Remove SpywareGuard 2009/2008 (SpyGuard 2009 Removal)

By Frank on Oct 29, 2008 | Reply

Help! I was mislead into downloading spywareguard2008 but have NOT installed the .exe file. Thought I would research it first.
Do I have a problem? Is it as simple as deleting the .exe file?

By yep on Oct 31, 2008 | Reply

yep – that simple

By jm on Dec 9, 2008 | Reply

We have tried everything to remove this and it keeps coming back. When we try to run malware, or other software programs to try to remove this it doesn’t run. It is seemingly getting hijacked by this program. Any other suggestions?
We’ve deleted the files in safe mode, in safe mode at the command prompt, and it still comes back. We’ve deleted the processes, and it just comes right back.

Thanks.

By Denny on Dec 9, 2008 | Reply

OK. I got Spyware Guard 2008 by accident. I followed the above instructions. However, it says that the task manager was disabled by administrator and I believe that I am the only administrator on this computer. How can I get rid of Spyware Guard 2008 easily, without going through all these complicated instructions? thanks very much.

By Candice on Dec 10, 2008 | Reply

I have searched for a physical address for SpyWare Guard 2008.. I contacted a lawyer and he says I have ground for a lawsuit. Can anyone help with an address?

By Jack on Dec 10, 2008 | Reply

Candice, those people who created Spyware Guard 2008 are normally living in Russia or Siberia. It’s almost impossible to file a lawsuit against them unless getting cooperation from those local government. It sucks but that’s the truth.

By bla on Dec 11, 2008 | Reply

so, this is it? will we have to give up our machines and time? will Gates pull us out of this? don’t count on it.

By Mike on Dec 11, 2008 | Reply

It is blocking my computer from going on websites like this? is this normal?

I can’t seem to download any programs that are supposed to go through and remove this program… i will have to call microsoft tomorrow

By Alenzi on Dec 12, 2008 | Reply

Guys..Guys!! restore your system!! that’s is it. It works for me 100%

go:
start/all programs/accessories/system tools/system restore.

and then pick a date before you first had this problem.
easy ha?!
May God Bless The Arabs

By Harsh on Dec 13, 2008 | Reply

Hi,
i am the recent victim of the same. I don’t know how it invaded into my system, and now he don’t want to quit my laptop. I tried manual removal instructions, other Malware removal apps also, But once i restart my computer it comes back again ..
Can anyone help me out hot to get rid of this monster, he is eating up my computer resources .. Any help is highly appriciated.

By James on Dec 13, 2008 | Reply

i will fin d their address for lawsuit. stay tuned.

By adam on Dec 15, 2008 | Reply

any chance we can sue these guys or get them shutdown somehow? I lost 2 days of work due to this crap

By adam on Dec 15, 2008 | Reply

looks like they are from st petersburg russia. Not sure how our government can make those guys behave.

By DS on Dec 15, 2008 | Reply

I tried doing a System Restore but this stupid Spyware thingy seems to have highjacked even the System Restore! There are no longer restore points listed from before this happened. This is just the pits!

By AJ on Dec 15, 2008 | Reply

We’re having the same issue – Malware doesn’t recognize it, neither does PC-cillin. We went through and manually deleted the files, but they regenerated. We tried the system restore but that doesn’t seem to have done anything. Any other ideas?!

By gary on Dec 16, 2008 | Reply

spyware guard 2008 took over my computer. my friend cleaned it for me. he also recommended to get firefox which is safer to surf.

By Josh on Dec 16, 2008 | Reply

Guessing by the surge of posts this month, I take it that this isn’t just a small problem…Same symptoms are occuring for me. I’ve tried deleting the files they recommend deleting, but I actually can’t find the registry location they listed…it doesn’t seem to exist. Same goes for the olesys.dll file; I have no “Application Data” folder. I’ve searched my computer trying to find it with no luck. System restore fails to work. Any anti-spyware programs that others have recommended fail to load. I hope someone finds a legitimate solution to this soon…I’m going to fail my English final exam because of this -.- typing comes to a halt every 3-5 seconds.

By Alenzi on Dec 16, 2008 | Reply

you should reformat your PC

By marcus on Dec 16, 2008 | Reply

egads..tons of people are getting hijacked by this nasty virus..btw system restore wont fix it..it may seem like it but its still running in the back ground…this virus could be designed for identity theft..good thing is some hackers are working on a fix and probably going after the idiot russians that created this monster..

By Jeff on Dec 17, 2008 | Reply

If manually deleting the files and running virus/spyware scans cannot remove it the only way to remove it in its entirety is to format your hard drive. If you dont know how to do this there are plenty of walkthroughs online catered to your specific operating system. The only down side to this is you will los EVERYTHING. Not just the virus. The best sugestion I have is to open in safe mode and transfer any files/documents you do not wish to lose to a USB drive. The entire process should take no more than an hour.

By Brady on Dec 17, 2008 | Reply

Jeff, you’re an idiot. You do NOT have to reformat compleatly! Don’t listen to this guy people. If you are seriously way too computer illiterate to know how to remove this yourself get someone who can. I just fixed a coworkers computer which had this on it- took me 30 mins by following the directions. Learn how to use a computer fool.

By michael on Dec 17, 2008 | Reply

Can someone please help this @#$%ing program has totally screwed up my computer I have tryed all options reformatting is not an option right now
I cant even type this with out problems

By WAR on Dec 17, 2008 | Reply

Yep.. The only way to get rid of this nasty remote admin backdoor trojan is too reformat drive. Its a self replicating virus.

I’ve went back to my origional system when I bought the computer.. But left the old system backed up on the computer in a folder.
The files can still be activated but I’m not taking the chance. Will be backing up my old system off drive. then completely reformating this disk drive..

They dont seem to be effecting my drive now.. But I think in time the remote server will access the files..

This is one nasty trojan.. which has a whole boat load of viruses on board.

Anti Virus programs dont seem to work on this one.

Windows sucks..

By JimmyK on Dec 18, 2008 | Reply

I got some solution, just until someone makes a real working remover.
I made dummy files (0kB size) replacing every known files of this sh… (all in C:\Program Files\Spyware Guard 2008)After that I changed permissions for these files to deny all specially for administrators and system accounts. You have to be fast doing it, killing killing corresponding processes.
Now “virus” can’t activate itself again, doesn’t popups, and it is possible to work normally… but it is still somewhere on the system and needs to be cleaned when it is possible.

By Andrew on Dec 18, 2008 | Reply

Tried going through all the steps of deleting this thing and it was popping up the whole time. I am assuming it is still here. Does someone please have a solution other than reformatting the hard drive? This thing stinks to high heaven!!!!!!

By B on Dec 18, 2008 | Reply

So i delete all of the registry keys i can find on 20 different websites related to this thing, erase all the files, run all of the malware detection programs, and this thing still keeps coming back on restart. i tried all sorts of combinations of these things too, like erasing everything in safe mode, rebooting in normal, erasing whatever’s left, etc. NOTHING WORKS.

By Yort-Nhoj :) on Dec 18, 2008 | Reply

Hey, I’m having this same issue with spywareguard2008 (or 2009, I can’t remember which). Its really mucking everything up on my computer. I just bought MacAfee to help, but it doesn’t even recognize the problem program(did I just waste more money I don’t have?). I’ve been deleting and deleting the spywareguard offline, and I live in the country, so there’s absolutely no wifi around to connect to, but it reinstalls itself. I’ve tried to find its source, but to no avail. I really need help, and this seems like the closest I can get to actual Windows help…
Please give me a reason to thank you in advance
-YN

By Tony on Dec 18, 2008 | Reply

I have encountered this beast as well, I have tried to deleted the file listed above, all I get is message stating that it is in use by another person or program, nor can I restore, also after endind process in task manager it comes right back !!!! PLEASE HELP

By Scott on Dec 19, 2008 | Reply

Hello all,

I’m working on a simple piece of software right now for removing this virus. It will work by having you plug in the correct virus .dll files into a few parameter boxes and it will continuously delete them at a recoil rate of 500 times per second, this virus only regenerates itself at 3 times per minute, so if you do the math, you will see that it removes the software in less then 2 minutes.

