registries and orphaned files. Those were promply destroyed and one more system reboot. Clean and now signs of Spyware Guard 2008 and the hard drive is quiet and no longer making scanning sounds.

My challenge of anyone could help, it appears that Spyware Guard 2008 did something to my IE7 and McAfee Security Suite. I can not see any menu buttons when launching McAfee and on websites like http://www.weather.com or live.com, there are no active back ground images or I will get just placeholders on the website.

I tried launching McAfee’s Virtual Technician, but that wouldn’t launch. So going to Add/Remove software, I figured since I have my registration number for McAfee I tried to delete it and reinstall. No such luck, I get a bad Java script message.

I reinstalled IE7, but the problem still remains. Anyone else having similar problems with IE when going to some graphics intensive websites? I am sure Spyware Guard 2008 disabled or renamed some files so I cannot see the buttons on the McAfee menu screen. I could not even see those grahpic words you have enter to post these comments. Some form boxes and buttons don’t work either.

Help!

Reply

Adam December 19, 2008 at 8:31 PM

Just an update. I contacted the folks at McAfee and they suggested based on my experience to try IEregFix.bat, well I did and it repaired the registry files for IE which in turn fixed the menu in McAfee Security Suite. I am now able to sucessfully use both.

IEregFix.bat can be found here:
http://service.mcafee.com/faqdocument.aspx?id=TS100034&lang=en_US&prior_tid=18&AnswerID=16777216&turl==http%3A%2F%2Fkb.mcafee.com%2Finfocenter%2Findex%3Fpage%3Dcontent%26id%3DTS100034%26actp%3Dsearch

Hopes this helps any others with a hi-jacked IE browser after removing this nasty malware. To the authors of Spyware Guard 2008, I hope justice is swift and painful!

Reply

Yort Nhoj :) December 19, 2008 at 10:01 PM

Hey, I’m sooooo glad I found this site. I’ve been searching for help for like this last week. My XP laptop has this spywareguard2008/2009 (one or even both, I can’t remember) The devil program won’t uninstall, and it it reincarnates itself everytime I try to. I can’t figure out why people do crap like this. My laptop is in the country, away from all internets when not plugged in, and this program can still work. It shut me out of my desktop for a few days, but thanks to the IT at my school, that’s changed, but now I just got mcafee, and the devil program won’t let it update or anything. Also, when hooked to internet, this thing called “internet speed moniter” or something keeps giving me loads of trouble. I just want to be able to use my computer for Christmas…
I’m going to try to do what I see on this page, and hopefully it will work.
I’m at my school, so its superfrustrating to not be able to do everything while “safe” internet is available.
Please God, let my wishes come true…

Reply

BillF147 December 19, 2008 at 10:27 PM

Ive been fighting this thing for over a week…I tried Spyware Doctor, pay version…Always claims to clean it…Then it pops back withing 5 minutes…It also seems to be piggybacked to TDSServ…That wont go away either…

Worked with Spyware Doctor Help staff…Gave me a long list of things to do in Safe Mode(XP Sp3)…Claims to have cleaned it all up…Boot to Normal…LOL…Back in 5 minutes…

Oh yeah, Spyware Doctor does block it from popping up wanting you to buy every 5 minutes…Also, can no longer Print when Spyware Doctor is running…Keeps killing the Spoller!!!

Dont spend the 29.95 for Spyware Doctor folks…Dont work all that well…

Reply

aimtheflame December 20, 2008 at 7:19 AM

I just spent ten hours getting rid of this thing, but I think I’ve done it. I first downloaded and ran malwarebytes twice. It said it was gone, but noooo. So I found you guys and downloaded and ran super antispyware. I also turned off my system restore. and it seems to be gone. Granted, it’s only been about 45 minutes, but I’m keeping my fingers crossed. Thanks so much for all the input!

Reply

Mike H. December 20, 2008 at 11:58 AM

I WIN

I did have to use another computer to download the malwarebytes onto my flash drive, due to that sucker keeping me out of my internet browser, but had no problems installing it to my computer. So if you have problems durring the instalation process take the pros suggestions listed above. I also downloaded the SUPERAntiSpyware as well but both programs did little to help. I had the same problems as everyone else; running the programs, finding the bugger, deleting the infected Spyware Guard 2008 files, then to my dismay upon rebooting my computer or quickly running the other Anti Spyware 2008 program it kept returning.

Over and over. Hours wasted. ONE EASY SOLUTION:

UPDATE THE MALWAREBYTES PROGRAM!!!!!!

As soon as you can get it loaded open it up and click on the tab “Update”. Get all the updates nessasary and run the scanner in Malwarebytes. Then behold the many other files that it couldent detect before. Upon a requested reboot from Malwarebytes I had a sucessful boot with no more Spyware 2008. Im currently running bolth of the programs mentioned again with other anti spyware and anti virus software to make shure I have stamped out this bug once and for all.

So here is hoping that it is gone for sure but now my scanners from my programs are reading all clean. So after a constant battle for 13 hours I can now feel relief.

Good Luck Guys!

Reply

frustrated December 20, 2008 at 1:40 PM

I wish I had the same luck. I’ve turned off system restore and have run both SUPERAntiSpyware and Malwarebytes several times. I’ll run them and they will find problems, after the second time around they both give the all clear, but then after a restart, up comes the Spyware Guard 2008 windows and I have to do it all over again.

Reply

Law December 20, 2008 at 4:59 PM

click the update check, update malwarebytes then scan again. at last restart your pc, the malwarebytes will then delete some registry file. done

Reply

frustrated December 21, 2008 at 12:49 AM

Unfortunately I cannot update. Apparently it’s killed web access.

Reply

frustrated December 21, 2008 at 2:45 AM

Finally! (I hope!) I eradicated it. Somehow I finally got malwarebytes to run an update and it got it. 8 hours of hell finally over!

Reply

Chris December 21, 2008 at 9:09 AM

thanks to all of the input on this thread…i finally got rid of this piece of S%&T trojan. it took me three days.

i got it bad – couldn’t access any of the websites to download malwarebytes, avast or superantispyware. i already had malwarebytes downloaded on my comp but couldn’t run it. had adaware installed before i got the virus. i could run it, but couldn’t update it. adaware didn’t help at all. i was able to download the setup files for all of these programs from download.com, but couldn’t install them (no luck in safe mode either).

i finally located all of the files listed at the top of this thread and deleted them manually. i definitely think that should be your first step. i had an old version of hijack this previously installed. i couldn’t update it, but ran it anyways and it definitely helped and located some files associated with the bug. i was finally able to access the avast website, downloaded and did a boot scan. this really helped but didn’t get rid of the trojan completely. i ran malbytes in safemode but that didn’t completely get rid of it either. finally ran superanti spyware and that did the trick!

Reply

ohskool December 21, 2008 at 12:13 PM

When ever I get this dam program off my laptop, I am going to purchase a first class ticket to russia and beat down the MOFO or MOFOS who did this. This dam thing just want go away. it seems the more I try to get rid of it the more it Fu#ks with me. Now when I try to log back in to my pc CRTL-ALT-DEL It freaking freezes…. WTF.trying to run the malware instals up to 1% left then freezes. I have even loaded the malware on aother pc and just copy the files over to my pc. It trys to start then just fade away. I refuse to quit on this it has come down to me or the pc. so far the pc is winning. May just reformat the freaking thing could of been done 8 hours ago. Excuse me for bitching like a women, but I am about to start breaking things. Great advice guys I keep trying.

Reply

Kat December 21, 2008 at 7:31 PM

SUPERAntiSpyware Free Addition did it for me in less than a half an hour. I had over 1000 infections…42 with this horrible beast. MalwareBytes was so dang slow…2 1/2 hours and still scanning that I aborted and downloaded SUPERAntiSpyware and now I’m free!! Thanks for all the help on this site!

Reply

kyril December 21, 2008 at 8:14 PM

Thank you everyone for all your stories/suggestions. I finally figured out how to kill this thing. You *must* have access to an uninfected computer and either a flash drive or a CD (you can try using LAN, but I prefer to keep the infected computer quarantined).

Important things to note:
- Quarantine your computer from the Internet. Physically unplug your network cables. Do this immediately as soon as you’re aware that you’re infected.
- Don’t bother deleting the Spyware Guard 2008 folder or the winscenter file. They will just come back.
- Do kill the processes immediately whenever they come up.
- The malware may have all kinds of nasty effects, including but not limited to:
Blocking Internet access to sites where you can download things that will remove it
Blocking access to the IP addresses used by MalwareBytes and other anti-spyware programs, preventing them from updating
Preventing Safe Mode from booting up
Interfering with System Restore
Installing viruses continuously in various files all over your computer, even when you are not connected to the Internet
Hijacking your search engine so that clicking on links sends you to malicious sites
And many other worse effects as described above.

Procedure for removal:
1. Download malwarebytes AND the latest update onto your flash drive on an uninfected computer. The malware may prevent malwarebytes from updating itself (did for me).
2. Download SuperAntiSpyware.
3. Change the names of all 3 files. The malware may prevent execution of the files with their original names.
4 Install malwarebytes onto the infected computer. Install the update file. Change the name of the executable file for the installed program.
5. Run malwarebytes (Complete Scan). Stay with your computer, allow the scan to run all the way through, and kill spywareguard.exe and winscenter.exe every time they start up. spywareguard.exe will start randomly every 2-6 minutes and winscenter.exe will start once every 8-15 minutes. If you leave your computer unattended during this scan, it may install more stuff in places that were already scanned.
6. Delete everything it finds and let it restart your computer. Visible signs of infection should be gone, but your computer may still be sluggish. You’re not done.
7. Install SuperAntiSpyware and update it. The update should run properly. You can leave your computer unattended for this one.
8. Delete everything it finds. It is likely to find several instances of TDSSserv, among others.
9. Reboot. Run your preferred antivirus (Avast, AVG, TrendMicro) to reassure yourself that everything’s gone.
10. Your computer should be back to normal. If you like, you can run malwarebytes one more time to make sure no traces are left.

Reply

Sreekanth December 22, 2008 at 1:53 AM

Hi All,

It is very usefull thanks a lot . I am able get rid of this Spyware guard 2008 malware by using malwarebytes Anti-Malware did the trick. Thanks once again for sharing this information.

Reply

Ron Bell December 22, 2008 at 5:42 PM

My stepdaughter’s laptop has Spyware Guard 2008.

My questions are:

(1) How do I know that this site (malwarehelp.com) is not also fraudulent and in the business of spreading malware?

(2) If I do decide that this site is OK, which of the many sets of instructions above will work?

(3) A number of the above posts involve updating the Registry. I don’t know how to do that. Is there somewhere that will teach me?

(4) Since we have backed up all important data from the laptop, my inclination is to reinstall the OS. However, I’ve no idea how to that either. Do I need access to a CD that came with the laptop? If so, I suspect my stepdaughter has lost it.

Reply

Chiqui Abello December 22, 2008 at 10:33 PM

This hit my stepduaghter’s PC yesterday and I spend a good hour battling it, but I think I got it under control (except for the fake Security Center window). I’m in I.T. and have had some experience at things like this before so once I realized what was happening, I wen to another PC, printed out a list of the files and reg keys that were affected and rebooted the infected PC. I immediately ran HijackThis, looking for some of the offending files to delete and removed them. I also deleted the offending files from the Windows and Program Files folder and immediately shut down the PC by pressing the power switch. When it came back up, I had more control over it and was able to remove the rest of the malware via regedit and the usual anti-virus software (which I updated manually and finally detected it).

