Spyware Guard 2008 or 2009 Descriptions:
Spyware Guard 2009, also known as SpywareGuard 2008 or Spy Guard 2009, is new counterfeit anti-spyware software that created to invade yoru privacy and ruin the Internet community. Just like most fake antispywares, Spyware Guard 2008 issues misleading and exaggerated results. Spyware Guard 2008 (or SpywareGuard 2008) usually installed itself onto your PC without your permission, through Vundo Trojan, Virus or fake software. SpywareGuard 2008 (or Spyware Guard 2008) will display fake system alerts or fake security alerts to trick user to buy the paid version of SpywareGuard 2008 or Spyware Guard 2009, in order to remove the potential and reported problems. Not only does it cause your machine to slow down dramatically, it would also put your privacy and data in risk.
Manual Spyware Guard 2008 Removal Instructions:
Stop Spyware Guard 2008 Processes:
(Learn how to do this)
SpywareGuard.exe
syscert.exe
spoolsystem.exe
reged.exe
Find and Delete these Spyware Guard 2008 Files:
(Learn how to do this)
%Windìr%\reged.exe
%Windìr%\spoolsystem.exe
%Windìr%\sys.com
%Windìr%\syscert.exe
%Windìr%\sysexplorer.exe
%Windìr%\vmreg.dll
%UserProfile%\Desktop\Spyware Guard 2008.lnk
%UserProfile%\Start Menu\Programs\Spyware Guard 2008\Spyware Guard 2008.lnk
%UserProfile%\Start Menu\Programs\Spyware Guard 2008\Uninstall.lnk
%ProgramFiles%\Spyware Guard 2008\conf.cfg
%ProgramFiles%\Spyware Guard 2008\mbase.vdb
%ProgramFiles%\Spyware Guard 2008\quarantine.vdb
%ProgramFiles%\Spyware Guard 2008\queue.vdb
%ProgramFiles%\Spyware Guard 2008\spywareguard.exe
%ProgramFiles%\Spyware Guard 2008\uninstall.exe
%ProgramFiles%\Spyware Guard 2008\vbase.vdb
%UserProfile%\Application Data\Microsoft\Internet Explorer\olesys.dll
Remove Spyware Guard 2008 Registry Values:
(Learn how to do this)
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “SpywareGuard2008″
i was also very keen on killing this bastard and a found a solution that works 100% if you pay attention do the following steps.
1. do the dummy file trick as posted by Ilir
2. remove all stuff that as listed in post from ronp on Dec 28, 2008
3. check system32 dir for several dlls that changed recently. (might be random filenames, mine where entitled kwtemu.dll, ssqnHbby.dll etc.)
4. download and install the tool called “unlocker”. (might do this before as safemode doesnt hurt). the tool is able to close all resources that are locking these dlls.
unlock them and delete the dlls.
5. reboot. worked 100% for me, seems that these dlls somehow hook the explorer and winlogon processes and thus restart the crap all the time!
yes, i know, it is complicated but for an itermediate to export user this should work much faster than reinstalling!
happy removing!
USE LINUX – VIRUSES DO NOT EXIST.
Thanks bob, you jacka$$ – real constructive help there.
Brady… instead of name calling why don’t you offer some useful information.
yeah so what if you can’t get it off
YOU SHOULD PUT YOUR COMPUTER IN SAFE MODE TO DELETE THIS.
Hello Candice, How about giving “us” the laywer’s name and address so he can turn this into a class action suite?
Regards
Whoda
Hey guys, I just got hit with the virus tonight. I used almost every method and download as suggested and I have managed thus far to remove it. I think the best option was downloading Windows Defender. I had to use an old hdd to delete some files as I couldn’t access due to the slow response and the rebooting all the time and also used my laptop to surf the net. I tried to delete as much as I could and when I was using the other drive it allowed me to to use my anti virus scanner. Had to use rescue xp disc to get the drive going again – blue screen of death, now all is good. RIH Spy Guard 08…..