I’ll keep everyone posted,

-Scott

(To answer your questions….YES I am a retired hacker/programmer but I’m a good guy now)

By thought_knocker on Dec 19, 2008 | Reply

Goodluck with the lawyer…….
here are the associated websites.
spywareguard2008.com
Porn-movies-online.net
pyroscanner.com
gosg2008.com
Sg8go.com
innovagest2000s.com <—the one he is using for creditcard database

Registrant:
Protect Details, Inc
Domain Manager ()
29 Kompozitorov st.
Saint Petersburg
,194358
RU
Tel. +7.8129342271

Creation Date: 26-Aug-2008
Expiration Date: 26-Aug-2009

Domain servers in listed order:
ns2.spywareguard2008.com
ns1.spywareguard2008.com

By thought_knocker on Dec 19, 2008 | Reply

BTW the website is suspended……. i bet that guy will just create another website in other domains. just wait for further updates….

By Paul on Dec 19, 2008 | Reply

Hi guys, I had the same problem until a couple of hours ago. Took me a while to solve the problem but it seems that is effective.
So:
1. delete the process related with SG2008 using task manager
2. open regedit and search for any entry related with SG2008 using for e.g. “spyware” as key word. Delete everything (key, values, data, key names) and be aware for other names too
2.1. meanwhile the process will restart itself so be sure to kill the process each time it appears.
3. find a restore point prior to infection and restore the system to that point
4. after restart, the SG2008 will be there but don’t go mad normaly the process is not active anymore, delete the folder containing the SG2008 under “Program Files” and delete the desktop shortcut
6. open again the regedit and do the same procedure as mentioned at point 2, this time you should find a single entry. Be patient and search through all registry.
7. run an anti-virus software since there are a bunch of trojans that came with that bloody piece of crap and sh…
I hope it helps. I have to mention that I didn’t run any anti-spyware programs and I recommend not to used them since they are not yet undated.
Good luck!
Paul D.

By Tony on Dec 19, 2008 | Reply

Well Best Buy geek squad stated that I would need to recovery my laptop in order to get rid of this spyware guard, I dont know what to do at this point !! I ran across a spyware remover named cyberdefender has anyone heard of this site (good/Bad)

thanks
Tony

By Kevin on Dec 19, 2008 | Reply

I’m to the point where I have about 45 seconds to lock up. Therefore I can’t get to system restore in time. Does anyone know what processes to halt in task manager? I can open task manager still…

By jack.m on Dec 19, 2008 | Reply

spyware guard 2008 originated from some developed nations. it’s impossible for our laws to take care of them legally. so sad.

By toby on Dec 19, 2008 | Reply

ok well I’ve tried every suggestion on this forum, not ungratefully either, but nothing works. Regedit has been disabled by administrator (me, a.k.a SG2008) haha, deleting the files could work but some of the files never showed up in the search–and I did try variations in file names.

So I guess I’m wondering if reformatting is really my last option. It wouldn’t be the worst option for me, I’d just have to backup some files probably.

By rokawa on Dec 20, 2008 | Reply

I got the same problem since 2 days ago.. i tried everything with every combination using every tools i could get, but yet to successfully kill the bloody fool bustard! I hope those guys who created this stupid crap will burn in hell!!!! the only option left is to format my drive.. but that’s mean i’m surrendering to these devils.. so i’m not going to do that soon.. at least untill a week of fight!!!

am i stupid? what the hell..

By Horizon1619 on Dec 20, 2008 | Reply

Apparent Easy Fix!!

This problem started a few days ago on my parent’s computer. The symptoms were as follows: everytime windows started, the spyguard program would begin scanning with a plethra of additional pop-ups and balloons claiming bogus virus infections; everytime a web-browser would open, more pop-ups from spyguard about protecting my system.

What I tried unsuccesfully:

1) Uninstalling the program from Program Files on the C: drive. It would uninstall only to reinstall shortly after.

2) System Restore: Everytime I tried a system restore, the system couldn’t be restored.

3) Running Microsoft’s Malicious Software Removal Tool: The quick scan did not find any malicious software.

What I tried succesfully:

1) Downloaded Microsoft’s Windows Defender (http://www.microsoft.com/downloads). After scanning the computer with Windows Defender, several files were detected…one of which had the name fake SpyGuard. Windows Defender removed all of the detected files. One extra action I had to take was to continually right click on the spyguard balloon on the task bar and select ‘exit’ in order for the file to be removed (can’t remove files that are open). After all of the detected files were removed, I was prompted to re-boot the computer for the changes to take effect, which I then did. After rebooting,the spyguard windows did not pop-up nor did they pop-up when I loaded my browser. Also the icon did not appear on the task bar. I did notice that the the Spy Guard folder still existed under Program Files; however it did not have an executable in it and I simply deleted the folder. I also deleted the icon from the start menu (all programs). So far, so good.

I hope this helps.

By Reyhan on Dec 20, 2008 | Reply

Hi,
I tried many ways to remove this stupid program. Got very much irritated. it was re-generating itself evry 3mts. Atlast
I restored my system to a previous date before my laptop got infected. Now it seems this program has vanished. I cannot find any traces in registry, program files and sysfiles.
System restore works!
Thanks

By Connie on Dec 20, 2008 | Reply

How can I get rid of Proantispyware 2009 and Spyware Guard 2008. I think my computer has been hijacked.

By nikk on Dec 21, 2008 | Reply

what? spyware guard 2008 is now spyware guard 2009? screw that!!

By Steve on Dec 22, 2008 | Reply

Just got infected by it. Started with the trojan being picked up by Symantec. After numerous ‘catch and deletes’ by my AV, I did a test and turned on my cable modem. Next thing I see is this program up and running on my system without my consent. Also my MS AV panel states that my system is running without an AV so this thing is a pain in the arse.

I can’t believe that Symantec dropped the ball on having a proper tool to both remove the Trojan and protect users from infection. So it seems all the big AV providers are unable to stop this.

The only way your going to get past all this is to boot to dos and pluck out all the files or delete the original files and replace them with dummy 0kb ones that wont work. Then boot to safe mode and remove all registry entries by hand.

By Gretchen on Dec 22, 2008 | Reply

This damn thing got on my computer too and I have NO IDEA HOW! It has made it impossible for me to do a system restore, it blocks any help sites that I try to search for (I am writing this from my work computer!), and it redirects my browswer or pops up an ad every time I think I’m getting somewhere….. It’s absolutely awful. I went and bought a jump drive to get all my photos and important files off of it, and was going to reinstall Windows – but seemingly I can’t do that either now! This is super frustrating! That thing has taken over my computer…. I wonder if calling Microsoft will be any help…?

By Karen on Dec 22, 2008 | Reply

Did you get that fix created? Desperately trying to fix my parents PC.

Thanks

By neilio on Dec 22, 2008 | Reply

the ‘free’ version works..

By Ralph Streeyer on Dec 22, 2008 | Reply

For 4 days I’ve tried various ways to get rid of Spyware Guard 2008. I’m making progress but I must be missing the file that re-writes the .exe files at boot up. After copying all the spy guard files at the dos prompt to a zit instruction and the changing the attributes to read only, only an error message now pops up, still frustrating, I then erased all the registry files I could find. Still at boot up it’s all back, so for now I put my laptop on stand by. Next try is a batch file to do the work on changing the files. The mystery is how it can over write a read only file? Any help?

By Tommy on Dec 23, 2008 | Reply

I hate SpywareGuard 2008!!! It turns my laptop into an useless piece of crap.

By Tom S on Dec 23, 2008 | Reply

p.s.

System Restore would not work for me either!
Trying to access websites that may help with the fix was impossible. Only ended up re-directing me to bogus websites. Trying to delete .dll’s / program files / registry values did not work for me either.

By Josh on Dec 23, 2008 | Reply

Should have nuked russia a long time ago imo.

By Greg on Dec 23, 2008 | Reply

Why doesn’t someone who has worked this thing out leave a step by step guide on removal. I am talking about a successful removal. Windows Defender doesn’t do anything. The system restore does not work. Nothing at this point in time is working.

By slinkies on Dec 23, 2008 | Reply

I tried system restore 3 times … just like trying to access anti-virus sites several times in a row – it freezes & locks my whole computer up … left it for 20 or 30 minutes … had to hard power-down & reboot

By jezz on Dec 23, 2008 | Reply

Wow, this is really annoying. 6 hours I got nowhere. Deleted all files mentioned, came back instantly, I have SpyHunter, It removes, after reboot, everything is back. I’ll tell you a way to fix it, if I ever do.

By Mary on Dec 23, 2008 | Reply

Tag I’m it!

By jezz on Dec 23, 2008 | Reply

If you look at you’re task manager, you’ll notice alot of almost doubles. “Csrssc.exe” and “Csrsc.exe”, the “Csrssc.exe” is bad, and also a “wincenter”, “CCSVCHST.EXE”, and “winloggn.exe.” Another way to tell them apart is User Name System is the real ones, and User Name of your computer name are the spyware guard.