Reply

Drew December 23, 2008 at 9:51 AM

I’ve finally cleared this evil mess (spyware guard 2008) from my daughters computer. It wouldn’t let me access the internet. I suppose by bogging it down. I disconnected the infected PC from the internet. I downloaded Super Antispyware from the link on this page to my uninfected laptop and transfered it to my infected PC via flash drive. I had to rename it (I just put an A in the front of the name) because the virus wouldn’t let me install or otherwise. In fact I had to rename the application in the same way to launch it. I ran a quick scan that found over 1000 trojans, adware etc… this didn’t kill this virus after the reboot so I did a full scan. While it scanned I used the task manager to stop this spyware guard 2008 virus when it launched each time. Task manager is accessed by cntrl+alt+del. The vurus loads itself every few minutes and can hang or disable the scan in progress. this took about 3 hours last night but cleared out another 40 threats which still didn’t kill this awefull virus. But it did allow me to now reboot the PC connected to the internet. I updated the Super Antispyware’s latest definitions and ran another full scan this morning. still quiting the spyware virus as it kept trying to load. (see Adam’s notes of dec 19th on this thread ……. same thing) Now after the reboot it’s finally gone!! (I hope) I ran another scan and found a few more things. Thank god for this site !!!! Thanks to all of you for posting !!! This malware virus is very brutal … many times I almost launched this computer out the window if it weren’t for the fact that these threads gave me a clue as to what it takes to kill this virus. I hope the scum who created this will get whats coming to them. I had also loaded the malwarebyte’s software and it would have been my next thing to try if the Super Anti Spyware didn’t work. Just a note that I tried to manually remove the files and registry keys myself via running regedit etc but none of that worked for me. It took days and days to finally clear this mess. Another thing to note is that the computer had to reboot a few times before it would successfully get to windows again. my patience paid off with a nice clean and fast PC.

Reply

Ginn December 23, 2008 at 2:52 PM

I attempted Kyril’s method of removing the virus. In my fatigue, having spent the last several hours trying to deal with this BS, I stupidly forgot to change the name of the executable file for malwarebytes after successfully installing the program with a changed name. (Read those instructions carefully kids!) My computer froze and then I was not able to start windows. It got to the log in screen and would not proceed any further… these Russian hackers really know how to give a guy a headache. I managed, oh so thankfully, to start windows in safemode and right now I am scanning the computer with malwarebytes… 105 infections so far. Interestingly, Spyware Guard 2008 and the programs associated with it dont seem to be opening in safemode. Is it possibly advantageous to go through this process in safemode? Will I encounter further problems because of this?

I might add that I dont know a damn thing about computers and have had to just allow myself to be led to this solution by all of you wonderful, knowledgable people out there. Thanks so much for the support.

Reply

Gina December 23, 2008 at 10:03 PM

I am also infected with both virus’s. I downloaded both malwarebytes anti-malware, as well as superantispyware. Changed names of both by adding ‘not’ in front of the files. Installed. Tried to update, but one of the virus (looking like it is trying to pass itself off as my windows update firewall program) keeps denying me access to updates. I tried to shut it off (thinking it might actually be my windows update program) by going to start/run/firewall.cpl, and it shows that my windows firewall is NOT even on.

I can NOT get the updates by going through the program. Is there somewhere online that I can update the 2 programs above? So far, I still have internet access.

Reply

viv December 24, 2008 at 2:35 AM

This Spyware Guard 2008 came to my sister’s laptop this morning. She tried many anti virus soft wares but non of them caught this Spyware Guard 2008. So I have tried MalwareBytes and it worked fine. Just install it and update the MalwareBytes and run a quick scan. It will find all the infected files, select all and remove it and you might have to reboot your PC. Once rebooted, its gone. Everything is running normal. If you want, you can run again to find any missing Trojans. I hope this help others.

Reply

Anonymous December 24, 2008 at 6:48 AM

I have the malware byte software in my desktop, but it wont run. I tried everything! Including changing the name of the file, but it still doesnt work!
How am I supose to delete this virus (spyware guard 2008) if it wont let me excecute the file!!!
HELPPPPPPPPP

Reply

Greg December 24, 2008 at 8:08 AM

Not a single thing any of you have suggested has worked for me. Please help me out.

Reply

Lonnie December 24, 2008 at 2:40 PM

I can’t get the Malware installed. How do you run the update?

Thanks for the help.

Reply

Jeff December 24, 2008 at 7:13 PM

It took 2 – 3 days, but I got rid of it. First, get Malware and Superantispyware on your computer. Use an uninfected computer to download and put them on a disk or thumb drive. Then put them on your computer. Open them from there. I had to run them several times before they finally worked. Don’t give up!

Reply

MIke December 24, 2008 at 8:35 PM

I ran both the Superantispyware and Malware and got rid of 99.999% of it. Superantispyware will get rid of the “Spyware Guard 2008″. What it does not get is Vundo Trojan. I believe that is the root of all my evils.

I did not have to download the programs to a second computer but from what I have read here, I may not have had the problem to the same extreme as others.

How I did it was;
1) Downloaded and installed Superantispyware and Malware

2) Got the automatic updates for both.

3) Disconnected my PC from the internet

4) Rebooted and ran Superantispyware twice. One thing I did for Superantispyware was to select EVERY configuration item. The default does not look for Memory infections.

5) Ran Malware twice.

I have one Vundo registry key item left in HKEY_CLASSES_ROOT\CLSID I need to figure out how to get rid of but life is much better.

Couple notes.
1) LET THE ANITSPYWARE have your system. Shut down everything and stay off the computer while they are running.

2) During the first cleaning phase of Superantispyware it shut down a SYSTEM file invoking a mandatory reboot of Windows. I let it go and things were fine. I even got the Blue Screen of Death once. My system rebooted itself and all is good.

Using these two programs is FREE and it only costs you time. They do appear to work.

Reply

scumbusters December 24, 2008 at 10:48 PM

If (spyware guard 2008 ) is on your system this will help get rid of it fore XP first go to reg edit /HKEY current user /software/rite click name of spyware when you find it/ go to the permissions fore that bug then set to off then rescan in safe mode. If you ever meet a malicious programmer right away just stab them in the eyes with something sharp , its funny as hell and they never do it again . lol Merry Christmas !!

Reply

Luministics December 25, 2008 at 1:57 AM

After an allnighter trying to get this figured out. I think we are finally there. We tried everything suggested here to no avail. I could not get Malwarebytes to install, even after changing the name of the executable file. Symantec was a wasted phone call because because it was impossible for them to get into m machine.

Here’s the solution so far. Operating in Safe Mode, go to Device Manager and click on View and select Show Hidden Devices. Scroll down to TDSSERV.SYS. Right Click and disable this.

Restart computer when prompted. Restart in Safe Mode.

Install and run Malwarebytes. We are currently doing the first scan.

This information came from a small local computer repair shop called Computer Renaissance in Timonium, MD and was a no charge information phone call. It is amazing that NO ONE from symantec has this information. If Symantec was able to get into the machine and fix the problem, they wanted $100 to do it.

Reply

Peter December 25, 2008 at 2:56 AM

Guys, do not waste your money on SpyHunter software. It does not work and seems to slow down your machine. the SuperAntiSpyware free version would get rid of the Spyware Guard 2008.

BTW, I have McAfee security software but it does not protect the computer nor prevent Spyware Guard 2008 to override it and take over the computer. Any one also have McAfee? I think I should do business with another company instead.

Reply

Jennifer December 25, 2008 at 3:49 AM

I just want to think everyone for their suggestions! This program has definitely been a pest and I have relied on all of you to help me out. I couldn’t get Malawarebyte and Superantispyware to run and install on my computer. Thanks to the person, I forget who, that mentioned that SUPERantispyware has a way to install it via the program menu. I was able to get it that way and now I have been scanning it and it has been finding it. I’m going to delete the files, run malawarebyte and my own McAfee. I also plan to clear the system restore point and double check to make sure it is all gone. Don’t give up people! Best of luck to everyone dealing with this crap. Happy Holidays!

Reply

Anonymous (Mo) December 25, 2008 at 4:21 AM

I spent several hours trying to remove it; finally the one program that did it for me was the “not a recommended software” (edited by Shanmuga)
Good luck

Reply

Anonymous December 25, 2008 at 6:39 AM

I downloaded malware bye and super antispyware software from another computer – saved it on usb drive and loaded on the infected machine when the infected machine was in safe mode. However, I am not able to execute any of these two antivirus programs. It seems like spyware guard 2008 blocks execution of these two files. I was able to install other antivirus programs that don’t work with success but none of these two. How can I execute malware byte and antispyware program on the infected computer?

Help !!

Reply

Jennifer December 25, 2008 at 8:25 AM

To those who are having trouble running the antispyware programs. What I did is I went to the folder where I put SUPERAntiSpyware program, in my case it was on my USB flash drive where I had the program. Then, I opened that folder, I got there by going to “my computer” and then inside the superantispyware folder is something called “RUNSAS” and it has a beetle-like creature as the icon. I clicked on that and then I was able to install superantispyware. I did a scan, quarantine and removed programs, restarted my computer because it was required and then went back to “manage quarantine items” and completely removed everything. Then I opened it again and this time I updated it and then did another scan. I’m spyware guard free now!! I hope this helps.

Reply

kevin December 25, 2008 at 8:31 AM

I tracked down the freak who is behid this software. He is from Ukraine.

If you Click on Get full time protection It will take you to a website
Domain name: sgproductm.com

Name servers:
ns1.sgprdns1.com
ns2.sgprdns1.com

Registrar: Regtime Ltd.
Creation date: 2008-12-18
Expiration date: 2009-12-18

Registrant:
Pavel Misevski
Email: [email protected]
Organization: Private person
Address: Tavcarjeva 103
City: Sempas
State: Sempas
ZIP: Sl1357
Country: SI
Phone: +386.14833622
Administrative Contact:
Pavel Misevski
Email: [email protected]
Organization: Private person
Address: Tavcarjeva 103
City: Sempas
State: Sempas
ZIP: Sl1357
Country: SI
Phone: +386.14833622
Technical Contact:
Pavel Misevski
Email: [email protected]
Organization: Private person
Address: Tavcarjeva 103
City: Sempas
State: Sempas
ZIP: Sl1357
Country: SI
Phone: +386.14833622
Billing Contact:
Pavel Misevski
Email: [email protected]
Organization: Private person
Address: Tavcarjeva 103
City: Sempas
State: Sempas
ZIP: Sl1357
Country: SI
Phone: +386.14833622

Reply

Luministics December 25, 2008 at 9:52 AM

In my earlier message on here today, we were running Malwarebytes and the scan went well. We updated to the most current version and ran it again. It found additional items to be removed. We then downloaded Superantispyware and scanned twice. It seems as though we are virus free at this point. Thank you to everyone who is contributing in here. Between this forum and a phone call to a local computer shop, we got the problem fixed and Symantec had no idea how to get this resolved.

Thank you and to those of you who this is appropriate, HAPPY HOLIDAYS!!!!!!

Reply

shoba December 25, 2008 at 10:54 AM

Thanks to all of you..i spent the whole day infront of my laptop…and tried malware byte after reading this forum…and now it seem to have gone..i searched for the files with spyware phrases..and found one..manually removed it…

This is very helpful..have a great xmas and new year!

Reply

Ginn December 25, 2008 at 2:19 PM

Finally managed to destroy it! Yay! Im delighted. If you’re having trouble – listen to luministics advice. Run Windows in safemode – use safemode with networking to access updates for malwarebytes and SUPERantispyware. Thanks to all who contributed to the solution.