I agree with wunders, tried everything on here, had to install Windows Defender (Spy Guard kept it from installing initially, had to download a fix from MS for the msi installer). It took two hours to scan my HD, but Windows Defender did find everything infected and removed it. PC working great now!
Thanks to the above guys for sugessting Windows defender. Terminated that Bit£h real fast. The Trojan was named Vundo.IB along with FakeSpyguard. Removed quickly enough and im back to business as usual.
Again thanks to the guys above.
Candice, I would also be interested in turning this into a class action suite as Whoda suggested, depending on the cost (incase they are not a no win no fee account. lol)
Bob are you retarded Virus Exist in Linux just no as much as windows
So I think I MAY have found a way to remove the virus. I had (and may still have) SpywareGuard 2009. What I did was I ran windows defender and followed the above steps, constantly deleting the program file folder and ending the processes. Also, make sure to shut down the winscenter.exe process everytime it shows up in the task manager because the spyware file associates with it. In addition to this, in the WINDOWS\Prefetch folder you’ll find RUNDLL files by the bunch from the onset of SpywareGuard along with at least one SpywareGuard file. As long as you keep those deleted, the program files deleted, and the processes (or better yet, the process trees) inactive, Windows Defender will do it’s job. It will detect the spyware and target for removal. After reboot I have not had any problem with SpywareGuard.
I’m sorry this is not a very comprehensive approach, but I just kind of read through this whole page and did what I thought made sense, and it seems to have worked out.
I’ll post at a later date with a status update, to let you know if this is a long-term, short-term, or permanent fix.
I have just read through all the comments after being infected last night. I have even moRE OF A HEADACHE now. (excuse me while I agree to continue unprotected @3$#@!!!) Tried all the basic stuff like everyone else to no avail now I guess I will start with windows defender and go from there…my husband made a point,how do we know that even these posts to remove it are legitimate and not putting more crap on our computer?Might just break down and take it to my local computer guy to deal with….
I’ve been infected with Spyware Guard 2009. Sounds like I’m admitting an alcohol problem! Ok, I’ve done the same as Nicole above, I was able to create the dummy folder as Ilir described.. the popup program doesn’t show now. THANKS Ilir! However, I can’t get the DLLs to go away. I get 2 curious errors when I boot now: “Windows-NO DISK” and a window which seems to want to connect online (I’m guessing it’s the same one from their popup program taking us to their purchase site?)
I’ve done all the “work” in SAFE mode… but every time that Safe Mode comes up, it doesn’t give me a desktop and I have to CTRL-SHFT-ESC and RUN Explorer.exe to get the icons back.
I’ve tried using Killbox and Unlocker to get 2 of the DLLs in Windows/System32 to go away. One uses Winlogon.exe and the other Lsass.exe (system processes which lock the DLL files.) Whenever I try to “kill” or “unlock” either of these processes, take for example Unlock > Winlogon – the computer shuts down and reboots. When I try to unlock > Lsass.exe I get a system notice that the system will force-quit and shutdown in x-seconds. There doesn’t seem to be a way around these! HELLLLLP!!!
I’ve scanned thoroughly with AVG, McAfee.. and removed all the files they both find. Curiously, when I run Spybot S&D 1.6 – half way through the scan, a notice pops up and says a reboot is required (this is NOT the normal Spybot notice which comes up upon COMPLETION of the normal scan.) So I can never truly get Spybot to finish scanning.
I think the hacker/programmers have gotten smarter with this version as the methods described here don’t seem to cover these new symptoms.
HELP!!!! Anybody???? What else can we try?
Solution that worked for me.
In addition to all the files that have been mentioned in the earlier comments this program stores 2 additional sets of files
1. A spyware guard 2008[2].exe file in the Tempory internet files directory (run “dir spyware*.* /s” in your Documents and Settings folder to find it).
2. A bunch of hidden ini and ini2 files. These are basically dlls that are stored as ini (search “dir /ah/o-d *.ini*”) files in your Windows\system32 directory.