By cramv on Dec 24, 2008 | Reply

Yesterdag I used the instructions of Hijackthis.nl. I smuggled in the program through a stick to remove the junk. Finally after 3 days!!!!!

By Ilir on Dec 24, 2008 | Reply

I managed to remove Spyware Guard 2008 from my machine through a hack or workaround. Despite many attempts to clean this thing I found this to be the most useful at not having this piece of shit come back upon reboot:

1.)As Admin create a Folder titled “Spyware Guard 2008″ on the desktop or at any location on your machine

2.) Fill the folder with NULL values or zero size files named as follows:

quarantine // This is a folder
conf.cfg
mbase.vdb
quarantine.vdb
queue.vdb
spywareguard.exe
uninstall.exe
vbase.vdb

// Note that these file names should be spelled // as listed and are case sensitive. If unsure // about the spelling copy/paste in rename file // from here.

// Time Sensitive going forward

3.) After creating this folder, you need to kill the spywareguard.exe from the process tab of task manager. You should also kill winscenter.exe if it is running

4.) You have about a minute or so to perform the following: delete the following folder c:\Program Files\Spyware Guard 2008

5.) Move the folder you created with NULL values to this location c:\Program Files

6.) You should not notice spywareguard.exe launch again during the duration of the current session.

7.) Proceed to clean the registry as suggested on this page including all .dll and .exe associated with this thing if they exist

8.) DO NOT REMOVE THE DUMMY FOLDER YOU CREATED OTHERWISE THE VIRUS WILL COME BACK!

9.) Reboot the machine it should not pop up or create a desktop icon!

This virus is nasty in that it has somehow hacked or hijacked winscenter.exe a windows process that cannot be screened, removed or repaired. Upon startup you will see the Windows Security Center pop up. I believe that all the start up information of how to bring Spyware Guard back is embedded in one of the files parsed by this crucial process at startup, however, finding this file is a real bitch!

You will be able to get some work done but I also found that when the Spyware Guard tries to restart of recreate itself it will display a message saying: Unable to Write to some memory location, say ok! This is expected because it notices that the DUMMY folder we created is not allowing Read/Write at that memory location.

In order not to see this message you must also kill winscenter.exe from the Task manager.

The virus is not smart enough to check file sizes or compute checksums to verify file legitimacy, due to this hacker error we can apply this workaround!

Hope it helps, worked for me

// Also note that this is not a solution but //merely a workaround to help you get some work //done. The real fix for winscenter.exe I would //would be when the startup file parsed by this
// process is identified, altered or removed

By tjc on Dec 24, 2008 | Reply

ok, another one w. it here, and no idea how. mcafee doesnt even know its there. geesh. my pc is useless at this point. so working on my MAC and hoping to find a useable solution… anyone got one?? and want to share the secret?grrrr,i really dont want or know how to reformat it. tried system restore a few times,etc. HELP!!!!

By screwed on Dec 25, 2008 | Reply

Got me too. Sucks…tried about 9 things..no worky…gonna try the null folders idea. At least you guys make me feel better — misery loves company.

By Gregg B on Dec 25, 2008 | Reply

I am working on a PC with this problem, have tried working on in SAFE MODE and deleted all known files in the Program and Windows Directories, cleaned REG of all referances to SPY GUARD 2008, and cleaned start up files also. Rereplicated itself on the system after all the work I had done, as if I had done nothing. I have some additional info off the internet and info from this Blog. I will test the fixes and then repost with results in a day or two ( AFTER XMAS ). Wish me luck…:)

By pc on Dec 25, 2008 | Reply

Folks, I was hit with SG08 I followed the method above of redoing the folder, replacing it and deleting all the registry files

IT WORKS

The Virus IS GONE.

Now, like he said it will pop the windows sec center back up, you cant stop that…..

BUT THAT F’N VIRUS IS GONE

By Bababoozer on Dec 25, 2008 | Reply

System Restore doesn’t work–there is no date to go back to(virus won’t allow it).
Erasing the dll and exe files doesn’t work because there are 3-4 that WILL NOT let you delete.
Even though I would lose thousands of files, I even tried to reset the factory settings—but THAT doesn’t work either.
I’m not computer illiterate, but I don’t program crap either. Anything working??

By Bababoozer on Dec 25, 2008 | Reply

Apparently the virus deleted or blocked whatever I needed for validation.

By Jasher on Dec 26, 2008 | Reply

Ok, how do I create zero size files? Notepad?

By Gio on Dec 26, 2008 | Reply

Yea i got this cock sucker of a virus today but I am totally computer retarded and dont understand the steps Ilir is talking about. Can some break this down barny style for me?

Thanks

Gio

By Stan on Dec 26, 2008 | Reply

I have this too now after getting rid of prior malware, “MS antispyware 2009″ the day before. It locks me out of regedit also so can’t go in and delete those files and other deletes don’t kill it. Says need administrator permission but I am the admin and sole user. McAfee doesn’t touch it, even corporate version. Registry cleaner software also doesn’t do much either. The fixes assume you can do actions that the virus is preventing so I’m looking at reformat as final option although hate to reload all my software. PS. How does Microsoft handle reinstalling Office etc. now that it does its validation process for updates?

By kak on Dec 26, 2008 | Reply

i have firefox and only use firefox. I have everything blocked including pop-up and even have my cache cleared everytime I close firefox and I still got infected with this program, Spyware Guard 2008. This program is fucked up. If I can afford it I will go to Russia and kick these motherfuckers ass. I would love to burn these motherfuckers and kill their fucking families too. I’m just so fuck’n pissed off right now

By Lee on Dec 26, 2008 | Reply

ILIR, I don’t know who you are, but your a genius. Your plan worked. If you’re a guy, I’d like to buy you a beer, if your a girl I’d like to kiss you(and buy you a beer). I’ve been fighting this S.O.B. for 2 days. It ruined my Christmas.

By Olivia on Dec 26, 2008 | Reply

What a mess….
I tried replacing the Spywareguard 2008 folder, didnt work.
The virus replaced files I created with its own and it keeps popping up.
Tried scanning in safe mode with 3 different antivirus softwares and got to a point where none of them detected anything wrong with my system. As soon as I rebooted, spywareguard launched as usual. I am really disappointed in Symantec for not detecting it in time. I hope they come up with a removal tool soon. I have been trying to get rid of this virus for almost 2 days now and I think I will just reformat and start from scratch.

By Cal on Dec 26, 2008 | Reply

HEY GUYS – ALENZI THE ARAB ON 12/12 WAS RIGHT FOR MY XP.: START/ALL PROGRAMS/ACCESSORIES/SYSTEM TOOLS/SYSTEM RESTORE , GO TO DATE BEFORE YOU HAD PROBLEM – EUREKA !!!

THANKS ALENZI

By jasher on Dec 26, 2008 | Reply

Great. Now I can’t boot to mode. Faaaaaaaarrrrrrrrrrgggggggggg!!!!

By jasher on Dec 26, 2008 | Reply

safe mode

By Redd on Dec 26, 2008 | Reply

Spyware Guard 2008 is worse than I expected. It put my HP laptop into a complete halt. Not responding. Freezed. Reboot then came back with the same problem. I hate Spyware Guard 2008!!!

By Lee on Dec 27, 2008 | Reply

Unfortunatly as excited as I was, you’re right, it came back. The solution does work for a short time, but eventually, the virus will actually replace the entire folder.

In the meantime, I can share some things I’ve discovered.

1) When the service “Security Center” is shut down, the program running in the system tray (shield with an x in it) goes away temporarily.

2) There are scheduled tasks which were created in my system. I’ve deleted them, but not sure what they did.

3) I’ve found .dlls in the \system32 folder which are connected to this virus. I’m not able to delete them, as they are tied to a running program. I’m not sure how to find out which program they are connected too. I find them just by sorting \system32 in descending date order. If I could find the running program, kill it, then I could remove the .dlls

I’m very disappointed that these guys can beat companies like Computer Associates. That doesn’t give me a good feeling about CA’s abilities.

By mr. jim on Dec 27, 2008 | Reply

Just did a system restore and all seems fine.

By Lee on Dec 27, 2008 | Reply

I had to reinstall my OS and it got rid of the Spyguard. I do have a call with a Symantic person so I’ll find out what need to be done and try to document it for this posting. They helped me remove it another time I got it, I think an older version.