Die Pavel Misevski!

Reply

wozcat December 25, 2008 at 5:34 PM

yes same as, followed the instructions above used superantivirus. in safe mode got the updates all clean thank you very much, what a horrible virus spywareguard 2008. when he or them are caught bring them round my pad i want to repay……they will be counting the fingers they havnt got..
good support /community

Reply

wozcat December 25, 2008 at 7:34 PM

dont forget to turn your restore point back on after all is clear….

Reply

Dorian_NYC December 25, 2008 at 8:40 PM

I too have been at my wits end with this thing … just when you think it’s gone it comes back … its on two of my systems what I was able to do regain control of my systems was at the command prompt one I deleted the bad .exe files I created my own versions of the .exe files by creating a blank file with the same file name and then I changed it’s attributes to system, hidden, read-only.

At this point I was able to get back control of the systems and will be doing more of the clean up …

Reply

andy December 25, 2008 at 10:45 PM

I tried Superantispyware and Malwarebytes with no result.
Even with the latest Updates the Spyware Guard Window came back
after a few minutes.
Installing the Superantispy and Malware Software was no problem.
Also I could run the Updates as a normal User.

I tried than the 30 Day`s Kaspersky Security Suite with the newest Update.
After scanning my System with the “normal fast mode” the Virus was
found and deleted. (But only for 3 minutes!)

Than I run the Detail Mode and rebooted the computer, AND !!!

IT`s GONE

Thank you for all your useful Help

Reply

Anonymous December 26, 2008 at 1:37 AM

i had to deal with this piece of shit software today. what an annoying piece of crap! good job finding out who the shithead behind it is. i hope somebody whacks him. merry christmas.

Reply

satya December 26, 2008 at 3:33 AM

Most of the posts that said “SUPERAntiSpyware” is it the FREE Edition that you guys are soeaking about ?

I ran the scan with MalwareBytes’s Anti-Malware 2-3 times in safe mode … it has deleted the corresponding files … but i still get the notifications from this rogue

Reply

Jason December 26, 2008 at 4:16 AM

I am finally free! I tried deleting the files manually, but this method did not work. Follow the advice that is listed above. Download SUPERAntispyware and Malware Bytes and be sure to get the updates for them. I had to do this through Safe mode with networking at a friend’s house, as the virus had completely shut down my Internet. I ran both programs twice, including a “full” scan for each.

Now the bug is gone, but some of my Internet programs seem to be missing graphics! Has anyone else encountered this problem? What can I do to fix this last Christmas present from Spyware Guard 2008??? I can’t even pick up the wireless Internet signal at my parents’ house. :(

Reply

Steve December 26, 2008 at 1:08 PM

So, it’s nice to know that someone has tracked this freak down. I’ve tried everything here, and can’t get anything to work on the 2nd of 2 computers. The first one I did a repair/install and on the first bootup I ran spybot. Then I finally got rid of it, but it was a 3 day process. I can’t figure out what the very first file runs that always keeps recopying the wincenter, spoolsystem and vmreg files.

Here’s a thought… lets find this guy in the ukraine and skin him alive…. then spray him down with a spray-on bandage, or soak him with iodine. That would teach him….
;-)

Reply

diva December 26, 2008 at 1:16 PM

i haven’t tried safe mode and i’m kinda worried to. i’m worried that the files/folders i do have that i NEED will go poof on my my pc from this hunk of crap! i’ve never in my life gotten anything like this. i can’t even get online with firefox because this thing has now blocked my net. if not for my laptop i’d be computerless right now. even my norton has been disabled because of this thing.

even when i first got it i tried all the above things and they did not work. this thing blocks them all out. i even renamed them as suggested and nothing. i’ve put them on my laptop..ran them.. updated them and then put them on disk and put in my pc and clicked to run from the drive and they will not run! superantispy keeps giving me an error that it has to shut down. malwarebytes won’t do anything just sets there.

if i go into safe mode what will happen? will i lose anything at all? what if i transfer my documents folder to an external hard drive and just trash this whole computer as a lose? will that folder be infected at all? i’m at my wits end here. i have no money to let someone else fix it, not money for a new computer and i run a business from home with it. i haven’t slept in like 2 days trying to get this thing fixed and i can’t. i’m so sad and i hope this fool that has done this gets everything and more handed to them!

Reply

Me December 26, 2008 at 3:01 PM

Kyril,

God bless you. It works the way you’ve said.
I’ve tried all the methods described before you, and none of them worked.
But, your solution is perfect.

Finally got rid of this nightmare.
I recommend everybody to do so.

Merry Christmas to you all.

Reply

Bill December 26, 2008 at 10:35 PM

You need to run the computer in Safe Mode, then run Malwarebytes or Superantispyware a couple of times. Should completely remove rouge spyware.

Reply

Anonymous December 27, 2008 at 12:01 AM

My mother in laws computer has been infected with this thing really bad. I have tried everything and nothing works. The computer will not open past the welcome sign 2 out of 3 times. when it does come up i have to press ctrl alt dlt just to stop this thing. i downloaded the malware to a usb drive, changed the name, etc and I cannot run it on the computer. I downloaded from my laptop and tried to download to her pc. I can’t get anything to work. It is disconnected from internet and I am ’bout ready to throw it out the window and tell her to buy a new one. any suggestions on what to do please email (email id removed) or repost a response. thanks for all the help. i’m not ready to give up. yet.

Reply

stephen December 27, 2008 at 12:52 AM

YES! AT LAST that little Fu@Ker is out.
Started the computer in safe mode, downloaded and ran mbam, had to reboot and its gone, been fighting it for the last two days. Thanks to this web site, came across it this web site this morning and thanks for all the tips.
I have Symantec antivirus, not worth a crap against this, even though it caught it, after every reboot it popped up again.
Malwarebytes did the trick

Reply

Gary December 27, 2008 at 2:39 AM

I have this same damn infection. It is quite frustrating. I have tried Kapersky (which finds the issue but won’t allow quarantine) even told me it would be cleaned after reboot. That was a load of S*&T it came right back. I had to try and get rid of it on my own. I started by looking at processes and services (tried to identify if a port was in use for the software by using aports.exe) it shows NO ports and is useless while infected. It creates a shortcut to that bogus Spyware Guard 2008. I located the target of the software location and deleted the contents of it and then changes the security properties on the file to allow NO write access (not even from the system). Well it quit replacing the files because it couldn’t wire to that folder. I then attempted to edit the registry and at least break it so it couldn’t work until I could find out how to get rid of it. But now instead of screwing with all that anymore, I think I will (thanks to this site) try what has worked in the other posts mentioned. I hope it works I was about to re-format the drive and install a UNIX OS and just give Winblows the boot for good and may still do that. But for posterity sake, I am going to give this info a try and see if I can declare a WIN over those jackasses that crafted this piece of crap application.

Reply

Lonnie December 27, 2008 at 2:45 AM

Finally got it removed!

I used Malware Bytes and SuperAntiSpyware.

Make sure to have the task manager open and watch it closely. Sort by name so it is alphabetical. As soon as spywareguard.exe or wincenter.exe opens close them immediately. They will continue to open during the install of the 2 programs.

Download both programs from another PC. Rename both downloads. Copy to infected PC. I installed the renamed MalwareBytes first. During the install I did not install to the default folder but changed it to a different folder. I also changed the name during the install. After it was installed I went to the folder where it was installed and changed the name of the executable before running it. Make sure to end the process of spywareguard.exe or wincenter.exe during the install. Run the program from the folder it is installed to and do not click on the desktop icon. I ran a quick scan using Malwarebytes and it foundsome files and deleted them. I rebooted then did the same thing as above using SuperAntiSpyware.
Once I ran the quick scan using both programs I was able to update Malware Bytes and then I did a full scan. After a full scan using Malware Bytes i was able to update SuperAntiSpyware and then ran a full scan.

I am now accesing this site from the previously affected PC. The Spywareguard use to blockit but not anymore.

Run the quickscans first. Run the programs several times each and update them.

Hope this helps. This site helped me.

Reply

S & B December 27, 2008 at 4:18 AM

We got infected on Tuesday. Have been struggling for about 4 days now. Thanks to this web site; we have hope now.

We downloaded both Malwarebytes and SUPERAntiSpyware. Have been able to update both (after several failed attempts). We just ran the quick scan. Plan to run the detailed scan with both once or twice before logging in in the normal mode.

Is there an organization (the internet police ??) we can report this guy to ?

Thanks for everyone’s comments and suggestions. Every single tip seems to have helped.

Reply

Anonymous December 27, 2008 at 4:54 AM

NOTHING WORKS! i’ve done all of the suggestions here. renaming,going into safe mode everything and it will not take this off my PC. i can’t get ANY of the above malware items listed here to run, install or anything while in safe mode. i just am at a loss and i guess my computer is officially been hickjakced and ruined by this thing. i don’t even want to be online with my laptop at this point. scared i’ll get it on here.

i hope whoever made this burns in the fires of hell!

Reply

Win on December 26 December 27, 2008 at 5:11 AM

Some christmas…stayed up until 2 a.m. just trying to solve this computer problem on my son’s laptop. The “Guard” had grown so bad, the computer froze immediately after logging on. No option to do anything…other than pay the ransom, of course. (No, of course, I didn’t.) Got to say……..THANK YOU TO THIS WEBSITE, but for you, I’m not sure I would ever have been able to redeem this laptop.
By nine a.m., I was at least able to get on through safe mode. (Yes, I had tried safe mode a dozen times last night…but to no success.)

Luministics, your two posts really saved my butt. And I mean, I had to work fast to turn off that sucker because the safe-mode thing kept popping up and everything else went down. I had maybe 20 seconds to get there, disable that thing, and then…WHOOPEEE…the version of malwarebytes is now scanning.

Thank you…..
I’ve got more work to do.

Reply

caro December 27, 2008 at 6:46 AM

This website is GREAT! Thanks very much! Just one thing:
I have removed virus/Spyware Guard from my computer but it still takes really long to start up. This started with the virus. Does anyone have any idea why this is happening or how to fix? Thanks a lot :)

Reply

Nicole H December 27, 2008 at 10:54 AM

My mom’s work laptop was infected with Spyware Guard 2008 after downloading driver data for her new Bluetooth mouse from the Logitech website on Christmas. she was lucky enough to identifiy it as fake immediately, disconnected from the internet, and countered it with her anti-virus programs. Unfortunelty, done of the programs she had already installed would successfully delete the virus, since it multiplies roughly 3 times every minute and it’s useless to even manually remove the files unless you force quit the program every time it restarts (which is roughly 3 times every minute). She finally managed to delete it by downloading the free Malewarebytes malware remover, letting it run it’s can while manually terminating the spywareguard.exe file every time it executes via the Windows Task Manager; then, once the scan was competed and the virus was detected, she had Malwarebytes quarintine and remove it before restarting her system. After rebooting, Spyware guard 2008 was not running anymore, and she then ran SUPERAntispyware to remove the last of the hazordous files from her system. So far, everything seems to be back to normal. As her 15-year-old daughter, I actually found this whole ordeal quite educational concerning how computers and virus work!

If you have any questiosn about how we removed the malware from her laptop, feel free to email me and I will pass the question along to her. Good luck with your war against malware, everyone!