Note: I also deleted a few suspicious looking entries in the registry called “Virus remover 2008″ don’t know if those were related but thought I would mentioned if they were part of the whole deal.
Good luck.
Fucken hell, i fucken hate this mother-fucken Spyguard 2009! ><”
i tried everything. I tried registry entries- again won’t work. Even system restore blocked all of the dates. ==”
Anyone have any suggestions?
I got this one too, drove me crazy, tried EVERYthing with not much luck until I finally broke down and bought Spyhunter and Norton 360, after many scans and processes, I finally put spywareguard 2008 exe file into the blocked side of spyhunter. this keeps it from working. It’s under the processes guard tab. Spywareguard still comes up on boot up, but after I get it turned off and then Spyhunter takes over, I have no more problems. My computer runs better than ever for the most part.
The system restore worked perfectly for me.
If you haven’t tried it already its worth a shot.
Seems like it only works for a few people :\.
Good luck to all you people who are still having problems with this frustrating “Spyware Guard”.
How come these Russian guys are smarter than our guys. Because our guys don’t give a shit?
I have same problem advice me the best way to remove this programe.
Right people listen up.
This is how to stop the annoying pop-ups.
Go to C:\ (or your windows directory) Program files\spyware guard 2009\ spywareguard.exe <<< Zip that in a file.
Rename the file. “spywareguard.exe” it should then grab an icon that looks like the old Windows 98 Windows.
After that. double click it. if it pop-up with a CMD window then goes straight away your good. no pop-ups. But I been told to use a Smitfraud tool. that will remove it. I am going to check if it gets my internet back. I will repost with the results. P.s. I can not get on msn messenger but skype???
Freaky. also DO NOT TYPE AND PRIVATE DETAILS IN SUCH AS PASSWORDS THEY WILL HAVE THEN Get your firewall to block the process spywareguard.exe to access the internet.
Tom!
Hi – just a quick note to say, thanks for the assistance with this piece of S#iT malware.
I followed various bits of advice to get rid of the spy gaurd 2009.
my advice – get windows defender if you can – it will stop it working, but to do this delete the program files (chances are they are on your desktop but are hidden so you can’t see them just do a find in windows for “spy*gaurd*”
everytime the winscenter.exe starts up (with the pop-up) close it in the task manager.
run windows defender a few times and delete these files and others it finds, then run spy hunter 3 and delete all the other crap, if you are cheap and don;t want to buy it just use the directory address it gives you and delete it manually yourself.
this all worked for me – thanks again for your various bits of advice
I am so mad!!! I got spywareguard 2009 not spywareguard 2008. Windows defender sucks. I couldn’t even run it. My computer has become pathetically slow. If I can’t have it fixed, I’ll buy a new Dell but god damn it I can’t afford to spend more $$$. Help!!
Note: The file name changes are required because the spyware guard 2009 won’t let them install/run. This is for spyware guard 2009 even though it detects 2008 and 2008/B.
gosh! spyware guard 2009 is such a bitch to remove. i guarantee that there’s no absolute way to delete it completely.
This is such an aggravating piece of crap! I have no idea how I got it – I went to sleep and my computer was fine and I woke up with a diseased system. I’ve tried absolutely everything – it’s absolute bullshit.
Hi All,
My laptop recently got affected by this spyware. I am only able to start my system and later it hangs, no process runs and sometimes even task manager does not works. Please help me out!
Got hit with this biotch on Sunday night and have been battling it ever since! I’m trying various methods to get this thing removed but i thought i’d let everyone know that i caught this thing from yahoo! messenger…not sure how but I’ve researched and apparently yahoo! has been having a lot of virus attacks lately so i would avoid yahoo! until you get this virus flushed out of your system.