By Ed on Dec 27, 2008 | Reply

I got infected with this p-o-s virus. I wish I had read this forum earlier…the fake folder option would of been the bomb, unfort

By Ed on Dec 27, 2008 | Reply

unfortunaltly, my hard drive might be fried…..after trying to remove all the files ( I did this by searching for files created on the date and time, I knew the exact time) and deleated all files…this got rid of a lot of problems, not the virus…..things were shutting down on my computor faster, and with every re-boot, I was losing the battle. My restore, was hi-jacked on the first re-boot as was a lot of programs. Now i may be looking for a hard drive disk..which dell doesn’t seem to send with new computors.

By Ed on Dec 27, 2008 | Reply

BTW, anyone at the point where safe boot won’t work? I can go to boot menu and system on re-boot, but comes up with searching for PDR…..not found” or something…..and thats it

By Baby Daddy on Dec 28, 2008 | Reply

All,

Ilir is a pure F@%king genius. Pay close attention to his instructions posted on the DEC 24 2008, THEY WORK!

My daughters Computer was messed up bad for 3 days due to this stupid ass program. I was more than ready to format the drive. But i decided to look up the problem on this site and i came across Ilir’s instruction and to my disbelief it actually Fix it. Her computer is back and running. Ilir YOU ARE THE FREAKING MAN! ROCK ON! THANK YOU

By Luc on Dec 28, 2008 | Reply

BTW I did safe mode by using “Safemode with networking” instead of regular “Safe mode” – which didn’t work. I also did “safe mode with command” and then typed in explorer, which will show the windows interface.

By Au on Dec 28, 2008 | Reply

100% guaranteed solution:
1)boot in safe mode.
2) remove folders listed in program files referencing to Spywareguard 2008/2009 (make sure the files are deleted in the recycle bin too).
3)check system config utility. uncheck spywareguard 2008/2009 on the start up items and services tab. do not restart yet.
4) look for dll files in c:\windows\system32 that are current, sort files into dates. the most recent refers to malware. if you find the fake windows security center alert or icon, remove it.
5) Open Avenger, copy and paste the dll files and fake wsc c:\windows\system32\winscenter.exe), then execute. check the box that says ’scan for rootkits’. include the full windows folder e.g. c:\windows\system32\DLL files
6) reboot system in normal mode.
7) Good luck!

By ronp on Dec 28, 2008 | Reply

I found a way to get rid of spywareguard2008 but not winscenter.exe..manually deleted this file “svchost” from here

C:\Documents and Settings\All Users\Application Data\Microsoft\Protect\

I created a batch script for my system to delete all the files in one click after i deleted svchost.

You may have to modify it for your system but it should work. the script is below

Note: I used absolute paths due to all systems do not have the same accounts and that is why you will have to modify it to your system.
——————–
echo KILLING SPYWAREGUARD PROCESSES
tskill spywareguard
tskill winscenter

echo CLEANING UP “WINDOWS” DIRECTORY
cd C:\WINDOWS
del /F /S /Q sys.com
del /F /S /Q syscert.exe
del /F /S /Q sysexplorer.exe
del /F /S /Q reged.exe
del /F /S /Q vmreg.dll

echo CLEANING UP “PROGRAM FILES” DIRECTORY
cd %ProgramFiles%
rmdir /s /q “Spyware Guard 2008″

echo CLEANING UP USER PROFILE “PROGRAMS” DIRECTORY
cd %UserProfile%\Start Menu\Programs\
rmdir /s /q “Spyware Guard 2008″

echo CLEANING UP USER PROFILE “INTERNET EXPLORER” DIRECTORY
cd %UserProfile%\Application Data\Microsoft\Internet Explorer\
del /F /S /Q olesys.dll

echo CLEANING UP USER PROFILE “DESKTOP” DIRECTORY
cd %UserProfile%\Desktop\
del /F /S /Q Spyware Guard 2008.lnk

echo CLEANING UP “SYSTEM32″ DIRECTORY
cd C:\WINDOWS\system32
del /F /S /Q winscenter.exe
del /F /S /Q wsc32x.exe

echo CLEANING UP “WINDOWS” DIRECTORY
cd C:\WINDOWS\
del /F /S /Q winscenter.exe
del /F /S /Q wsc32x.exe

echo CLEANING UP “DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\INTERNET EXPLORER” DIRECTORY FOR ALL USERS

echo CLEANING ALL USERS

:All Users
cd C:\Documents and Settings\All Users\Application Data\Microsoft\Internet Explorer
del /F /S /Q olesys.dll
cd C:\Documents and Settings\All Users\Application Data\Microsoft\Internet Explorer\DLLs
del /F /S /Q olesys.dll

:All Users “Protect” Directory
cd C:\Documents and Settings\All Users\application data\microsoft\protect\
del /F /S /Q gfbnrcgvfr.dll
cd C:\Documents and Settings\All Users\application data\microsoft\protect\
del /F /S /Q ie.dll
cd C:\Documents and Settings\All Users\application data\microsoft\protect\
del /F /S /Q qlpygbnqit.dll

:All Users “Internet Explorer\DLLs” Directory
cd C:\Documents and Settings\All Users\Application Data\Microsoft\Internet Explorer\DLLs
del /F /S /Q iemodule.dll
del /F /S /Q cxtskpqynx.dll
del /F /S /Q moduleie.dll
del /F /S /Q xdoeoizbow.dll
del /F /S /Q tcqvrzndns.dll
del /F /S /Q ajapetrkzq.dll
del /F /S /Q jhjqosmxio.dll
del /F /S /Q cclgwzzadh.dll

echo CLEAINING ADMINISTRATOR

:Administrator
cd C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer
del /F /S /Q olesys.dll
cd C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\DLLs
del /F /S /Q olesys.dll

:Administrator “Protect” Directory
cd C:\Documents and Settings\Administrator\application data\microsoft\protect\
del /F /S /Q gfbnrcgvfr.dll
cd C:\Documents and Settings\Administrator\application data\microsoft\protect\
del /F /S /Q ie.dll
cd C:\Documents and Settings\Administrator\application data\microsoft\protect\
del /F /S /Q qlpygbnqit.dll

echo CLEAINING DEFAULT USER

efault User
cd C:\Documents and Settings\Default User\Application Data\Microsoft\Internet Explorer
del /F /S /Q olesys.dll
cd C:\Documents and Settings\Default User\Application Data\Microsoft\Internet Explorer\DLLs
del /F /S /Q olesys.dll

efault User “Protect” Directory
cd C:\Documents and Settings\Default User\application data\microsoft\protect\
del /F /S /Q gfbnrcgvfr.dll
cd C:\Documents and Settings\Default User\application data\microsoft\protect\
del /F /S /Q ie.dll
cd C:\Documents and Settings\Default User\application data\microsoft\protect\
del /F /S /Q qlpygbnqit.dll

echo CLEAINING GUEST

:Guest
cd C:\Documents and Settings\Guest\Application Data\Microsoft\Internet Explorer
del /F /S /Q olesys.dll
cd C:\Documents and Settings\Guest\Application Data\Microsoft\Internet Explorer\DLLs
del /F /S /Q olesys.dll

:Guest User “Protect” Directory
cd C:\Documents and Settings\Guest\application data\microsoft\protect\
del /F /S /Q gfbnrcgvfr.dll
cd C:\Documents and Settings\Guest\application data\microsoft\protect\
del /F /S /Q ie.dll
cd C:\Documents and Settings\Guest\application data\microsoft\protect\
del /F /S /Q qlpygbnqit.dll

echo CLEAINING OWNER

:Owner
cd C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer
del /F /S /Q olesys.dll
cd C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\DLLs
del /F /S /Q olesys.dll

:Owner User “Protect” Directory
cd C:\Documents and Settings\Owner\application data\microsoft\protect\
del /F /S /Q gfbnrcgvfr.dll
cd C:\Documents and Settings\Owner\application data\microsoft\protect\
del /F /S /Q ie.dll
cd C:\Documents and Settings\Owner\application data\microsoft\protect\
del /F /S /Q qlpygbnqit.dll

cd C:\Documents and Settings\All Users\Application Data\Microsoft\Protect
del /F /S /Q svhost.exe
del /F /S /Q svhost*.*

cd C:\Documents and Settings\All Users\Application Data\Microsoft\Internet Explorer\DLLs
del /F /S /Q *.dll

exit

——————————————–
Let me know if this helps anyone…!

By Kapil on Dec 28, 2008 | Reply

God Bless You Ilir….you saved my PC seriously. I really want to treat you, not sure how? Anyways, thanks a ton for your help.

Guys, follow the instructions pasted by Ilir and you will surely get rid of Spyware Guard 2008 !

By rj on Dec 28, 2008 | Reply

How do you create Null Value or Zero Size Files?