Reply

S & B December 27, 2008 at 11:58 AM

Well, an update from us. Looks like Malwarebytes and SUPERAntiSpyware took care of it. Didn’t do anything new. As everyone else
(1) Dowloaded the setup program onto a flash drive from a ‘good’ computer.
(2) Changed names
(3) Unpug infected PC from internet
(4) Log onto the infected PC in safe mode
(5) Install these two
(If u have problems just keep trying; log on via ‘safemode with networking’ and try. If PC hangs just turn it off and try again. try all combinations; don’t give up)
(6) Run quick scan with both > one after the other, rebooting inbetween.
(7) Reboot and try the full scan with both (reboot inbetween)
(8) Repeat above steps again if you feel you need to until you get a clean run
(9) Try logging in, in the normal mode.
(a) Connect to net
(b) First open task manager and sort processes by name; keep window open
(c) Quickly open malware bytes and try to update
(d) Keep closing the window and deleteing process of the virus as the appear
(e) If it looks like virus is in control, just turn off PC and try again from step 4

Eventually you will be able to get rid of it. You may have to try several times. Read all the posts here. Don’t let it win.

Reply

S & B December 27, 2008 at 12:03 PM

TO THE MODERATOR

Dear Mr.Shanmugam,

A million ‘nandris’ (Indian word for thanks) for your website and all your efforts. We will be ever thankful to you and to the company that are allowing us to download the software for free. But for you all many of us would have been in really trouble. This website definitely has made the world of computers a better place !!!

Thanks and happy holidays.

Reply

Rick December 27, 2008 at 11:21 PM

OK people, here’s how it got rid of this rotten bastard. Malwarebytes software will totally get rid of this but you have do jump through a few hoops to make it work. This devil software will try to prevent you from removing it at every step so this is what worked for me.
Download Malwarebytes tool by any means necessary. The infection will try and prevent you from going to any antispyware site thru your browser. You may have to copy and paste addresses instead of using links as your browser will send you send you to bogus sites. You may have to download it from another computer and sneaker-net it to your machine.
Put the Malwarebytes .exe on your desktop and rename it (whatever.exe).
When you double click to install chose an alternate location from the default (C:\sometempfolder). It may hang at the end but that’s OK. Close the installer window and go to your (C:\sometempfolder) and rename the mbam.exe to something else (whatever.exe). Then bring up task manager (Ctl-Alt-Del) and go to processes and disable TDSSserv.sys. That process is what prevents (whatever.exe) from running.
Now launch whatever.exe from your new folder. Do the Malwarebytes updates for the program and scan. You may have to reboot and scan 3 times to get everything.
Hope this helps.

Reply

Mick December 28, 2008 at 1:43 AM

Thanks to this web site and all the contributors I have also (almost) beaten this malware. I followed the advice of Luministics and I finally seem to have got rid of the virus after two days of battles. My only problem now is that in IE none of the graphics load automatically. Has anyone come across this problem before?

Thanks also to SUPERAntiSpyware and Malwarebytes

Reply

James December 28, 2008 at 2:49 AM

AHH! My computer has been infected with this BS for a couple of days now. I downloaded SUPERAntiSpyware AND Malwarebytes onto a USB drive, plugged it into the infected computer and it STILL won’t work, I ran Norton Antivirus scans in Safemode AND normal mode. F**k I hate this f**kin thing.

Reply

James December 28, 2008 at 2:51 AM

Also I forgot to mention the computer refused to run Malwarebytes AND SuperAntiSpyware.

Reply

Chuck December 28, 2008 at 4:11 AM

Thank God for this web site; I was clueless. Thank you all who suffered, and especially those who succeeded and shared .
My next question is: Why haven’t the big-boy paid-antivirus companies already solved these problems? We pay good money and apparently Norton, McAfee, and the other big companies who brag about their quick responses haven’t had time to get to this scum during the holidays. I put my trust in them, but it seems I’ve just been lucky. Luck is not how I like to do business.
Back up your valuable files and keep your powder dry!!!

Reply

FRUSTRATED December 28, 2008 at 4:18 AM

Well, I downloaded malwarebytes on another computer, saved it on a flash drive, and transferred it to my infected laptop. I was able to get it installed in safe mode, and it began scanning. I left the room for a few minutes, came back, and found my computer dead. Apparently, the power chord had been knocked out of the wall. I restarted it and attempted to redo malwarebytes again, but now it just won’t work at all. I tried reinstalling the program, but the installation freezes on the finishing installation screen. I also tried doing the same thing with SUPERantispyware, but it refuses to even work. Please, somebody help me, I am about to A) throw my computer out the window B) buy a first class ticket to Russia and beat the shit out of the fucking loser that invented this shit, or C) do both. The most frustrating part is that I almost had it. This thing is ridiculous.

Reply

Clean Computer December 28, 2008 at 6:25 AM

THANK YOU! Malwarebytes’ Anti-Malware WORKS! I downloaded it to a stick on my laptop that is virus free. I expanded it on the stick then renamed it fool.exe. Ran it on my infected computer in safe mode first, it cleaned most of the virus. Then loaded it on the C drive and ran it and it cleaned the rest of the virus up.

Bob

Reply

Robert Rivera December 28, 2008 at 6:37 AM

my computer has spywareguard 2008 and I am doing whatever I can to get rid of it. i don’t know much about computer. i just need something that will get rid of it. how? everytime I try to download an antivirus, spyware removel, or even go on there website it won’t let me. I even try download an antivirus on my girfriends computer saving it to a thumb driving and putting it on my computer. that won’t work…help

Reply

vvroooom December 28, 2008 at 8:51 AM

If you are reading this up to this point, you are most likely a victim of this pain in the b**t allegedly Russian-made virus that’s so persistent and annoying. Luckily, with the help of this great .org site and the concerned people that support it, you can resolve this nuisance.
What Adam stated on Dec 19th, Kyril on Dec 21st and S&B on Dec 27th are pretty accurate and comprehensive. Just read it all, over and over again until you absorb the logic behind the removal process.
This virus got into my XP system about a week ago unconsciously. I still do now know how I acquired it and it’s a bit embarrassing since I moonlight as an IT tech support guy. I’ve been suffering since then but finally got this out of my system thru this site.
I felt bad that my Norton Internet Security 2009 that I just bought and installed a month ago FAILED to capture this virus/trojan. I do run their LiveUpdate almost every day and pretty conscious when I open emails and read flash drives. I also spent two hour with Norton’s Live Tech Chat but as was not able to resolve it. They want $99 and said that they will “try” to directly connect to my infected PC and fix it, but no Guarantee. I didn’t bite on it this time. I was always been a Norton user and believer for decades. Unfortunately and it’s sad to say that my confidence level with their products now are fully diminished. From other responses above, McAfee, Trend Micro, Avast, etc also did not prevent the penetration as well.
Bottom line, my PC is now fully cleaned (I hope) but it took almost a whole day due to redundant re-start to safe and normal modes plus the running of both quick and full scans of Malwarebytes and SUPERAntiSpyware. Then it finally followed last by a full scan of my idol, the Norton Anti-Virus and Anti-Spam program!
Assuming a regular Windows Update and regular anti-virus update, I am just wondering how can we prevent something like this in happening again in the future? Any advice from the gurus out there?
Best of luck to you all!

Reply

Happy At Last December 28, 2008 at 10:47 AM

Thanks to all of you who have contributed to this web site. What a life saver! We have been battling Spyware Guard 2008 over the past 2 days on a computer “protected” by Mcafee antivirus software. Spyware Guard had Mcafee in its back pocket!

We picked up bits and pieces from the various postings on this site and here’s what worked for us:

– We have 2 computers at home so we downloaded the Malwarebytpes & Superantivirus programs onto a flash drive from our ‘functioning’ computer making sure to update the programs. I changed the names of the files.
– We then disconnected the ‘sick’ computer from the internet and started it in Safe Mode.
– I used the 2 programs from the flash drive to scan the ‘infected computer’ and quarantine the infected/corrupt files. I started with quick scans and progressed to complete scans. I did make sure to delete any infected/quarantined files from the computer altogether by even emptying the recycle bin and searching on explorer for any signs of “Spyware Guard” in the files and folders on the computer (C Hard Drive).
- I was eventually able to start the infected computer in normal mode and run the 2 programs to completely get rid of the Spyware Guard files. After I reconnected the comuter to the internet, I let Mcafee have a scan and it found no signs of any infected files.

Good Luck!

Reply

corinne December 28, 2008 at 11:06 AM

I tried for 3 days and this is how you do it.

first of all download SUPERAntiSpyware the free version and put it on your desktop.

then restart your computer and start hitting f8 to make it go into safe mode. wait while it loads only the necessary files

then on the desktop double click on the superantispyware icon and let it run for hours. and then follow the prompts making sure all checkmarks are there when it finds the buggers.

Walla your comuter is fixed…yeah…. now reboot and ahhhhhh

the trick is doing the scan in the safe mode.

Reply

Rodney December 28, 2008 at 12:17 PM

Omg. This virus is killing my computer. I tried downloading SUPERAntiSpyware, but the moment I try to run the setup, its shut down. Same thing when I try to drag it over via USB. What can I do? X_X

Reply

larry December 28, 2008 at 1:05 PM

should i enable TDSSserv.sys after deleting off the malware or just leave it alone?

Reply

Rick December 28, 2008 at 7:54 PM

You should not have TDSSserv.sys after you get rid of the virus.
Also you don’t have to do all this safe mode stuff, as long as you rename the Malwarebye’s software exe’s and stop TDSSserv.sys before running the program.

Reply

Danny December 29, 2008 at 2:13 AM

I too tried everything with this rouge spyware and believe me……just download malwarebytes anti-malware and it totaly got rid of it . I didnt want to believe that my programs couldnt get rid of it. But i sucked it up and tried something new. Thank you Malwarebytes!!!!!!!!!

Reply

Riley December 29, 2008 at 9:00 AM

Well, we first noticed this about 4 days ago. We got it on our slower computer, and we tried downloading the set up files for malwarebytes and superantispyware onto our good computer, then copy and pasting the files onto a flash drive, and then installing them onto the infected computer. The first time, malwarebytes did nothing, and SAS quickly went to a “Send Error Report” pop up. So I repeated the process by downloading them each again and copy and pasting them again, and, that time, malwarebytes finished installing up until the bar was full, and just stopped. I left it alone, and it went to my screen saver, and I brought the desktop back, and it said it was finished installing. Though I checked the box for “start scan on completion” or whatever it was, nothing happened, even when I tried running it from the start menu. And SAS did nothing but start installing for a second, and then said “The administrator has settings which will not allow this to install.” an it closes down. I repeated hte process one final time, and it was all the same, except malwarebytes stopped about halfway through this time.

I really want this off my computer. Any ideas?

Reply

Rick December 29, 2008 at 9:14 AM

Malwarebytes anti-malware will totally rid you of this nightmare. Some have posted that the program will not run once you download it. Please re-read my post on the 27th.
You have to rename the .exe files and you must disable TDSSserv.sys in your taskmanager processes… ‘cause I promise you the demon is too smart to just let you run a program to get rid of it. Safe mode is unnecessary unless you have trouble booting up.
(email address removed)

Reply

Rick December 29, 2008 at 9:33 AM

By the way don’t bother reading (www.xp-vista.com/spyware-removal) forum.
They remove every comment that is correct. They either are partners or associates of the authors and they are only there to sell spywarehunter software for money.

Reply

Rodney December 29, 2008 at 9:33 AM

Ok. This is making me incredibly angry. I downloaded the two thingers, than I disabled the server thing, and went into safe mode. I scanned and deleted, than when I finally rebooted in normal mode, they just came back. What can I do… X__________X.