I was wondering, What would happen if I change the harddrive completely? I was thinking of upgrading to a bigger drive anyway.
my computer will not allow me to restore….the only restore point showing is the current date. Is there any way to get rid of this??!!!!
i acctintly downloaded spyware guard 2009 i hope im still trying to figure out how to get rid of this i hope these nerds who made die of aids
i hope someone finds a way to fix this im actully thinking of buying a new computer i cant deal with this doing any work whatso ever stops every 10 secounds from that stupid program saying they found 20 trojans or w/e the heck they say
man freak this im going to try to get rid of this myself if i cant il call tech support in the morning if that doesnt work ill throw this pc out of the window and go to russia and kill those nerds
just call tech support before u throw away your computer (god bless the arabs without them i would have thrown away up to 3 computers
Creating the batch file helped, listed by ronp earlier. Then make sure spywareguard related calls are not in msconfig or regristry. I did all the work in safe mode so killing the processes didn’t matter but I left it in the .bat file anyway. So far so good-it hasn’t replicated yet in normal mode! -Thanks!!
hi, my name is faith and i am having problems keeping your spyware from popping up on my computer constantly! i have spyware already, and i did not look into yours. i don’t know why it is coming up but i need for you to stop it please. i can’t work on computer because it happens about every 2 to3 minutes. i have tried to remove it throgh add/remove, restart computer, nothing seems to get rid of t. this is a big issue, i work from home. please le me know something soon! thankyu for your time, faith tyler
i ned for you to remove your product from my computer. i never looked into your product, i have spyware. please tell me what to do. i work from home and his is a big issue. natter what i do it won’t go away. i went to add/remove and removed it and restarted my computer. please contact me soon! thank you, faith tyler
omg i just bought a the new mcafee 2009 to see if that will help and im like wth spyware guard 2009 is stopping me from running it! this thing has wasted me 2 days and money i dont have its really pissing me off
Remove Spyware Guard 2008/2009 manually
Another method to remove Spyware Guard 2008 is to manually delete Spyware Guard 2008 files in your system. Detect and remove the following Spyware Guard 2008 files:
Processes
SpywareGuard2008[1].exe
spywareguard.exe
%PROGRAMFILES%\Spyware Guard 2008\spywareguard.exe
%SYSTEMROOT%\system32\wsc32x.exe
wsc32x.exe
winscenter.exe
%SYSTEMROOT%\system32\winscenter.exe
SpywareGuard2008.exe
SpywareGuard2008[2].exe
%PROGRAMFILES%\Spyware Guard 2009\spywareguard.exe
DLLs
%Windì²¥\vmreg.dll
%UserProfile%\Application Data\Microsoft\Internet Explorer\olesys.dll
olesys.dll
%ALLUSERSPROFILE%\application data\microsoft\internet explorer\olesys.dll
%ALLUSERSPROFILE%\application data\microsoft\protect\gfbnrcgvfr.dll
%ALLUSERSPROFILE%\application data\microsoft\protect\ie.dll
%ALLUSERSPROFILE%\application data\microsoft\protect\qlpygbnqit.dll
%USERPROFILE%\application data\microsoft\internet explorer\dlls\iemodule.dll
%USERPROFILE%\application data\microsoft\internet explorer\dlls\dnctirxael.dll
%USERPROFILE%\application data\microsoft\internet explorer\dlls\moduleie.dll