By sab on Dec 29, 2008 | Reply

Hi guys,

I want to try Ilir’s instructions, but how do I create a folder as admin, and how do I create null files?? Please help!! Thanks!

By Kapil on Dec 29, 2008 | Reply

Just create a New Text Document.txt and save the file with the names specified in the list. For eg: for the file uninstall.exe, save as the New Text Document.txt as “unistall.exe”. This will create your Null Value or zero size (0 KB) files.

By Kapil on Dec 29, 2008 | Reply

sorry….it was “uninstall.exe”…typo mistake

By Stephanie on Dec 29, 2008 | Reply

F&%$ this virus and the horse it rode in on.

I went away for the holidays to find that my roommate was looking at porn and accidentally downloaded it.

AWESOME.

I’ve still got it… I think I need a witch doctor…. or a young and and old priest. Any help with those?

By kak on Dec 29, 2008 | Reply

you don’t need to look at porn to get this virus. I was updating a video editing program and got it doing that. it’s just horrible. i don’t know how they do it, but if it’s gonna get you it’s gonna get you. that’s why i’m gonna move to Apple permanently now. Fuck this PC shit.

By swptmp on Dec 29, 2008 | Reply

Creating the null files as Ilar suggested fixes half of the problem, but the %windir%\system32\winscenter.exe is not a legitimate file and needs to be removed as well. My AV (Norton) picks up the file and tries to delete it in both normal boot and safe mode but it comes back after a reboot. To isolate the file you will need to stop the winscenter.exe process in task manager, then go the file in Windows Explorer, right click it and choose Properties. Go to the Security tab and remove the everyone group and deny access to System. When you click OK you will get a warning stating no one will have access to the file. Click OK to that and then reboot. The fake Security Center should now be gone.

By sab on Dec 30, 2008 | Reply

Thanks! Will try it out!

By Poy Poy on Dec 30, 2008 | Reply

FREAKING VIRUS TOOK A WEEK OFF MY HOLIWAY!!!
oh and if you look closely, “Spyware Guard 2008″ literally means it guards spyware in your computer.thanks ilir

By scott on Dec 30, 2008 | Reply

this virus is genius. i hate it but holy shit is it good. it wont even let me view this website on the infected computer. i copied the url and pasted it in the address field, the page popped up but it showed no info and said that “i was trying to view something that was not there” it also wont let me open any site that talks about how to remove it, it redirects me to some b.s. sites. wont let me restore, wouldnt let me open search, wont run malware, or search and destroy, its like it knows what im doing!!

By Diana on Dec 31, 2008 | Reply

I would like to join in a class action lawsuit as well.

Why can’t we have legal rights to counter attack all of these annoying and stress inflicting…

Diana Williford. Attempting to remove this has destroyed my New Years Eve.

By Diana on Dec 31, 2008 | Reply

Is there any way for us to locate the physical location of this business within the United States or wherever it is located & I am ready to find a way there & initiate full frontal public demonstrations and more…Help

Where are the attorneys to make $ off of us & this company?

By Diana on Dec 31, 2008 | Reply

Please feel free to contact me via my email address; candidcamel@yahoo.com

By Diana on Dec 31, 2008 | Reply

Oh yes & it is not freaking good—it is freaking EVIL!

By Dyaus on Jan 1, 2009 | Reply

I meant “downloading directly from Microsofts homepage won´t work”…

By sgfree on Jan 1, 2009 | Reply

Just wanted to say that Ilir’s solution (posted on Dec 24, 2008) worked for us as well (even after manually going through teh command prompt and deleting everything and deleting in the registry key as well). It still blocks websites about removing malware, but that’s minor. Our desktop has stopped disappearing and we no longer have any sort of spyware guard 2008 popups or anything running in the system tray. If you want to get on with your life (at least until one of the big virus companies legitimately addresses this), Ilir’s instructions are the way to go! Thanks much and happy new year!

By Hopeful – so far on Jan 2, 2009 | Reply

I thank the bank and my fraud protection, for declining a $30 transaction one evening for a program that claims to promise a clean and clear removal of this damn thing called spyware 2008 (cringing at the mentioning of its name – as if it will pop up at anytime). After reading all the entries I see that the same program I was going to purchase, someone used and had no such luck with. However, for the basic home computer user like myself, who googles everything to learn a new technique, found out I am not about to attempt to try and create a dummy file or enter into a registry log and create more of a mess than I have already encountered with the spyware program. I found success, thus so far, with running Windows Defender and shutting down the spyware program each and everytime it tried to run, allowing the program to be shut down and quarantined./?
It’s only been a few hours and I don’t want to be hasty but normally by now, it has reared its ugly head. Hope this can help anyone.
Keeping my fingers crossed.

By adrock on Jan 3, 2009 | Reply

i was also very keen on killing this bastard and a found a solution that works 100% if you pay attention do the following steps.

1. do the dummy file trick as posted by Ilir
2. remove all stuff that as listed in post from ronp on Dec 28, 2008
3. check system32 dir for several dlls that changed recently. (might be random filenames, mine where entitled kwtemu.dll, ssqnHbby.dll etc.)

4. download and install the tool called “unlocker”. (might do this before as safemode doesnt hurt). the tool is able to close all resources that are locking these dlls.
unlock them and delete the dlls.

5. reboot. worked 100% for me, seems that these dlls somehow hook the explorer and winlogon processes and thus restart the crap all the time!

yes, i know, it is complicated but for an itermediate to export user this should work much faster than reinstalling!

happy removing!

By bob on Jan 5, 2009 | Reply

USE LINUX – VIRUSES DO NOT EXIST.

By Joe on Jan 5, 2009 | Reply

Thanks bob, you jacka$$ – real constructive help there.

By mike on Jan 5, 2009 | Reply

Brady… instead of name calling why don’t you offer some useful information.

By FO00k3r who created on Jan 6, 2009 | Reply

yeah so what if you can’t get it off

By Worked for me on Jan 7, 2009 | Reply

YOU SHOULD PUT YOUR COMPUTER IN SAFE MODE TO DELETE THIS.

By Whoda on Jan 7, 2009 | Reply

Hello Candice, How about giving “us” the laywer’s name and address so he can turn this into a class action suite?

Regards
Whoda

By wunders on Jan 8, 2009 | Reply

Hey guys, I just got hit with the virus tonight. I used almost every method and download as suggested and I have managed thus far to remove it. I think the best option was downloading Windows Defender. I had to use an old hdd to delete some files as I couldn’t access due to the slow response and the rebooting all the time and also used my laptop to surf the net. I tried to delete as much as I could and when I was using the other drive it allowed me to to use my anti virus scanner. Had to use rescue xp disc to get the drive going again – blue screen of death, now all is good. RIH Spy Guard 08…..

By Travis on Jan 8, 2009 | Reply

I agree with wunders, tried everything on here, had to install Windows Defender (Spy Guard kept it from installing initially, had to download a fix from MS for the msi installer). It took two hours to scan my HD, but Windows Defender did find everything infected and removed it. PC working great now!

By Muns on Jan 8, 2009 | Reply

Thanks to the above guys for sugessting Windows defender. Terminated that Bit£h real fast. The Trojan was named Vundo.IB along with FakeSpyguard. Removed quickly enough and im back to business as usual.

Again thanks to the guys above.

By Steve on Jan 9, 2009 | Reply

Candice, I would also be interested in turning this into a class action suite as Whoda suggested, depending on the cost (incase they are not a no win no fee account. lol)

By red on Jan 9, 2009 | Reply

Bob are you retarded Virus Exist in Linux just no as much as windows

By Steve B. on Jan 9, 2009 | Reply

So I think I MAY have found a way to remove the virus. I had (and may still have) SpywareGuard 2009. What I did was I ran windows defender and followed the above steps, constantly deleting the program file folder and ending the processes. Also, make sure to shut down the winscenter.exe process everytime it shows up in the task manager because the spyware file associates with it. In addition to this, in the WINDOWS\Prefetch folder you’ll find RUNDLL files by the bunch from the onset of SpywareGuard along with at least one SpywareGuard file. As long as you keep those deleted, the program files deleted, and the processes (or better yet, the process trees) inactive, Windows Defender will do it’s job. It will detect the spyware and target for removal. After reboot I have not had any problem with SpywareGuard.

I’m sorry this is not a very comprehensive approach, but I just kind of read through this whole page and did what I thought made sense, and it seems to have worked out.

I’ll post at a later date with a status update, to let you know if this is a long-term, short-term, or permanent fix.