Reply

Ben December 29, 2008 at 9:53 AM

For those of you still battling this here is what worked for me. I too downloaded SUPERAntiSpyware and Malwarebytes. I wasn’t able to run either in safe-mode or otherwise. Looks like it updates to not allow these, but it isn’t so smart. It is looking for that specific file name. I changed the install name for Malwarebytes to ma.exe and installed it. It wouldn’t finish the install because once again it tries to load so I changed the name of the exe as well and then it was able to load. Looks like the writers of this crap don’t know how to Identify signatures so they just code in file names.

I am not going to suggest names to use here, but just rename both the install for either application and then rename the exe afterwards and you should be able to run it.

Reply

Mark December 29, 2008 at 9:59 AM

This malware was awful and practically ruined my Christmas day. However, I was able to finally remove it. Booted up in Safe Boot with Networking and then used the SysInternals Process Explorer to suspend the wincenter.exe and spywareguard2008.exe processes so they didn’t respawn while working on the next steps.

Next used Malwarebytes to remove the IP block. I had to download this using another system. Had to use it without the initial updates at first, but it was able to remove the block and then I updated to the latest defintion and ran it again.

Then I downloaded SUPERAntiSpyware and updated it’s definitions. Then I pulled the plug on the network and made sure the offending processes were suspended while I ran SUPERAntiSpyware and Malwarebytes alternatively until they reported no more conflicts.

Norton AV and its live boot CD were utterly worthless. It would seem to me that using a live boot CD would be very effective against spyware since the live boot CD would be executing in a protected environment. Too bad nothing like that exists as a product, because it would vastly simplify removal. Simply boot your machine to live CD and it connects to the remote server that has the latest software and definitions and would install them in its runtime environment.

Reply

Ali December 29, 2008 at 10:32 AM

Hi-
Is there any hope for someone who can’t even get their computer started in safe mode with this damn virus? Is there ANYTHING I can do? please advise. thanks.

Reply

wozcat December 29, 2008 at 9:05 PM

there is always a last resort ..
reinstall the os
if that dont work start checking the hardware

Reply

Jason December 29, 2008 at 10:45 PM

Mick–

I had the same problem with graphics after I had cleaned my system from Spywareguard 2008. I imagined all sorts of problems and downloaded a bunch of cleaners from the internet, but nothing seemed to work.

Then I found a forum post which suggested I make sure that the “download graphics” (or something like that) button is checked. To do this, go to Internet Explorer > Tools > Internet Options > Advanced > Multimedia. Every box under Multimedia should be checked. I hope this fixes your problem.

Now that I have that problem fixed, I have a new one: jumpy / choppy scrolling. Has anyone else experienced this side effect from SG2008? How do I fix it? I have tried a few methods, but nothing seems to work.

Reply

Mike T December 30, 2008 at 12:30 AM

I am deeply appreciative of Shanmuga and all the folks at Malware Help for establishing this fine webside and originiating this particular thread. Special thanks to Kyri for his detailed removal procedure. McAfee Internet Security, my purchased antiviral software was absolutely useless at preventing, detecting, and removing this nasty piece of malware. Even their $69.00 virus removal service had to refund my money because they couldn’t get my computer into safe mode.

A word of caution to those who run a home network using a standard router. If the infected computer has access to the lan at the same time as a clean computer, forms of the virus will spread from the infected computer to other healthy computers connected to the same network, My wife and daughter’s laptops came down with what was pretty much the same malware, although they used different names. I was able to keep my old computer clean by making sure it was never connected to the router at the same time as the infected one. Disabling the network connection or locking the firewall both worked.

If a posse is forming to track this varmit down, I’m in. Hanging is too good for him. The sad but true thing is that if he would but as much talent and attention to detail into writing legetimate software instead of this vicious piece of malware, he could make good money legaly.

The following is my version of the best way to rid your computer of Spyware Guard 2008 is:

1. Isolate the infected computer from all other computers. Locking the firewall worked for me.

2. Find a noninfected computer, download BOTH Malwarebytes and SUPERAntiSpyware.

3. RENAME both installer files. Putting not in front of the file name worked for me.

4. Copy both files to some form of removable media, CD, flash drive, etc.

5. Install both files on the infected computer.

6. Important! Isolate all other computers on your home network from the router. Then allow the infected computer internet access long enough to download and install updates for both files. You MUST have current definitions for both MalwareBites and SUPERAntiSpyware if they are to work.

7. Run a complete scan of your computer using MalwareBites (all drives). A quick scan won’t get the job done. Do NOT leave your computer unattended.

8. Open TaskManager (ctrl. alt, del). Using the Processes tab end both the spywareguard and winscenter processes whenever they appear. The Spyware Guard may also be ended by right clicking the Task Bar icon whenever Spyware guard starts and click on exit. You must stay with your computer during this step or this malware can reinstall itself on already checked portions of your drive. The more files you have the longer this will take.

9. Follow the steps indicated by the MalwareBytes program when the scan is completed. Restart your computer to remove the quarantined files.

10. Perform a complete scan of your computer using SUPERAntiSpyware. Again a quck scan will not work.

11. Again do not leave your computer unattended. Use Task Manager to end both the spywareguard and winscenter processes whenever they appear.

12. Follow the steps indicated by SuperAntiSpyware when it is done. Allow your computer to restart to remove the malware files.

Being the the paranoid type, I repeated both scans and they came up clean. I performed this procedure on all three of our infected computers with good results. As of this writing all three computers appear to be functioning normally.

I also lost the graphics from both IE7 and McAfee Security Center during this mess. I tried IEregFix.bat from from the McAffe website but it didn’t work any better than any other McAfee product. Here is what fixed that problem:

1. Open IE7

2. Click on Tools

3. Click on Internet Options.

4. Click on the Advanced Tab.

5. Scroll down to Multimedia. Continue to scroll down until you see Show Pictures.

6. Click the check box to place a check mark in front of Show Pictures.

7. Click OK.

8. Close and reopen Internet Explorer.

That restored the graphics in both IE and McAfee Security Center.

Hope these two procedures help the other victims of this malware.

Once again thanks to Malware Help and all the contributors to this thread. I couldn’t have fixed my computer without you.

Reply

Philips John December 30, 2008 at 12:39 AM

Spywareguard2008 ruined my Christmas. It was painful and frustrating. My computer would freeze and I could not get on on to the internet or open other applications.

Finally I got rid of it.
I first tried Adaware. This was no help.
I downloaded Malwarebytes MBAM and SUPERAntiSpyware onto another computer.
And then copied them to the damaged laptop through my flash stick.

But I could not install these software. I renamed the .exe file
mbam-setup.exe
SUPERAntiSpyware.exe
After renaming these files to other names I was able to install them.

But I could not run them. Again I had to rename the files
mbam.exe
SUPERAntiSpyware.exe
After renaming these 2 files I was able to run them.

But running them did not kill the beast. I somehow needed connection to the internet. I tried restarting the laptop couple of times and one of the times I did get connection to the Net.
I was thus able to download the updates to these 2 software.

I ran the software again and guess what THEY KILLED IT.
I ran both the softwares s timultaneouslyand found that SUPERAntiSpyware did a better job of finding the rogues.
Anyway to be sure I ran the full scan using both the softwares.

And Iam free of this plague. Thanks to all the ideas I got from this forum.
Wishing everyone a HAPPY NEW YEAR.

Reply

rreynolds December 30, 2008 at 1:51 AM

Thanks, I had been disabling the process and deleting the files many times and the spyguard 2008 finally stopped popping up. Free versions of superantispyware and malwarebytes fixed it but still keeps finding it so I will probably have to run these daily till a more permanant solution is found. I did not have to rename the files but did use another computer and flash drive to get them on the infected machine. (The browser kept crashing on my infected PC) I did not run them in safe mode so I will do that also as soon as the current scan is finished. I was just in a hurry to get the thing gone. Now I wonder how many people tried to buy the spyguard 2008….. and if they lost money on it.

Reply

Clean Computer December 30, 2008 at 2:48 AM

Malwarebytes’ Anti-Malware WORKS! I downloaded it from to a stick on a virus free system. Copy it on the stick then renamed it your-choice.exe. Ran it on my infected computer in safe mode first (during the boot up press F8) , it cleaned most of the virus. Then restart in safe mode with internet. Start MAM and update it. Ran several quick clean up to make sure you get read of the rest of the virus files, keys and infected registers.
It worked for me!
Good Luck!
Eugen

Reply

Clean Computer December 30, 2008 at 2:55 AM

Malwarebytes’ Anti-Malware WORKS!

Eugen

Reply

maxicon December 30, 2008 at 4:12 AM

Thanks to all for the helpful comments!

I finally had a bright idea that may help those who can’t boot at all.

This terrible infection had me on the run fixing a co-worker’s PC, and it got to where I couldn’t start up WinXP Home at all – first it wouldn’t connect to any web site at all, then safe mode had a blank screen with “Safe Mode” in all 4 corners, but nothing else, and no responses to any input, and after that it wouldn’t start up in normal mode no matter what I did.

Here’s what I did:

- Downloaded and updated malwarebytes on a second PC

- Disconnected the infected PC’s hard disk and hooked it up to a USB adapter to the second PC (hooking it up as an internal drive would also work)

- Ran malwarebytes on the second PC, scanning on the infected drive, rebooting after each scan, until it scanned clean (3 scans total) – it removed a pile of stuff, including in the restore points. This didn’t clean the infected drive’s registry, but it got rid of the programs, so the registry entries didn’t re-infect it.

- Hooked the infected drive back up to the original PC, and it booted normally with no infection processes running.

- Downloaded malwarebytes on the infected PC, updated it, and scanned again, allowing it to clean out the registry entries and anything else it missed.

- Reboot and rescan until nothing is found, and it’s all back to normal!

Hope this helps as much as the other posts helped me!

Reply

Mike N December 30, 2008 at 7:52 AM

The cure:

Download malwarebytes to a thumb drive and copy it to your desktop.

also while you are there download the latest virus defs file for manual updating
because the virus will keep it from getting the latest defs. “If you are having problems
downloading the database via the program, you can now download it as an installer.
Visit this link and scroll down to the bottom.”

http://www.malwarehelp.org/blog/go/malwarebytesantimalware (link edited – Shanmuga)

Boot the PC to safe mode.
Install Malwarebytes + intall the updated defs. and run in quick scan mode.
You may be prompted to reboot if so reboot in safe mode. Run Malwarebytes again this
time complete scan if nothing was found reboot in normal mode.
If it did find bugs run another quick scan until no more bugs are found.
Fixed me after 8 hours of pulling my hair out.

Reply

sue December 30, 2008 at 8:18 AM

I was able to clear this for the most part with altermate scans of SUPERAntiSpyware and Malwarebytes Anti-Malware (be sure to keep updating them both). I was able to load them and get them to run thanks to the tips about renaming on this site – thanks! But I still was having browser problems and before I knew it… the piece of crap malware was back.

The computer that the infection is on is my mom-in-law’s and the other problem I noticed was that the infection was still disabling her windows auto update. When I realized this, I also realized she wasn’t running a newer IE. So I kept running scans until I was able to get the AutoUpdate to go on and stay on long enough to download all of the recent microsoft updates as well as a more recent browser. One of the MS updates was a malicious software remover.

It seems to be working now – fingers crossed. But I thought I would share this tactic with anyone who is still having spywareguard + browser issues. Nothing else had fixed it completely so far.

Happy to report I have been able to run sweeps of both antispy/mal programs and FINALLY came up with zero problems. This has been a long 30 hours of battle.