%ALLUSERSPROFILE%\application data\microsoft\internet explorer\dlls\iemodule.dll
%ALLUSERSPROFILE%\application data\microsoft\internet explorer\dlls\cxtskpqynx.dll
%ALLUSERSPROFILE%\application data\microsoft\internet explorer\dlls\moduleie.dll
%ALLUSERSPROFILE%\application data\microsoft\internet explorer\dlls\xdoeoizbow.dll
%ALLUSERSPROFILE%\application data\microsoft\internet explorer\dlls\tcqvrzndns.dll
%ALLUSERSPROFILE%\application data\microsoft\internet explorer\dlls\ajapetrkzq.dll
%ALLUSERSPROFILE%\application data\microsoft\internet explorer\dlls\jhjqosmxio.dll
%ALLUSERSPROFILE%\application data\microsoft\internet explorer\dlls\cclgwzzadh.dll
%ALLUSERSPROFILE%\application data\microsoft\internet explorer\dlls\vgcugmtknb.dll
%ALLUSERSPROFILE%\application data\microsoft\internet explorer\dlls\xfoixoeloq.dll
%ALLUSERSPROFILE%\application data\microsoft\internet explorer\dlls\omexpqrvbt.dll
%ALLUSERSPROFILE%\application data\microsoft\internet explorer\dlls\csflndmpof.dll
%ALLUSERSPROFILE%\application data\microsoft\internet explorer\dlls\dkwpsdctxj.dll
%ALLUSERSPROFILE%\application data\microsoft\internet explorer\dlls\zqotakbhik.dll
%ALLUSERSPROFILE%\application data\microsoft\internet explorer\dlls\rqtdlfaorp.dll
%ALLUSERSPROFILE%\application data\microsoft\internet explorer\dlls\qychlykios.dll
%ALLUSERSPROFILE%\application data\microsoft\internet explorer\dlls\akpykdjiau.dll
%ALLUSERSPROFILE%\application data\microsoft\internet explorer\dlls\drhlmmxplk.dll
%ALLUSERSPROFILE%\application data\microsoft\internet explorer\dlls\qrterkocjk.dll
%ALLUSERSPROFILE%\application data\microsoft\internet explorer\dlls\wstdzgcesr.dll
Other Files
%Windì²¥\sys.com
%ProgramFiles%\Spyware Guard 2008\
%ProgramFiles%\Spyware Guard 2008\conf.cfg
%ProgramFiles%\Spyware Guard 2008\mbase.vdb
%ProgramFiles%\Spyware Guard 2008\quarantine.vdb
%ProgramFiles%\Spyware Guard 2008\queue.vdb
%ProgramFiles%\Spyware Guard 2008\vbase.vdb
%UserProfile%\Start Menu\Programs\Spyware Guard 2008\Spyware Guard 2008.lnk
%UserProfile%\Start Menu\Programs\Spyware Guard 2008\Uninstall.lnk
%UserProfile%\Start Menu\Programs\Spyware Guard 2008\
%UserProfile%\Desktop\Spyware Guard 2008.lnk
Spyware Guard 2008.lnk
%UserProfile%\Start Menu\Programs\Spyware Guard 2008
%ProgramFiles%\Spyware Guard 2008
Registry Keys
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “SpywareGuard2008″
Spyware Guard
Spyware Guard 2008
ADDITIONAL NOTES – OPEN TASK MANAGER – keep it open and kill the spamguard process when you see it.
START->RUN->REGEDIT (do a edit find and get rid of all spywareguard references – delete)
START->RUN->MSCONFIG (disable all at startup)
START->RUN->C:\ (you need this so you can explore)
This trojan that replicates itself on your computer is embedded the crap in %ALLUSERSPROFILE%\application data\microsoft\internet explorer\dlls\****
You have to kill the explore.exe process (you will loose your desktop at this point.)
Task manager/file/run -> c:\ will let you explore you computer and run thru all the deletes above. Then run the regedit and do the find for all spamguard references.
malwarebytes.org initially cleaned this for me, but it came back and this sucker disables just about every scan I have. They wont launch or it launches and says its clean with the 2009 version.
If you lost your permission for regedit do this!
copy and paste this in a notepad file – save to your desktop as restore_reg.inf and then right click, install.
[Version]
Signature=”$Chicago$”
Provider=Symantec
[DefaultInstall]
AddReg=UnhookRegKey
[UnhookRegKey]
HKLM, Software\CLASSES\batfile\shell\open\command,,,”"”%1″” %*”
HKLM, Software\CLASSES\comfile\shell\open\command,,,”"”%1″” %*”
HKLM, Software\CLASSES\exefile\shell\open\command,,,”"”%1″” %*”
HKLM, Software\CLASSES\piffile\shell\open\command,,,”"”%1″” %*”
HKLM, Software\CLASSES\regfile\shell\open\command,,,”regedit.exe “”%1″”"
HKLM, Software\CLASSES\scrfile\shell\open\command,,,”"”%1″” %*”
HKCU, Software\Microsoft\Windows\CurrentVersion\Policies\System,DisableRegistryTools,0×00000020,0
Good luck
Hey guys i got it even thoo i know it might be some where in the system still but all the pop ups stopped and the windows security center pop ups stopped 2 here is what i did
i made up empty folders like ilir said but i made up a few more for each of these files and replaced them one by one insted of just deleting them like it said up there
windows/reged.exe
windows/spoolsystem.exe
windows/sys.com
windows/syscert.exe
windows/sysexplorer.exe
windows/vmreg.dll
i noticed that windows security center also kept poping up, well a copy of it anyways, i found i had 3 different ones in my computer 2 of them fake wich i replaced with empty.exe folders… after that i restarted my computer and nothing else popped up i might have put a stop to this even thoo like i said it still might be in my computer but at least it aint bothering me while i work… thanks to everyone who posted suggestions to this problem and if anyones needs help to get around this prob i would be glad to help just send me an email.
av also tried removing its processes,in the registry, task manager, it still come back. but mcafee seems to have disabled the scanner when i include it in the list of unwanted programs.
restore system works. Rly. If you want to get rid of it, just restore the computer to the restore point before you got the problem. (Just like Alenzi said.) Good luck
Thank god I backed up all my photos. Otherwise, spyware guard 2009 would have taken down all the data on my HP. I reloaded the os image and restore all the data as soon as I saw spyware guard 2009. Good luck fighting.
I think this only works with 2008 not the new 2009 version. I went through all of these instructions but none of these processes are running, there is nothing in the registry, and I couldn’t find any of those files in the windows registry. I’ve tried in safe mode, viewing all hidden files, etc. I use firefox and it completely hijacked it. I have to view this page by searching in google and looked at a “cached version” it won’t let me visit any websites directly that have to do with removing it. I use spybot search and destroy, and Hijackthis! I’ve never had any problems going into the registry or deleting files it’s always worked for me when I had a problem like this. I don’t know what I’m missing I don’t see anything to remove.
I am getting closer. I have used a variety of the tricks described to find and delete/disable offending files and have stopped the pop-ups for the moment but it still controls my browser and replicates a couple hidden files. Even booting in Safe Mode. I also tried to copy files to another disk so I could reformat my disk and was denied.
Note that among its other annoying features, SG changes your security and privacy settings on your browser (cookies set to accept all…)
For what it is worth… some of the tools I used in my hunt include:
The recovery mode booting from my WindowsXP disk.
Boot into Safe mode and operate in the command window after killing explorer.exe (something has replaced or attached itself to the real explorer).
Rename files I that are locked so that they cannot be deleted and replace them with null files.
I also have a second computer nearby to allow me to search the web for answers etc.
Any answers to what takes control of the web browser would be much appreciated.
Had spyware guard 2008 issue. Have successfully stopped pop-ups and phony wincenter through above advice of creting phony spyware guard 2008 folder and running windows defender…thanks.
I am still getting redirected if I try to visit any anti-virus site. Also, am unable to uninstall current antivirus program which appears to have been disabled and is no longer providing any protection. Any thoughts? Thanks.
Although none of them worked for me, i appreciate the tips everyone posted. This darn thing wouldn’t let me restore, boot in safe mode or anything. I ended up formatting the disk and reinstalling windows. That worked.
Why blame russians? It does not matter who created this thing. What matters is that malware has been out there for a year and companies such as Symantec, McAfee, ect. are not doing anything about that. And remember YOU ARE PAYING THEM MONEY for the worthless security suites.
Human’s nature is to always blame someone….
I just got infested by this stupid shit virus. im so fucking pisst off. i cant get rid of it. my avg anti virus scanned it. and but them in quarantaine, but it always come back….
i decided to restart my comp and to system restore it. but when i reopened my comp and click on user, it stays on user name and freeze there.