By nicole on Jan 11, 2009 | Reply

I have just read through all the comments after being infected last night. I have even moRE OF A HEADACHE now. (excuse me while I agree to continue unprotected @3$#@!!!) Tried all the basic stuff like everyone else to no avail now I guess I will start with windows defender and go from there…my husband made a point,how do we know that even these posts to remove it are legitimate and not putting more crap on our computer?Might just break down and take it to my local computer guy to deal with….

By Kristin on Jan 11, 2009 | Reply

I’ve been infected with Spyware Guard 2009. Sounds like I’m admitting an alcohol problem! Ok, I’ve done the same as Nicole above, I was able to create the dummy folder as Ilir described.. the popup program doesn’t show now. THANKS Ilir! However, I can’t get the DLLs to go away. I get 2 curious errors when I boot now: “Windows-NO DISK” and a window which seems to want to connect online (I’m guessing it’s the same one from their popup program taking us to their purchase site?)

I’ve done all the “work” in SAFE mode… but every time that Safe Mode comes up, it doesn’t give me a desktop and I have to CTRL-SHFT-ESC and RUN Explorer.exe to get the icons back.

I’ve tried using Killbox and Unlocker to get 2 of the DLLs in Windows/System32 to go away. One uses Winlogon.exe and the other Lsass.exe (system processes which lock the DLL files.) Whenever I try to “kill” or “unlock” either of these processes, take for example Unlock > Winlogon – the computer shuts down and reboots. When I try to unlock > Lsass.exe I get a system notice that the system will force-quit and shutdown in x-seconds. There doesn’t seem to be a way around these! HELLLLLP!!!
I’ve scanned thoroughly with AVG, McAfee.. and removed all the files they both find. Curiously, when I run Spybot S&D 1.6 – half way through the scan, a notice pops up and says a reboot is required (this is NOT the normal Spybot notice which comes up upon COMPLETION of the normal scan.) So I can never truly get Spybot to finish scanning.

I think the hacker/programmers have gotten smarter with this version as the methods described here don’t seem to cover these new symptoms.

HELP!!!! Anybody???? What else can we try?

By Shailesh on Jan 11, 2009 | Reply

Solution that worked for me.

In addition to all the files that have been mentioned in the earlier comments this program stores 2 additional sets of files
1. A spyware guard 2008[2].exe file in the Tempory internet files directory (run “dir spyware*.* /s” in your Documents and Settings folder to find it).
2. A bunch of hidden ini and ini2 files. These are basically dlls that are stored as ini (search “dir /ah/o-d *.ini*”) files in your Windows\system32 directory.
Note: I also deleted a few suspicious looking entries in the registry called “Virus remover 2008″ don’t know if those were related but thought I would mentioned if they were part of the whole deal.

Good luck.

By Agnes on Jan 11, 2009 | Reply

Fucken hell, i fucken hate this mother-fucken Spyguard 2009! ><”

i tried everything. I tried registry entries- again won’t work. Even system restore blocked all of the dates. ==”

Anyone have any suggestions?

By Kathie on Jan 11, 2009 | Reply

I got this one too, drove me crazy, tried EVERYthing with not much luck until I finally broke down and bought Spyhunter and Norton 360, after many scans and processes, I finally put spywareguard 2008 exe file into the blocked side of spyhunter. this keeps it from working. It’s under the processes guard tab. Spywareguard still comes up on boot up, but after I get it turned off and then Spyhunter takes over, I have no more problems. My computer runs better than ever for the most part.

By Jrod on Jan 12, 2009 | Reply

The system restore worked perfectly for me.

If you haven’t tried it already its worth a shot.

Seems like it only works for a few people :\.

Good luck to all you people who are still having problems with this frustrating “Spyware Guard”.

By greg olmstead on Jan 12, 2009 | Reply

How come these Russian guys are smarter than our guys. Because our guys don’t give a shit?

By Arvind on Jan 12, 2009 | Reply

I have same problem advice me the best way to remove this programe.

By Tom on Jan 12, 2009 | Reply

Right people listen up.
This is how to stop the annoying pop-ups.
Go to C:\ (or your windows directory) Program files\spyware guard 2009\ spywareguard.exe <<< Zip that in a file.
Rename the file. “spywareguard.exe” it should then grab an icon that looks like the old Windows 98 Windows.
After that. double click it. if it pop-up with a CMD window then goes straight away your good. no pop-ups. But I been told to use a Smitfraud tool. that will remove it. I am going to check if it gets my internet back. I will repost with the results. P.s. I can not get on msn messenger but skype???
Freaky. also DO NOT TYPE AND PRIVATE DETAILS IN SUCH AS PASSWORDS THEY WILL HAVE THEN Get your firewall to block the process spywareguard.exe to access the internet.

Tom!

By Al in Australia on Jan 12, 2009 | Reply

Hi – just a quick note to say, thanks for the assistance with this piece of S#iT malware.

I followed various bits of advice to get rid of the spy gaurd 2009.

my advice – get windows defender if you can – it will stop it working, but to do this delete the program files (chances are they are on your desktop but are hidden so you can’t see them just do a find in windows for “spy*gaurd*”

everytime the winscenter.exe starts up (with the pop-up) close it in the task manager.

run windows defender a few times and delete these files and others it finds, then run spy hunter 3 and delete all the other crap, if you are cheap and don;t want to buy it just use the directory address it gives you and delete it manually yourself.

this all worked for me – thanks again for your various bits of advice

By mad_dog on Jan 12, 2009 | Reply

I am so mad!!! I got spywareguard 2009 not spywareguard 2008. Windows defender sucks. I couldn’t even run it. My computer has become pathetically slow. If I can’t have it fixed, I’ll buy a new Dell but god damn it I can’t afford to spend more $$$. Help!!

By Gecks!! on Jan 13, 2009 | Reply

Note: The file name changes are required because the spyware guard 2009 won’t let them install/run. This is for spyware guard 2009 even though it detects 2008 and 2008/B.

By don on Jan 13, 2009 | Reply

gosh! spyware guard 2009 is such a bitch to remove. i guarantee that there’s no absolute way to delete it completely.

By Alexandra on Jan 14, 2009 | Reply

This is such an aggravating piece of crap! I have no idea how I got it – I went to sleep and my computer was fine and I woke up with a diseased system. I’ve tried absolutely everything – it’s absolute bullshit.

By CVA on Jan 14, 2009 | Reply

Hi All,
My laptop recently got affected by this spyware. I am only able to start my system and later it hangs, no process runs and sometimes even task manager does not works. Please help me out!

By Mal on Jan 15, 2009 | Reply

Got hit with this biotch on Sunday night and have been battling it ever since! I’m trying various methods to get this thing removed but i thought i’d let everyone know that i caught this thing from yahoo! messenger…not sure how but I’ve researched and apparently yahoo! has been having a lot of virus attacks lately so i would avoid yahoo! until you get this virus flushed out of your system.

By jessdoit on Jan 15, 2009 | Reply

I was wondering, What would happen if I change the harddrive completely? I was thinking of upgrading to a bigger drive anyway.

By solo on Jan 15, 2009 | Reply

my computer will not allow me to restore….the only restore point showing is the current date. Is there any way to get rid of this??!!!!

By ic3s on Jan 15, 2009 | Reply

i acctintly downloaded spyware guard 2009 i hope im still trying to figure out how to get rid of this i hope these nerds who made die of aids

By ic3s on Jan 15, 2009 | Reply

i hope someone finds a way to fix this im actully thinking of buying a new computer i cant deal with this doing any work whatso ever stops every 10 secounds from that stupid program saying they found 20 trojans or w/e the heck they say

By ic3s on Jan 15, 2009 | Reply

man freak this im going to try to get rid of this myself if i cant il call tech support in the morning if that doesnt work ill throw this pc out of the window and go to russia and kill those nerds

By ic3s on Jan 15, 2009 | Reply

just call tech support before u throw away your computer (god bless the arabs without them i would have thrown away up to 3 computers

By nwa on Jan 15, 2009 | Reply

Creating the batch file helped, listed by ronp earlier. Then make sure spywareguard related calls are not in msconfig or regristry. I did all the work in safe mode so killing the processes didn’t matter but I left it in the .bat file anyway. So far so good-it hasn’t replicated yet in normal mode! -Thanks!!