Reply

Spu December 30, 2008 at 8:57 AM

I ran into this crapware (sorry for the language) and still don’t know how I got it since my home computer is used by many. Here’s how to get rid of this:

1. boot up in safemode (tapping F8 in XP).
2. launch browser and download TrojanRemover…install/run, and cleanup…after this you should be able to reboot in normal mode.
3. reboot in normal mode, your browser should be usable at this time, find anti-malware from malwarebytes, install, run quickscan, and cleanup.
4. download AVG (from majorgeeks) and superantiware. install both.
5. run full scan AVG and anti-malware and cleanup.
6. run superantiware full scan and clean up.

I ran McAfee after step 6 to remove the rest. all is fine now, after several reboots, i have seen no problem.

Hope this helps everyone.

Spu

Reply

Gio December 30, 2008 at 5:04 PM

Hello Everyone,

I’ll find that guy and cut his *** for doing this. I mean, he deserves more than that!!! For those of you still trying to get rid of this sh**t, download Malwarebytes…it will do the job. One strange thing happened to me. I download SuperAntiSpyware installed it in the infected computer but for some reason when I run the program, my computer restart itself. I just decided to not run that program. Has anyone experienced the same symptom?

Like I said, MalwareBytes will do the job. Also, make sure to update the program.

Good luck everyone!

Happy new year

Reply

CJB December 31, 2008 at 1:08 AM

Kudos to Philips John!!!!!!
Right on dude…Your suggestions was my missing link. I have worked on this thing for 2 days off and on to kill this assenine spyware guard 2008 crap. I am finishing up my scan and will post my results when finished..

Once again Thanks

Reply

matt December 31, 2008 at 6:45 AM

I used MalwareBytes Anti Malware free down load and it appears to have done the job! Thank God! that was a peskey virus

Reply

Anonymous December 31, 2008 at 12:14 PM

Some useful info here. Thanks.

Reply

Lorris December 31, 2008 at 7:54 PM

I’ve been without internet with this thing for a week now. With the info here, hopefully I can usher in the new year with internet. The surprising thing about this malware that happened to me was that the guy timed it with the renewal e-mail alert that came from Trendmicro about our automatic 1yr renewal. As soon as I clicked that e-mail, the shit hit the fan(excuse the language).

If you guys manage to get the bastard, please record it in high-def for the rest of us.

Reply

Nix December 31, 2008 at 9:07 PM

I was hopeless until finding this site. Thank you so much! I Followed Kyril’s instructions and I successfully removed this virus from my PC. My advice to those of you experiencing trouble booting up is to keep trying. I had to keep hard booting over and over and I finally was able to launch safe mode and install Malaware and SuperAnti Spyware. Don’t give up!

Reply

Anonymous December 31, 2008 at 10:47 PM

Excellent ino here, this little bugger was a real pain, but I finally got rid of it with MalwareBytes, had to run in safe mode though. Thanks to all the posters here for helping me out.

Reply

CJB January 1, 2009 at 12:16 AM

Finally all is well once again….

Reply

SPU is Great! January 1, 2009 at 3:31 AM

I was unable to install either program listed above in safe mode or regular. That stupid SpywareGuard2008 wouldn’t let me install those 2, avg, or spybot! But, thanks to SPU, i followed that post to a T and everything great now!
The post was dated: December 30th, 2008 8:57 AM

You rock Spu!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!1

Reply

mw January 1, 2009 at 9:13 AM

BitDefender is telling me that all is well on my computer, but I have gotten an error message from them every day that I have not scanned for malware. When the message for SpyGuard208 came up I thought it was from Bit Defender and hit Run a few times. YIKES! I decided to Google SpyGuard2008 and thankfully found this site. BitDefender says they have quarrantined these files, which my BitDefender came up pretty much simultaneously with the SpyGuard2008 warnings. I’m going to favorite this page and restart my computer. Do you think I will be or am now infected?

Reply

Ben January 1, 2009 at 10:21 AM

I’ve spent a week trying to get rid of this damn thing — found this page and printed it out to read everyone’s solutions on day 2, but i could never get malwarebytes to run. downloaded on another computer, renamed it, disabled system restore, rebooted in safe mode, installed, uninstalled, reinstalled — everything listed here but malwarebytes would not run

….. until tonight (when i was transferring files before i reformatted) i got malwarebytes to run by right-clicking on the program then selecting RUN AS…., then UNCHECKING the “something something protect your computer from viruses” box. i had completely given up, but now i’ve updated and i’m scanning and hoping i can win. thanks for everyone’s advice.

Reply

SoonerFan January 1, 2009 at 8:21 PM

Thanks to everyone on this site!! I thought I was going to have to format my hd.
Here is how I fixed it:
1) Disconnected my machine from the internet
2) I booted to safe mode (F8 during boot)
3) Copied Malwarebytes AND latest updates from a thumb drive to infected machine
4) Kill TDSSserv.sys by going into device manager, click on show hidden devices, expand each device until you see TDSSserv.sys (Google TDSSserv.sys for better info on this procedure)
5) Installed and ran malwarebytes quick scan (you may have to change the names of the executables)
6) After the quick scan I ran a full scan (took 8hours)
7) I rebooted into regular XP and installed Superantispyware and ran a scan with it.
Everything seemed to be okay after all of this. I’m running Windows XP SP3
I hope all this info on this page helps you as much as it did me. It is possible to remove it!! Just stick with it!! Good Luck!!

Reply

Tundra January 2, 2009 at 1:25 AM

I wish I had found this site before I wasted $30 on SpyHunter which didn’t help at all. I got Spyware Guard 2008 on Christmas and finally killed it today. I ran Super AntiSpyware, then ran MalwareBytes. Happy New Year! except for the schmuck that created Spware Guard 2008; he needs to die painfully. Thanks.

Reply

Mauge January 2, 2009 at 1:40 PM

Thank all of you for your responses. I finally got MalwareBytes Anti Malware to work. When i try to install and run. when i start my computer normally it still freezes right when my desktop loads up. so I start it up in safe mode and my desktop and start menu works… when i try to install SUPERAntiSpyware an error comes up when running windows installer that says not able to install because administrator made policies to prevent it… something to that effect… if anyone else has same problem please post… thanks a lot and keep up good work.

Reply

Lil Buddy January 3, 2009 at 9:04 AM

Well, after using Superanti… and Malware, AND spybot….I find that here is STILL something wrong. This virus has adaptability beyond belief. It directs me to fake “Safe Modes”(you can tell because there’s sound—-the real safe mode minimizes graphics and audio), I’ve rebooted hundreds of times. Unfortunately, I have over 400,000 files to scan, so each process is a major pain. I thought of giving up long ago, but I STILL can’t restore or set default factory settings. What is my next step? Buying a new hard drive?????

Reply

Bob M January 4, 2009 at 5:33 AM

Well success at last – Kryril on Dec 21 and S&B on Dec provided the solution and all those who have commened on these methods.

However i had majot problems with booting the computer into safe mode and I wanted to comment on this. I see Lil you have beaten me to this. I had blank screens, and either fake ‘Safe Mode’ screens or perhaps the correct screen but with the keyboard locked so that I could not select ‘safe mode’. It continually booted in normal mode. (Perhaps this is not such a problems judging by others comments?).

Persistence in th eend paid – it took me 15 mins or more before i eventually got the my computer to default to ‘safe mode’ option and boot into safe mode. the rest was relatively plain sailing. During the 15 mins I interrupted the boot-up sequence at different places and even pulled the mains plug out several times (I don’t know whether there are any risks to this but I was desperate!).

Nix on December 31st also mentioned these problems. Just thought I would mention how long it took me and the problems I had. I note that others have commented on connecting the infected drive to another computer and finally sorting the registry once the crap has been removed.

Best of luck Lil and thanks to all here.

Bob

Reply

mark January 5, 2009 at 9:03 AM

thanks 4 all the info it took a few times but its out. i only had to ues malewarebytes plus the update!

Reply

Welsh Dragon January 5, 2009 at 7:20 PM

Followed Mike T’s info on Dec 30th and finally got this **** removed.
THANKS SO MUCH for all info found here. PC is back to normal again….

The fact we had already isolated the computer from internet access and
we were already closing it out when it started up, may have helped us.

Just following all the steps through worked, no problem at all……

Reply

salli January 5, 2009 at 11:29 PM

This has completely taken 100% control of my PC. So the only option left for me is to boot in safe mode and install the removal tools from USB (flash drive) with a different file name, as mentioned in some of the posts above.

Lets see what happens..

i will post my experience later.

Reply

Mike January 5, 2009 at 11:31 PM

I found that spysweeper with antivirus was able to detect it and remove most of it.
what you need to do is download process explorer, autoruns and jv16 powertools
use autoruns to disable the automatic starting of this malware, and use jv16 powertools to search for the regkeys he mentions above, then using process explorer, kill (in this order) smss.exe. (wait 5 seconds) winlogon (wait 5 seconds) and lass.exe, then using the file – run, go to the windows folder, delete the files he mentions above (you should be able to now), remove the files in program files that he mentions. (of you get access is denied errors, don’t worry, we will delete later)
Force power down the computer (those processes we killed help us restart normally), turn the computer back on, you should be able to run in normal mode now.
go to program fies, remove the files you couldn’t remove before
run some antivirus scans, I recommend f-prot from f-rpot.com, just sign up for a trial.
that should fix that one virus

Reply

Mike January 5, 2009 at 11:33 PM

oh, and I forgot something, if you cannot run jv16 powertools in safe mode, run this in command prompt:
REG ADD “HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer” /VE /T REG_SZ /F /D “Service”
REG ADD “HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MSIServer” /VE /T REG_SZ /F /D “Service”
net start msiserver
(if this is vista, right click and run as administrator)

Reply

Craig January 6, 2009 at 12:26 AM

I too want to thank all who posted here, as I have now beaten this thing. It took most of a day, but it’s gone. Thanks also to Malwarebyte for their great Anti-Malware software.

Reply

AggravatedBEYONDBelief January 6, 2009 at 12:27 AM

Mauge,

I had the same issue as you. Run the Malware software until it comes up clean. Then launch Spybot Search and Destroy, also in safe mode. Once you’re done with these two apps, start up in normal mode, install Super Anti Spyware, log out and run Super Anti Spyware in safe mode just to be sure. Good Luck!

Reply

Mani January 6, 2009 at 10:22 AM

huh!!….
i had the worst dayz of my life sorting this out….i tried all combinations, solutions given by every1 n finally after 5 long hours i cud fix it…thanx every1 n especially the website owner n the anti-virus companies..i have installed all antiviruses, safe mode, renamed still it wasnt working,….used several combinations n then finally i got a way thru….
my laptop is now workin well..!!!
i luv this website..!!
keep trying..!!
i rebooted in safe mode for more than 30 times n then the program installes…
keep trying..
hope this helps

Reply

TiminIndy January 6, 2009 at 10:30 AM

Thanks to all the knowledge and experience here, I have beaten this SOB! First I turned off System Restore, installed SASP & MBAM by changing the filenames (downloaded and burned to CD from uninfected PC), got SASP to do a quick scan (couldn’t get updates at first) while killing SWG2008 & Win Sec Center in Task Mgr – killed 300 threats, restart, then was able to update SASP and run a full scan – 10 threats, restart, then was able to update & run MBAM – 12 threats, restart, installed and updated Spybot and got hits for Virtumonde, Smitfraud, _freescan 1.htm.vir, killed those. Scans then came back clean on all 3 + McAfee.

Thanks!

What agency is supposed to investigate and prosecute these bastards?

Reply

Bob M January 6, 2009 at 7:34 PM

Have got rid of this malware, but as Jason on December 26th, 2008 mentioned, some of my Internet programs seem to be missing graphics! Has anyone else encountered this problem and found a solution?

Thanks

Reply

Shanmuga January 6, 2009 at 8:11 PM

For those who have lost the images in Internet Explorer and other IE dependent programs:

1. Open Internet Options in Control Panel
2. Click on the Advanced tab.
3. Look for the Multimedia section
4. Place a check mark in the Show Pictures option.
5. Restart Internet Explorer if running.

Hopefully, that should bring the graphics back.

Reply

Bigb451 January 6, 2009 at 10:32 PM

It looks like there may be slightly different versions of this out there. Mike’s and Spu’s processes worked for me: First I ran Autoruns and unslected Spyware Guard 2008. Then I followed Spu’s advice and ran TrojanRemover and then MalwareBytes Anti-Malware, and that did it. I ran the rest of his process and also just about every other spy/malware remover after that, but nothing was picked up.

Good luck!

Reply

Bob Faubel January 7, 2009 at 1:42 AM

I got hit with this virus Christmas weekend and freaked like everyone else. After trying to do some deleting and not working I remembered about going to safe mode. Safe mode got me back to the internet where I searched for answers and came across this site. I first tried Malwarebites Antimalware and it didn’t work. I then tried Superanti Spyware and it worked great! It also found other problems I didn’t know I had! Here at my church tody 3 computers got hit and one of them nothing has worked yet. It seems some antivirus programs work for some computers but not on others. Thank you for your help!

Reply

John Lear January 7, 2009 at 5:07 AM

If anyone should be sued, it’s Microsoft for putting out a product deliberately designed to be manipulated, controlled and destroyed by everyone else in the world except the person using it on his/her system. The design is expressly opened to corporate spying and information gathering – loosely called “marketing”, for which Microsoft earns billions. But being openly designed, Windows is inherently open to hackers and malware. It is time for a class-action suit against Microsoft to re-think and re-design all that openness so that we, the consumers who pay for that damn software, can have peace of mind over our data and processes. SUE BILL GATES, TOO!!

Reply

Lil Buddy January 7, 2009 at 8:06 AM

So far, 3 days later, nothing in the scans except nonsense cookie alerts.
Can ANYONE tell me why my photoshop-type applications won’t run? Other .exe files work, but not these.

Reply

Lil Buddy January 7, 2009 at 8:11 AM

Also—–Can anyone tell me when this thing hit WHY it installed a “floppy disk” as a drive and why I can’t get rid of it? (Yes, I went to Device Manager).

Reply

Dan January 8, 2009 at 1:31 AM

Thank you to this site and it’s members for the useful and working suggestions to remove trojan.nnol and the associated problem. MAM did the trick after safemode and renaming. Needed to run it ~6 times to be complete.

Reply

Joe January 8, 2009 at 1:36 AM

Sue Microsoft because you paid for their software??

Why pay for when you don’t have to??

Oops…

Reply

Bob January 8, 2009 at 5:36 PM

My Explorer picture are now showing.

Thank you for your help Shanmuga. Note sure why I didn’t think of that.

Reply

Lee January 8, 2009 at 7:46 PM

Windows Defender (download from http://www.microsoft.com/downloads, install, and update definitions) successfully removed SpywareGuard2008 as well as the Fastclick adware from my son’s computer. But I had to run it twice; the first time Defender hung up because it wouldn’t shut down properly during the restart that it had initiated itself!

Reply

sus January 9, 2009 at 12:25 AM

hi, just to let people know, l had this damm spyware guard on my system recently, what a bloody pain, but managed to download superanti spyware & ran straight away, kept task manager open & everytime it popped up to scan l deleted it straight away & stopped the scan, as this was slowing down the virus scan a hell of a lot, left running all night, but was not finished in the morning, so took laptop to work & kept an eye on it & task manager, finally after 15hrs!! it had picked up the spyware guard 2008 a couple of trojans & loads of adware, managed to quarintine & reboot & so far 4 days later all is well,& laptop running a lot faster. they say patience is a virtue..well it certainly tested mine.

Reply

Davade January 9, 2009 at 12:51 AM

If anyone is having the following problem this can help… If you cannot download malware bytes, or if you can download malware bytes but the spyware guard virus is not allowing it to run, or it is not allowing you to install malware bytes here is the solution.
Download malware bytes onto a usb drive
Change the name of the installer to 123.exe
While trying to install the program if it continually freezes up, go to task manager and keep ending the 123 process. Don’t worry it will just continue the installation even if you have to do it several times.
After installation, got to C:\Programs\Maleware bytes anti maleware, then change the mbam.exe to Test.exe. Then you can run it but do not do the web update. You do not need the update to remove spyware guard.
Now when it is done scanning remove all of the found threats. Restart, and then do the update and rescan with a full scan to remove eveything else.
See… Spyware guard 2008 and up has been updated to not allow mbam to run. It also stops many of the other software applications that are used to remove this rogue virus but you can use this same proceedure on all of the spyware removal programs and spyware guard will not know what it is because whatever you name the exe file that is how it will show up in the processes. For example, naming mbam Test.exe, will make it show up in task manager as Test.exe and spyware guard does not know what Test.exe is. And the great thing is that you can name it anything so Spyware guard will be hard pressed to stop anything from running then. Hope this helps put a stop to them morons that put spyware guard out there.

Reply

Dominic January 9, 2009 at 3:25 AM

Thanks for all the advice but I still cannot download Malwarebytes or Superantispyware.

The Spyware Guard is on my girlfriends laptop, my pc is fine. I have followed the steps as outlined above from my ‘good’ pc to her affected machine many many times but still cannot get this to work. I can rename the downloaded files I have on my flash stick, put them on the laptop’s desktop (running in safe mode with networking) and it’s disconnected from the internet, but when I doubleclick on the malware renamed file, it get’s as far as asking me what language, i click ‘ok’ on ‘english’ and then the second stage screen flashes up and is gone in an instant before I can progress with the installation of Malware! I have rebooted and tried different names for the files but somhow this still does not work as in some of the steps.

for example, from Kyril’s post on Dec 21st at 8.14pm which many of you have said works, I get to step 3 but cannot physically get to step 4!

I have tried several of the suggestions above as well from other posters but still am stuck at this stage. The laptop operates on XP.

if anyone can help and let me know how to overcome this I will be eternally grateful!!

Thanks in advance

Reply

Tim January 9, 2009 at 3:53 AM

after following much of the good advice above over the past 36 hours this crap seem to have been removed from our system. while killing Spyware guard 2008 and wincenter quickly whilst running MAM I was able to find and remove the offender each time it regenerated. But even after this I found that upon re-boot we had to kill crssc.exe, winlogin.exe and fvan.exe each time to stop it regenerating. These seemed to be the processes to watch for in task manager. csrssc.exe being the one that seemed to be doing the most work on my hard drive each time

Reply

Marcelo January 10, 2009 at 12:54 AM

Thanks a lot for all the help and advice of all of you guys. My pc was also infected by SpywareGuard 20008 and the Windows Security System virus. The first thought that came into my mind was to change to Apple or install Linux on my computer. Fortunatelly it was not necessary.

Just follow Kyril’s steps posted on December 21st, 2008 8:14 PM and your compuyter should get rid off them. I used one day to clean up this mess, but it was worthy. Thanks a lot!!!!

Reply

Lil Buddy January 10, 2009 at 3:58 AM

If anyone can tell me why I now cannot run any recording, photo, or photoshop-type programs now that the virus is gone, I would appreciate it. I get pop-ups saying that I have\ insufficient privelages\, even though I am the only user and administrator.

Reply

Xyrdreas January 11, 2009 at 1:57 AM

I worked on my bosses computer which was infected with Spywareguard 2008, and attempted many times and different ways to install SmitfraudFix, AntiMalware and HijackThis, and every time, it blocked the installation.

Also everytime I manually deleted the reg keys, files and other associated files and rebooted, it repopulated the system. What I had to do, which I think is extreme, is remove the hard drive, hooked it up to a diagnostic machine (running AntiMalware, WinPatrol and McAfee AntiVirus) as a slave drive. Ran AntiMalware on the slave drive, and cleaned out most of the infection, then installed AntiMalware on the slave device, as well as WinPatrol and HijackThis.

Reinstalled the hard drive into the computer, and on boot up, there was still evidence of SpywareGuard, but I was able to kill it with WinPatrol, run AntiMalware (and uncovered a whopping 3000 INFECTIONS!). Ran HijackThis, and removed any registry keys associated with SG2k8 and a little wonderful trinket (Sarcasm, ain’t it great) called MyWebSearch.

Rebooted, and it was alllllll gonnnnnne. Re ran the AntiMalware Scans just in case, and it came up clean.

I know it’s an extreme work around, but it works and saves you from the ultimate solution, reformatting and reinstalling windows.

Reply

Hilary January 11, 2009 at 3:58 PM

I too have followed all Kyril’s advice and managed to get both Mbam and SuperAntiSpyware to run. However having cleaned up my system I then rebooted only to find that I now can’t get past the logon screen! Has anyone else had this problem? When I click on the username – or administrator – to login, it briefly says that user settings are being loaded, then says settings are being saved and returns me to the login screen! This happens in safe mode as well as normal mode. I have tried booting to previous good configuration but the same thing happens. Any suggestions please?

Reply

BH January 12, 2009 at 9:03 AM

malwarebytes anti-malware program did the job for me after several days dealing with the SpywareGuard 2008 virus. As the virus would not allow me to download the program directly, I had to download it (from cnet.com) from another computer onto a usb drive, rename the file (since the virus knows this program and will not let the system start it) and save it onto affected computer desktop. The malware program froze up on me at the end of installation but, after a reboot, the program came up and worked. I had to use the task bar mgr to shut the SpywareGuard as I scanned my system just to be sure it would not be able to bypass the malware program in any way. Came up with 50+ infected files which I deleted via the malware program and another 5 files that the program could not delete until a reboot was done. After reboot, no problems..hope this helps someone.

Reply

why January 13, 2009 at 10:14 PM

i have tried everything above, but still cannot install any of the programs on my infected laptop. I downloaded the programs onto an uninfected computer,renamed both, and copied them onto my infected laptop via a usb drive.However when i try to install the renamed files, nothing happens. No error message….nothing. I even went to device manager>show hidden files>non config………to locate and disable the TDSSERVER.sys trojan in case it was the cause but couldn’t find it over there…….plsssssssss HELP

Reply

wtf January 14, 2009 at 6:44 AM

Malwarebytes Anti-malware & SUPERAntiSpyware did the job for me.

Control Panel | Security Center | “Change the way Security Center alerts me” (untick all three boxes) will remove the Security Center shield from the taskbar.

Reply

Rhonda January 15, 2009 at 1:23 AM

just wanted to say that malwarebytes anti-malware and antisuperspyware…took care of all the problems…thanks to all the comments and info…i appreciate this site and i am sharing it will all our friends on our band page and personal web sites…God Bless rhonie

Reply

UDcc123 January 16, 2009 at 3:37 AM

I just wanted to thank everyone for the creation of this site and the comments/help people have given. I was going nuts trying to clean this off my system, but after coming across this site and taking a systematic step-by-step approach, I was able to easily remove the files from my PC.

Special thanks to Kyril for their post on Dec 21st and S&B for their post on Dec 27th.