By faith tyler on Jan 16, 2009 | Reply

hi, my name is faith and i am having problems keeping your spyware from popping up on my computer constantly! i have spyware already, and i did not look into yours. i don’t know why it is coming up but i need for you to stop it please. i can’t work on computer because it happens about every 2 to3 minutes. i have tried to remove it throgh add/remove, restart computer, nothing seems to get rid of t. this is a big issue, i work from home. please le me know something soon! thankyu for your time, faith tyler

By faith tyler on Jan 16, 2009 | Reply

i ned for you to remove your product from my computer. i never looked into your product, i have spyware. please tell me what to do. i work from home and his is a big issue. natter what i do it won’t go away. i went to add/remove and removed it and restarted my computer. please contact me soon! thank you, faith tyler

By ic3s on Jan 16, 2009 | Reply

omg i just bought a the new mcafee 2009 to see if that will help and im like wth spyware guard 2009 is stopping me from running it! this thing has wasted me 2 days and money i dont have its really pissing me off

By Susanne on Jan 16, 2009 | Reply

Remove Spyware Guard 2008/2009 manually
Another method to remove Spyware Guard 2008 is to manually delete Spyware Guard 2008 files in your system. Detect and remove the following Spyware Guard 2008 files:

Processes

SpywareGuard2008[1].exe
spywareguard.exe
%PROGRAMFILES%\Spyware Guard 2008\spywareguard.exe
%SYSTEMROOT%\system32\wsc32x.exe
wsc32x.exe
winscenter.exe
%SYSTEMROOT%\system32\winscenter.exe
SpywareGuard2008.exe
SpywareGuard2008[2].exe
%PROGRAMFILES%\Spyware Guard 2009\spywareguard.exe
DLLs

%Wind첥\vmreg.dll
%UserProfile%\Application Data\Microsoft\Internet Explorer\olesys.dll
olesys.dll
%ALLUSERSPROFILE%\application data\microsoft\internet explorer\olesys.dll
%ALLUSERSPROFILE%\application data\microsoft\protect\gfbnrcgvfr.dll
%ALLUSERSPROFILE%\application data\microsoft\protect\ie.dll
%ALLUSERSPROFILE%\application data\microsoft\protect\qlpygbnqit.dll
%USERPROFILE%\application data\microsoft\internet explorer\dlls\iemodule.dll
%USERPROFILE%\application data\microsoft\internet explorer\dlls\dnctirxael.dll
%USERPROFILE%\application data\microsoft\internet explorer\dlls\moduleie.dll
%ALLUSERSPROFILE%\application data\microsoft\internet explorer\dlls\iemodule.dll
%ALLUSERSPROFILE%\application data\microsoft\internet explorer\dlls\cxtskpqynx.dll
%ALLUSERSPROFILE%\application data\microsoft\internet explorer\dlls\moduleie.dll
%ALLUSERSPROFILE%\application data\microsoft\internet explorer\dlls\xdoeoizbow.dll
%ALLUSERSPROFILE%\application data\microsoft\internet explorer\dlls\tcqvrzndns.dll
%ALLUSERSPROFILE%\application data\microsoft\internet explorer\dlls\ajapetrkzq.dll
%ALLUSERSPROFILE%\application data\microsoft\internet explorer\dlls\jhjqosmxio.dll
%ALLUSERSPROFILE%\application data\microsoft\internet explorer\dlls\cclgwzzadh.dll
%ALLUSERSPROFILE%\application data\microsoft\internet explorer\dlls\vgcugmtknb.dll
%ALLUSERSPROFILE%\application data\microsoft\internet explorer\dlls\xfoixoeloq.dll
%ALLUSERSPROFILE%\application data\microsoft\internet explorer\dlls\omexpqrvbt.dll
%ALLUSERSPROFILE%\application data\microsoft\internet explorer\dlls\csflndmpof.dll
%ALLUSERSPROFILE%\application data\microsoft\internet explorer\dlls\dkwpsdctxj.dll
%ALLUSERSPROFILE%\application data\microsoft\internet explorer\dlls\zqotakbhik.dll
%ALLUSERSPROFILE%\application data\microsoft\internet explorer\dlls\rqtdlfaorp.dll
%ALLUSERSPROFILE%\application data\microsoft\internet explorer\dlls\qychlykios.dll
%ALLUSERSPROFILE%\application data\microsoft\internet explorer\dlls\akpykdjiau.dll
%ALLUSERSPROFILE%\application data\microsoft\internet explorer\dlls\drhlmmxplk.dll
%ALLUSERSPROFILE%\application data\microsoft\internet explorer\dlls\qrterkocjk.dll
%ALLUSERSPROFILE%\application data\microsoft\internet explorer\dlls\wstdzgcesr.dll
Other Files

%Wind첥\sys.com
%ProgramFiles%\Spyware Guard 2008\
%ProgramFiles%\Spyware Guard 2008\conf.cfg
%ProgramFiles%\Spyware Guard 2008\mbase.vdb
%ProgramFiles%\Spyware Guard 2008\quarantine.vdb
%ProgramFiles%\Spyware Guard 2008\queue.vdb
%ProgramFiles%\Spyware Guard 2008\vbase.vdb
%UserProfile%\Start Menu\Programs\Spyware Guard 2008\Spyware Guard 2008.lnk
%UserProfile%\Start Menu\Programs\Spyware Guard 2008\Uninstall.lnk
%UserProfile%\Start Menu\Programs\Spyware Guard 2008\
%UserProfile%\Desktop\Spyware Guard 2008.lnk
Spyware Guard 2008.lnk
%UserProfile%\Start Menu\Programs\Spyware Guard 2008
%ProgramFiles%\Spyware Guard 2008
Registry Keys

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “SpywareGuard2008″
Spyware Guard
Spyware Guard 2008

ADDITIONAL NOTES – OPEN TASK MANAGER – keep it open and kill the spamguard process when you see it.
START->RUN->REGEDIT (do a edit find and get rid of all spywareguard references – delete)
START->RUN->MSCONFIG (disable all at startup)
START->RUN->C:\ (you need this so you can explore)

This trojan that replicates itself on your computer is embedded the crap in %ALLUSERSPROFILE%\application data\microsoft\internet explorer\dlls\****
You have to kill the explore.exe process (you will loose your desktop at this point.)

Task manager/file/run -> c:\ will let you explore you computer and run thru all the deletes above. Then run the regedit and do the find for all spamguard references.

malwarebytes.org initially cleaned this for me, but it came back and this sucker disables just about every scan I have. They wont launch or it launches and says its clean with the 2009 version.

If you lost your permission for regedit do this!
copy and paste this in a notepad file – save to your desktop as restore_reg.inf and then right click, install.

[Version]
Signature=”$Chicago$”
Provider=Symantec
[DefaultInstall]
AddReg=UnhookRegKey
[UnhookRegKey]
HKLM, Software\CLASSES\batfile\shell\open\command,,,”"”%1″” %*”
HKLM, Software\CLASSES\comfile\shell\open\command,,,”"”%1″” %*”
HKLM, Software\CLASSES\exefile\shell\open\command,,,”"”%1″” %*”
HKLM, Software\CLASSES\piffile\shell\open\command,,,”"”%1″” %*”
HKLM, Software\CLASSES\regfile\shell\open\command,,,”regedit.exe “”%1″”"
HKLM, Software\CLASSES\scrfile\shell\open\command,,,”"”%1″” %*”
HKCU, Software\Microsoft\Windows\CurrentVersion\Policies\System,DisableRegistryTools,0×00000020,0

Good luck

By Danny on Jan 17, 2009 | Reply

Hey guys i got it even thoo i know it might be some where in the system still but all the pop ups stopped and the windows security center pop ups stopped 2 here is what i did

i made up empty folders like ilir said but i made up a few more for each of these files and replaced them one by one insted of just deleting them like it said up there

windows/reged.exe
windows/spoolsystem.exe
windows/sys.com
windows/syscert.exe
windows/sysexplorer.exe
windows/vmreg.dll

i noticed that windows security center also kept poping up, well a copy of it anyways, i found i had 3 different ones in my computer 2 of them fake wich i replaced with empty.exe folders… after that i restarted my computer and nothing else popped up i might have put a stop to this even thoo like i said it still might be in my computer but at least it aint bothering me while i work… thanks to everyone who posted suggestions to this problem and if anyones needs help to get around this prob i would be glad to help just send me an email.

By nicholas on Jan 17, 2009 | Reply

av also tried removing its processes,in the registry, task manager, it still come back. but mcafee seems to have disabled the scanner when i include it in the list of unwanted programs.

By jax on Jan 17, 2009 | Reply

restore system works. Rly. If you want to get rid of it, just restore the computer to the restore point before you got the problem. (Just like Alenzi said.) Good luck

By shutterbug on Jan 17, 2009 | Reply

Thank god I backed up all my photos. Otherwise, spyware guard 2009 would have taken down all the data on my HP. I reloaded the os image and restore all the data as soon as I saw spyware guard 2009. Good luck fighting.

By Erika on Jan 17, 2009 | Reply

I think this only works with 2008 not the new 2009 version. I went through all of these instructions but none of these processes are running, there is nothing in the registry, and I couldn’t find any of those files in the windows registry. I’ve tried in safe mode, viewing all hidden files, etc. I use firefox and it completely hijacked it. I have to view this page by searching in google and looked at a “cached version” it won’t let me visit any websites directly that have to do with removing it. I use spybot search and destroy, and Hijackthis! I’ve never had any problems going into the registry or deleting files it’s always worked for me when I had a problem like this. I don’t know what I’m missing I don’t see anything to remove.

By Martin on Jan 18, 2009 | Reply

I am getting closer. I have used a variety of the tricks described to find and delete/disable offending files and have stopped the pop-ups for the moment but it still controls my browser and replicates a couple hidden files. Even booting in Safe Mode. I also tried to copy files to another disk so I could reformat my disk and was denied.

Note that among its other annoying features, SG changes your security and privacy settings on your browser (cookies set to accept all…)

For what it is worth… some of the tools I used in my hunt include:
The recovery mode booting from my WindowsXP disk.
Boot into Safe mode and operate in the command window after killing explorer.exe (something has replaced or attached itself to the real explorer).
Rename files I that are locked so that they cannot be deleted and replace them with null files.
I also have a second computer nearby to allow me to search the web for answers etc.

Any answers to what takes control of the web browser would be much appreciated.

By Computer Novice on Jan 18, 2009 | Reply

Had spyware guard 2008 issue. Have successfully stopped pop-ups and phony wincenter through above advice of creting phony spyware guard 2008 folder and running windows defender…thanks.
I am still getting redirected if I try to visit any anti-virus site. Also, am unable to uninstall current antivirus program which appears to have been disabled and is no longer providing any protection. Any thoughts? Thanks.

By Jon on Jan 19, 2009 | Reply

Although none of them worked for me, i appreciate the tips everyone posted. This darn thing wouldn’t let me restore, boot in safe mode or anything. I ended up formatting the disk and reinstalling windows. That worked.

By Doo on Jan 19, 2009 | Reply

Why blame russians? It does not matter who created this thing. What matters is that malware has been out there for a year and companies such as Symantec, McAfee, ect. are not doing anything about that. And remember YOU ARE PAYING THEM MONEY for the worthless security suites.

Human’s nature is to always blame someone….

By Lucas on Jan 20, 2009 | Reply

I just got infested by this stupid shit virus. im so fucking pisst off. i cant get rid of it. my avg anti virus scanned it. and but them in quarantaine, but it always come back….

i decided to restart my comp and to system restore it. but when i reopened my comp and click on user, it stays on user name and freeze there.

By Aless on Jan 21, 2009 | Reply

Well Jesus F@#$.
I noticed some odd behavior on my laptops behalf on Sunday (empty windows pop up in IE, despite my not having IE on my system, and very slow) then I hit the mother load! Maybe 5 hours ago my computer gleefully informed me that a new program, albeit Spyware Guard 2009, had been installed.

The bugger hasnt hindered me from looking at help sites, but it has blocked me from downloading any program to clean or wipe its existence. Ive tried a System Restore, and it just gives me the blue screen of death and restarts. Ive done manual deletion as suggested, but again, to no avail.

(Oh goody! SG is offering me their full assistance in clearing my PC of unwanted viruses)

Im heading to Geek Squad tomorrow, hopefully theyve dealt with this before. But at this point, my laptop is virtually useless. Wonderful.

By Aless on Jan 21, 2009 | Reply

I use Google Chrome, perhaps since it’s a little off the beaten path, SG isnt restricting my browser.

I just tried using FF, and its got me completely blocked on that one.

So Id recommend using GC if you dont have an additional computer to find help on.

By Melissa on Jan 21, 2009 | Reply

HELP PLEASE I JUST GOT MY COMPUTER BACK FROM THE SHOP TO GET RAM PUT INTO THIS SUCKER TO GO FASTER AND THIS STUPID CRAP POPS UP AND MAKES IT GO SLOW AGAIN. WHAT DO I DO????

By Jenny on Jan 21, 2009 | Reply

I have the 2009 version, which I think is smarter. I’ve actually gone through and read everyone’s comments on this, and I read Il’s (I forgot his full username) where you replace the file with null files. This stopped the exe of spygaurd from appearing but I still get the popups in ff and it still links me to other pages.

By wilson c. on Jan 22, 2009 | Reply

man spyware guard 2009 sucks big time!

By Ron on Jan 25, 2009 | Reply

Having removed the files I posted earlier, I have had no more popups or regenerations of the SG2008.
Ron

By Adam on Jan 26, 2009 | Reply

For what it’s worth, if it’s blocking websites, usually you can click on the cached link to get into it.

By Targon on Jan 27, 2009 | Reply

The issue I have run into with Spyware Guard 2009 is that it not only blocks the web sites of all known security locations, but trying to download anything will result in it downloading another piece of the infection, NOT what you were trying to download. And to add insult to injury, since most sites don’t have true FTP access, you can’t even use the old command line ftp client to download any tools to try to get rid of this thing.

One thing that may be happening is that the new version comes with a root kit that preempts the normal functioning of Windows, so that you can’t find the process that is causing the problem.

My own suggestion at this point is to use an external hard drive to back up your personal files, e-mail(if you use Outlook, Outlook Express, Windows Live Mail, or whatever), address book, etc, and then wipe the machine clean and then restore your files. Since many infected machines are running Vista and many root kit detectors don’t run under Vista, it makes it very difficult to remove.

By christine on Jan 27, 2009 | Reply

im trying to get rid of the spyware 2009, it will not even allow me to open the internet at all, it comes up then goes down in 30 seconds, what is the easiest way for someone that is not very computer literate to get rid of this

By towrboy on Jan 28, 2009 | Reply

I did a search for all .dll files created since the download first appeared and deleted them. some of these you have to move to your desktop then delete. You will get an unable to delete message on these. After you have deleted or tried to delete the files remove the program from your program files and restart your computer. The files that are on your desktop will then be able to be deleted. hopefully this works for you as it did me.

By Stubbornness Bomb on Jan 30, 2009 | Reply

Hmm.. Well I got a bit of hints. For the lock program, such as SG’08 itself. Just do ‘alt-ctrl-delete’ Kill the process there and it will be unlocked. Second if, AND ONLY IF, you are knowledgeable there is a way to stop it resetting during the current log-in. The way is through ‘alt-ctrl-delete’ Then you need to kill explorer.exe. JUST THE PROCESS NOT PROCESS TREE!!! remember to get back just restart it through the file tab and run. Though I must hint out that it can restart again. Also the run does act as run in the start bar. So far my comp is at the B.S. of D. At the ‘Ca533av.sys’ Looking this up it seem to be a camera prog. Maybe there was an infected pic or something. Don’t worry soon I’ll find a procedure to get rid of this for all comp. Until I do just hang in there.

By JohnK on Feb 1, 2009 | Reply

Found one other fix – didn’t see it posted:

Put the infected PC on your network (make sure that all of you other connected PCs have AV installed & up to date). Share the C drive of the infected PC. On the good PC, map the shared C drive as a drive letter. Reboot the infected PC into safe mode with networking. Now, scan the infected PC from the healthy PC. Takes the evil right out!

By Ray Vaughan on Feb 6, 2009 | Reply

Hi Guys

On the Lawsuit thing, they’re not in Russia. The ICANN data says it, but they’re hosting in California and spoofing a GPS of Kansas. Look up atmlinkinc.com…notice where it goes, using revdns and tracerte for the ip address for the sites. Anyone in Ca should be able to contact SOS office and have them investigate. I’m a Hacker hunter, and I never trust ICANN (you shouldn’t either)

By JARTRAM on Feb 9, 2009 | Reply

Just deny permission to its installation folder, for me it works, try and let me know to jartram@gmail.com

Thanks!

By Bobbi on Mar 26, 2009 | Reply

My mother had this happen, and a coworker. I successfully removed Spyguard 2008 with Hijack This and Avira — hope this helps….

By Johnny on Apr 13, 2009 | Reply

The best way to get rid of this virus is just to wipe your computer. Go buy an external hard drive and keep all your important files on it. Then restore you computer to factory settings. I’ve gotten this virus numerous times and this has always worked. Yes you lose some files but it saves you the hassle of trying everything else on this page and it not working. Also the sooner you do this the easier it is. For XP when windows starts up you hit F10 for system recovery for Vista you need the Vist disc in the computer when you start up to do a system recovery.