A couple of other items that I ran across that may be helpful to others:
1) Malwarebytes took forever to install and open when I first tried it. When I used SuperAntiSpyware (SAS) first (which installed & ran very quickly) and clearing most of the bad files, Malwarebytes ran without issue aftewards. So if you’re having trouble with Malware, just run SAS first.
2) I ran everything in normal windows mode without need for SafeMode.
3) It took about 10 minutes for the initial quick scan of SAS, in which spywareguard2008.exe showed up about 6 times for me to cancel and winscenter.exe showed up just once for me to cancel. After the quick scan, I had no occurrences of either file popping up when I ran the full scan of SAS and full scan of Malwarebytes aftewards.
4) It took about 20 minutes for the full scan of SAS to run after the quick scan cleared up most issues. And then another 20 minutes for a full scan of Malwarebytes
5) Whether due to the scan or the malware, pictures were not showing up in my Internet Explorer after I cleaned everything up. To fix this, go to Tools > Options > near the bottom click “Show Pictures”
6) In the beginning when I had malware & I hit cntl-alt-delete to bring up task manager, I could not see the tabs for “Applications”, “Processes”, etc. To fix this, just double click anywhere on the outer gray border of task manager
7) To access my USB drive that had the spyware, I first tried going into windows explorer (right click start menu -> Explorer). Doing this with malware, I was unable to access the USB port drive. But I could access it when I went in through My Computer.
8) I may just be dumb, but when I first bought my 4 GB USB drive and tried to install files on it, it only showed 3 MB of available space on it and I had no idea what was wrong. On the USB drive, there was an already existing file that wanted to install certain products on my PC (good products, not Malware). I had to open this file and click no to the option of installing new products before I had access to the 4 GB.

Reply

David January 16, 2009 at 7:27 AM

Spyware Gaurd was installed on my computer yesterday and I’ve spent the intervening time tryting to get rid of it.

A Spyware Gaurd window pops up every minute or two trying to scan my computer and tell me I need to buy the full version. The windows security center believes that Spyware Gaurd is my virus protection and keeps telling me I’m in danger because it’s disabled and that I need to install the full version.

I was initially unable to download or install either anti-malware or superantispyware. I managed to get the setup files on my computer (renamed), but I am unable to get past the first screen in the setup before the application is closed.

The only spyware removal program I have installed at the moment is Spybot – Search and Destroy. Spybot detects Spyware Gaurd but can’t remove it, even after restart.

I have tried ending spywaregaurd.exe and winscenter and then manually deleting all the mentioned files and registry keys, but spyware gaurd reinstalls itself.

I was unable to find this file or this registry key:
C:\Documents and Settings\Shanmuga\Application Data\Microsoft\Internet Explorer\olesys.dll

HKEY_CURRENT_USER\Software\Spyware Guard\NP\NP
REG_SZ, 66 bytes, “F620C418B59F44D289B18E1D1B5D896E”

I managed to get all the files/keys removed and process closed at the same time and run spybot, at which time spybot claimed the problem was fixed. I then restarted and found spyware gaurd immediately reappeared.

I’m about ready to start copying files off the computer so I can reformat it. If anyone has another suggestion I would appreciate it mightily.

Reply

Larry January 16, 2009 at 7:32 AM

Note: BACK UP YOUR REGISTRY BEFORE MAKING ANY CHANGES!!!

I had to fix this issue on a client’s computer remotely, via gotomypc.com. The solution I found was to kill the spywareguard.exe and winscenter.exe processes via Task Manager whenever they popped up, then delete the contents of Program Files\Spyware Guard 2008\ and create two 0b text files, rename them spywareguard.exe and uninstall.exe. Also delete winscenter.exe from Windows\System32\ and it’s corresponding file in the Windows\Prefetch\ directory and add a 0b text file renamed to winscenter.exe to Windows\System32\.

Next, I deleted all the files that are installed by spywareguard (listed somewhere above). Fire up regedit and check out “HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\” for any offending BHOs (Google + GUID is your friend). If you find any, search the registry for the GUID and you can locate the associated dlls.

Once you have the dll names, you can go to the start menu and use the run command and type “cmd” and press enter. You can unregister the dlls by using the regsvr32 command with the following syntax: “regsvr -u “. Now empty your recycle bin and restart the computer. When the computer comes back up, delete the dll files that you unregistered previously. Open up the registry again and delete all the instances of the malicious BHO GUIDs that you find.

Now you can grab a copy of IERegFix.bat and transfer it to the infected computer (see the bit about installing anti-spyware tools for more on getting the file on there). You may have to mess with the file a bit to sneak it by whatever malware is still on your PC; I just deleted all the commented lines/echos/the last couple gotos and it worked. Empty your recycle bin again, and if you’re the patient type, restart your computer again.

Now you can start trying to install various anti-spyware removal tools (superantispyware, malwarebytes, hijackthis, spybot s&d, ad-aware, etc). At this point you ought to be able to obtain the install files via the internet but if you’re still having trouble then you can download them via another (spyware free) computer and transferring the files via USB or cd, or use some other method. Get creative. Once downloaded, rename the files to some garbage that won’t be recognizable to the spyware. “dasfkadf.exe” is a personal favorite. Try to install them… I went through four programs before I found one that would actually install. You may have better luck in safe mode, but since I was connected remotely that wasn’t really an option. At this point, it ought to be just a simple update, scan, remove, restart, scan, remove… etc, routine. Don’t forget to delete the placeholder files you created earlier.

Hopefully my experience helps someone… I’ve spent over 6 hours fixing this one computer.

Reply

Larry January 17, 2009 at 8:51 AM

Quick follow-up… I actually spoke too soon in my last post. Although I was able to finally get Spybot S&D installed, and it did remove some spyware, it was unable to remove Spyware Guard 2008.

I ended up finding a random dll called bcadfbaceee.dll or something just by poking around in C:\Windows\System32 and it just didn’t look right. A quick google search revealed nothing, however Panda’s Activescan found it “suspicious.” After a few attempts I was able to delete the file; once it was gone, I was able to install SuperAntiSpyware and that took care of deleting the rest of my infection.

hth, and good luck!

Reply

Mike January 19, 2009 at 7:15 AM

No matter what I do I can not get SAS or MBAM to run, I’ve renamed them several times, redownloaded, renamed them before copying them to the infected computer. I am at my wits end.

Reply

CC January 20, 2009 at 2:25 PM

I tried installing Malwarebytes but even after renaming the file it still wouldnt run, so thanks to Spu above for his advice.

I had to boot into safe mode to get anything to run as the spyware was killing everything (even renamed files)

Combination of the following seems to have worked

TrojanRemover
Malwarebytes
SUPERAntiSpyware
Norton Internet Security
And finally
F-secure online scan just to check

Still scanning and rebooting but it’s been 12 hours now and everything “seems” ok……

Reply

Juan January 21, 2009 at 5:37 AM

I had this problem with the 2009 variant. Unfortunately, it had rendered SuperAntispyware unusable (SuperAntiSpyWare would crash each time I started the program) I had removed all the files and registry entries listed above associated with spywareguard 2009, but it still kept coming back upon restart. My problem was that I couldn’t locate the “trigger” file that re-installs spywareguard. I finally found it hidden, as usual, masquarading as a Windows system file. The file name was svhost.exe and it was stored under c:\documents and settings\All Users\Application Data, c:\documents and settings\All Users\Application Data\Microsft\Internet Explorer\DLL\, c:\documents and settings\All Users\Application Data\Microsoft\Protect, and also a DLL file located in c:\documents and settings\All Users\Application Data\Microsoft\Internet Explorer\DLL (This DLL had the same Created Date as the virulent files mentioned above).

In addition to the registry entries mentioned above, I needed to also clean out the the registry entry that activated the “TRIGGER” file, the SVHOST.EXE. This was cleverly located here:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RUN CTEMON.EXE (instead of ctfmon.exe) and the data in the entry was “c:\documents and settings\All Users\Application Data\svhost.exe”. After deleting this TRIGGER file and its registry entries, I was finally able to begin repairing the Windows installation.

Good luck.

Reply

andersonck January 22, 2009 at 8:07 AM

I have had NO luck with any of the suggestions. I’ve manually removed files, registry entries, created new wincenter and spywareguard files, everything. I was able to load Spybot and update it and ran it again. It is down to finding only one file though, but I still can’t load malwarebytes or SAS. I’ve put them on a flash drive, copied them onto a cd, no luck. I’ve also ran the downloads and then moved the files onto a cd and tried it that way. I’ve renamed the files, etc. I think I’ve tried every suggestion I’ve seen on here but I can’t get it to work.
I did go look for the TDSSser file that someone mentioned but it’s not in the process list.
HELP!!!

Reply

OH January 23, 2009 at 3:34 AM

I edited winscenter.exe using Notepad, it is in windows-system32 — and the winscenter.pf file in windows-prefetch – I edited both of the using Notepad, deleted all the text in them – it worked – SpywareGuard quit bothering me.

Reply

ridinginvegas January 28, 2009 at 9:11 PM

This “Spyware Guard 2008″ has reached a new level of evil.
The manual removal directions all miss files in:
Documents and Settings\All Users\Application Data\Microsoft|Internet Explorer\DLLs\fmwpeqrskv.dll, iemodule.dll, and moduleie.dll [win 32:Fasce]

Just found these 10 min ago.

Reply

Mike February 2, 2009 at 9:20 PM

ATTENTION: THere is an addintional dll file to delete. It is known as the modulie.dll or something among that line. This requires Command Prompt to unregister.
Anyway I just did a system restore so the virus is gone.

Reply

Charlie February 10, 2009 at 4:27 AM

I have tried it all. I even tried to reformat the hard drive. The virus would not allow me to even do that. I am at the end of my patience. Whoever put out this software should spend some YEARS behind bars.

Reply

Tanya February 20, 2009 at 8:01 AM

I have been infected with the Spy-virus and I’m not sure I completely got rid of it. I ran AVG and Malware, and SO FAR they have worked. BUT (this is a big but) my Internet Explorer AND my precious Firefox have gone totally unresponsive. I can not longer get on the Internet with I.E. and Firefox. I am having to use Netscape Browser. My computer is a little slower too when it boots up. The traces of the virus are gone (as far as I can see) but I’m afraid that it permenently damaged my I.E. and Firefox.

Has anyone else had this complication?? Or does anyone else know what I should do??

**ALL ADVICE WOULD BE VERY MUCH APPRECIATED!***

Reply

peppi August 15, 2009 at 1:36 AM

Download Malwarewarebytes it will fix that pesky virus.

I tried Avast, Spybot, Adware 6.0 and even bought SpyZooka based on their guarantee (still no response to my refund request) and nothing worked.
You can view my praise of the product on their website here:
http://www.malwarebytes.org/forums/index.php?showtopic=21663

It works, finally I have my PC back.

Reply

Larry D October 31, 2009 at 4:32 AM

Yeah my sister n law installed this and I took care of it for. It told her it found spyware etc etc. She unfortunately fell for it.

Remove Spyware Guard 2008

Reply

ALison February 28, 2010 at 1:33 AM

Tanya-
I had this same problem too..My Fire FOx did the same thing although it has always still worked..my computer is now slower too. I don’t know how to fix it unfortunatley..

Reply

Edie July 1, 2010 at 4:49 AM

I noticed when I downloaded Malbytes Malware that either it or the thing that kidnapped my browser has it so I can’t google anything. I have to go to my mail site (which still comes up) to search for anything. Also noticed when I used Malware bytes that it does the short scan but for some reason will not complete a full scan – becomes hung up and have to close it after about 30 minutes. It says I have 3 infections but I can’t get to the end to delete them or find out where they are. So far this is the 5th or 6th time I’ve tried the full scan, so hopefully it will finish this time.

Reply

Shanmuga July 1, 2010 at 7:37 AM

Did you try a full scan in safe mode?

Leave a Comment

Previous post:

Next post: