Remove Spyware Protect 2009/SysGuard.exe (Removal Info)

By peter morrison on Jan 19, 2009 | Reply

i am new user, so i don’t have much to say.

By peter morrison on Jan 19, 2009 | Reply

my pc had been iffected by virus and need antivirus that can remove them.pc type:vista

By nate on Jan 21, 2009 | Reply

don’t let spyware protect 2009 fool you. it’s itself a terrible terrible spyware. it would not protect you. it turns your computer into a piece of useless junk. be careful and don’t let me fool you.

By MJ on Jan 22, 2009 | Reply

I have no ideas how Spyware Protect 2009 program got installed on my PC. It’s ridiculous! I, however, removed it promptly after playing around with the instructions and registry. I hope it doesn’t come back or I would be doomed.

By AHG on Jan 22, 2009 | Reply

Okay, has spyware already gotten smarter, because i can’t find any of the file names on my pc

By Steelers on Jan 22, 2009 | Reply

As far as I know, spyware protect 2009 are like other spywares or viruses, they have variants and change itself. The intention is fairly simple. It just doesn’t want you to get rid of it. Oh, and also, you can’t really delete the bad files until you end the processes in task manager otherwise it would give you a share violation. Safe mode is the way to go.

By Brett on Jan 22, 2009 | Reply

I could not find all the files that listed here. I am confused like hell. Should I buy a iMac? Maybe it’s about time.

By Wolf on Jan 26, 2009 | Reply

It took me over five hours but still no avail. It’s impossible to remove Spyware Protect 2009. What makes this more ridiculous is that I am a computer information system major! this thing sucks!

By Jamie on Jan 26, 2009 | Reply

Wolf, it’s not impossible, just difficult. I’m making headway. Keep at it.

By rayx on Jan 28, 2009 | Reply

spyware protect 2009 sneaked into my computer last nite. no matter what i did. nothing worked. i know i am not computer savvy but i am much better than most people. so frustrated that i couldn’t get it off. i would not go to sleep if i can’t get rid of this bs. to whoever creating this virus, listen, I’ll find you!!!

By richen on Jan 28, 2009 | Reply

spyware protect 2009 sneaked into my computer last nite and my computer keeps poping up alerts of virus and attack message.

Two steps to kill the popup:
1) terminate a process of the name sysguard.exe
2) search your system for the same file and delete it.

By iKILLEmySELF on Jan 29, 2009 | Reply

haya ppl…im infected with spyware protect 2009…since then i can’t use the explorer!
…always appears….http://browser-security.microsoft.com/block.php?r=7.0!!! …what can I do!thx

By Megen on Jan 29, 2009 | Reply

i don’t know what to do. i also got the block on my browser. it also has resricted changing anything on my computer. i searched for the files but i didn’t find anything!

By Susan on Jan 29, 2009 | Reply

I’ve been hit with this thing twice.. the first time it was on Sunday and just recently today it came back! But luckily, I removed it. I hope this doesn’t come back. It’s so annoying removing it each time!!

By joanne on Jan 30, 2009 | Reply

i also have been hit with spyware protect 2009 and not only can i not get online but i can’t even ctrl f11 to reset computer back to original state. if i try to even open any file a big white screen covers the desktop so yoou can’t see anything. at the bottom right corner i have a white box showing bankerfox.a is it too late and should i junk my computer? i also found sysguard.exe when i searched my files but can’t do anything to it.

By Jeff on Jan 31, 2009 | Reply

I went the removal route with several suggested malware and spy removal apps. How do you know if you removed it totally or not?

By DrDelos on Jan 31, 2009 | Reply

I support the death penalty for first offense convicted virus/trojan/hijack writers and users.

By Jerry on Feb 1, 2009 | Reply

This program also installed a taskmanager disabler. So you can’t kill the process…unless there’s another way.

By DataMan on Feb 2, 2009 | Reply

Ctrl+alt+del, look for sysguard.exe stop the process. then search your computer for Sysguard.exe Right click on the name, Press “Open With File” and remove all components and remove it from your Trashcan.. Hope this helped you

By Philipp on Feb 2, 2009 | Reply

It’s easy! Press cntrl alt del, push PROCESS button, than stop sysguard.exe process, after that search sysguard.exe and simply terminate it. He-he-he! ) I’m not an IT guy, I’m a pianist & composer, but I win, dudes ))

Hey, virusmaker! U are a smart boy, but I’m clever ))))

Something tells me, this pal from Russia, as I am…

By jack on Feb 5, 2009 | Reply

I have the same problem – happened a day or so ago – I got rid of sysguard.exe, but IE takes long to load now and I get random popups even when no IE windows are open – plus I have internet shortcuts in my task bar and they didn’t work until this morning – the start menu wouldn’t open at first after I deleted the files – plus I think the virus deleted all my system restore points, so I’m stuck with these popups for now – really really sucks – I haven’t had a virus in probably three years until now.

By Dan on Feb 6, 2009 | Reply

This particular “spyware” program is self-evolving. This means that it may not attach itself to the files listed above. If you can’t find any of the above files that is OK. You can figure out what files it has attached itself to. I say attached because a few of these files are system files and are needed by windows. Look in your windows\Prefetch directory. In the folder should be a file with SYSGUARD somewhere in the name. It will be a .pf file extension and it will be surrounded by numbers and letters so look carefully. Open this file using a text editor. Look through the jarble of code until you come across some english. The english part of the file is the location and file names of files and registry keys the program has modified or created. You may have to seperate the names to make sense of it….They’ll probably be all on one continuous line. Now there you go. Erase any registry keys it points to, and inspect the files it points to. Again some of these are needed by windows! You will have to load up in safe mode-As every one of those files will be running, therefore you won’t be able to delete them. Running the computer in safe mode will allow you deletion access. It is not the ultimate answer, but it’s a start. Just do some snooping and you’ll get rid of it.

By Dan on Feb 6, 2009 | Reply

The tray icon is where you will get most of your popups from. If you press “ctrl + alt + del” and click the processes tab you will find one of two processes running that control the popups. One is “sysguard.exe” and the other is “A_9installer.exe” End the process and the tray icon will dissappear and so will the popups. As far as the virus hijacking Internet Explorer that is a bit more difficult to fix. See the above comment to find out which registry keys to delete. Once they’re deleted, you’ll have control over your browser again. I hope that helps.

By Jen Jamieson on Feb 6, 2009 | Reply

I purchased and used Spyhunter… it’s amazing! no issues at all!

By Dan on Feb 6, 2009 | Reply

i dont have either of those processes running but this bitch of a malware still wont leave me alone! its been like 2 hours so far!

please help

By Dan on Feb 7, 2009 | Reply

Ok so i found the sysgaurd in windows deleted that, then went to bed gotup thing =came back sysgaurd was back, showed up in processes this time. so deleted it there deleted it in windows, downlaoded spyhunter wich keeeeeeeeps saying something about “your hosts file was changed do you want to restore it?” its just listing browser-security.microsoft.com keep pressing restore but it comes back every 5 minutes.

anyways using security taskbar and avg ive managed to find aload of different files n quarantined then fully deleted them.

The virus hided in hidden folders and deleted my folder option tab. Had to go into the registry turn it back on and then do it. Anyways I THINK! its all gone, but i still cant use google chrome and graboid v1.4 which i heard could be a result of malware. soooo anyadvice?

Scanned my computer with avg and security task manager since and they’ve found nothing.

By Maria on Feb 7, 2009 | Reply

Thank you so very much for the great advise removing the SYSGUARD.exe program from the task manager and every other program on my computer by doing a search for the SYSGUARD.EXE name, i restarted my computer and poof it was gone….however, it had also wiped clean my wireless networks, but AT&T helped me get it back up and running. Anyways just wanted to express my shear appreciation for the tips as they saved my sanity.

By Aksi on Feb 8, 2009 | Reply

I did remove sysguard.exe and have got rid of alerts. BUT STILL THERE IS A PROBLEM : am still getting “http://browser-security.microsoft.com/block.php?r=7.0!!!” … mesage in my browser.

Please advise.

Thank you

By lab on Feb 8, 2009 | Reply

I’m just happy to be here

By spyware protect 2009 removal on Feb 9, 2009 | Reply

under no circumstances pay for the spyware protect 2009! you won’t get a refund because it’s a scam :/

By Sarah on Feb 9, 2009 | Reply

This is not working for me!!! But I do have that spyware Hellllppp

By Aga on Feb 10, 2009 | Reply

I am about to do the manual removal of spyware protect 2009 reg key but I am unable to open it using Start>Run>regedit. Is there any other way?

By sean on Feb 14, 2009 | Reply

Thanks for the help. I deleted the sysguard.exe from processes (ctrl, shift, esc) then i searched for it and deleted it. It’s finally gone. No other websites helped me!!

By Rob on Feb 17, 2009 | Reply

I had already loaded Firefox as an alternate browser. It seems that the Spyware Protect 2009 attatches to Explorer although I have noticed incomplete page loading on Firefox.
I will try the sysguard.exe.
Also be aware of XP Police also a very difficult malware

By Brian on Feb 18, 2009 | Reply

I got hit with the Spyware Protect 2009 yesterday but none of the files or process that are mention are running on this computer… i think it has evolved into using a different service and files… not sure

By Omar on Feb 18, 2009 | Reply

TIP: Turn off your internet connection after you either write down or save the above instructions on a document.

Go to Network Connections, and disable any open connections. Then your browser won’t be popping up and lagging your computer all the time.

By cait on Feb 19, 2009 | Reply

this is not working for me, i need help. the files wont work anything. and my task manager was shut off!

By BeauNash on Feb 20, 2009 | Reply

I have had many problems with my two year old pc. Next time I will NOT purchase anything with a Microsoft connection as that is the cause.

By Steve on Feb 20, 2009 | Reply

Stopped the spyware protect 2009 alerts, but can’t regain control of Internet Explorer. Any clues ??

By archie on Feb 22, 2009 | Reply

I just got hit with this thing, I am taking all your advise seriously, I won’t sleep tonight. I hope the FBI high tech Division should look into this, with this economy that we are facing right now, We need our Computers to look for Jobs

By Aarti on Feb 23, 2009 | Reply

I went to the task manager, clicked on processes and “end tasked” sysguard.exe. After that I searched for the file and found it in C:/WINDOWS/Prefetch. Delete this file and then make sure to empty the recycle bin. The Spyware Protect icon has disappeared and I’ve been free of the stupid alerts for a while now. Good luck guys!

By trammy on Feb 24, 2009 | Reply

i found a new file that my computer says it infected it’s called like C:\windows\syssvc.exe but whenever i try to delete it, it freezes my computer. this is so annoying.

By savannah on Feb 24, 2009 | Reply

hi
I got this ugly spyware last night and have been struggling with it eversince. Is it possible to download a anti-virus and install it in my pc to completely remove the spyware protect files.
Please help.

By savannah on Feb 24, 2009 | Reply

I did remove sysguard.exe and have got rid of alerts adn it doesnt come up anymore. Thank you for the advice BUT STILL THERE IS A PROBLEM : am still getting
“http://browser-security.microsoft.com/block.php?r=7.0!!!” … mesage in my browser which disable me to access any internet site. How do I fix that.

Please advise.

Thank you

By JoeSchmoe on Feb 24, 2009 | Reply

I was unable to search for files (PC would reboot), was unable to install applications, and cleaned up everything I could find manually.

I was unable to run Malwarebytes until I changed the compatibility mode on the application to 2000 and turned off advanced text services….not sure which setting did it, but was just something I thought of trying.

It’s now running and scanning. We’ll see what it finds.

By Azree Hanifiah on Feb 24, 2009 | Reply

Stopped the spyware protect 2009 alerts, but can’t regain control of Internet Explorer. Any clues ??

By matt on Feb 25, 2009 | Reply

What should I delete from this list.. I used DAN’s advice and found the text file where sysgaurd is.

D E V I C E \ H A R D D I S K V O L U M E 1 \ W I N D O W S \ S Y S T E M 3 2 \ N T D L L . D L L \
D E V I C E \ H A R D D I S K V O L U M E 1 \ W I N D O W S \ S Y S T E M 3 2 \ K E R N E L 3 2 . D L L
\ D E V I C E \ H A R D D I S K V O L U M E 1 \ W I N D O W S \ S Y S T E M 3 2 \ U N I C O D E . N L S
\ D E V I C E \ H A R D D I S K V O L U M E 1 \ W I N D O W S \ S Y S T E M 3 2 \ L O C A L E . N L S
\ D E V I C E \ H A R D D I S K V O L U M E 1 \ W I N D O W S \ S Y S T E M 3 2 \ S O R T T B L S . N L S
\ D E V I C E \ H A R D D I S K V O L U M E 1 \ W I N D O W S \ S Y S G U A R D . E X E
\ D E V I C E \ H A R D D I S K V O L U M E 1 \ W I N D O W S \ S Y S T E M 3 2 \ U S E R 3 2 . D L L
\ D E V I C E \ H A R D D I S K V O L U M E 1 \ W I N D O W S \ S Y S T E M 3 2 \ G D I 3 2 . D L L
\ D E V I C E \ H A R D D I S K V O L U M E 1 \ W I N D O W S \ S Y S T E M 3 2 \ A D V A P I 3 2 . D L L
\ D E V I C E \ H A R D D I S K V O L U M E 1 \ W I N D O W S \ S Y S T E M 3 2 \ R P C R T 4 . D L L
\ D E V I C E \ H A R D D I S K V O L U M E 1 \ W I N D O W S \ S Y S T E M 3 2 \ S E C U R 3 2 . D L L
\ D E V I C E \ H A R D D I S K V O L U M E 1 \ W I N D O W S \ S Y S T E M 3 2 \ O L E 3 2 . D L L
\ D E V I C E \ H A R D D I S K V O L U M E 1 \ W I N D O W S \ S Y S T E M 3 2 \ M S V C R T . D L L
\ D E V I C E \ H A R D D I S K V O L U M E 1 \ W I N D O W S \ S Y S T E M 3 2 \ C T Y P E . N L S
\ D E V I C E \ H A R D D I S K V O L U M E 1 \ W I N D O W S \ S Y S T E M 3 2 \ S H E L L 3 2 . D L L
\ D E V I C E \ H A R D D I S K V O L U M E 1 \ W I N D O W S \ S Y S T E M 3 2 \ S H L W A P I . D L L
\ D E V I C E \ H A R D D I S K V O L U M E 1 \ W I N D O W S \ W I N S X S \ X 8 6 _ M I C R O S O F T . W I N D O W S . C O M M O N – C O N T R O L S _ 6 5 9 5 B 6 4 1 4 4 C C F 1 D F _ 6 . 0 . 2 6 0 0 . 5 5 1 2 _ X – W W _ 3 5 D 4 C E 8 3 \ C O M C T L 3 2 . D L L
\ D E V I C E \ H A R D D I S K V O L U M E 1 \ W I N D O W S \ W I N D O W S S H E L L . M A N I F E S T
\ D E V I C E \ H A R D D I S K V O L U M E 1 \ W I N D O W S \ S Y S T E M 3 2 \ C O M C T L 3 2 . D L L
\ D E V I C E \ H A R D D I S K V O L U M E 1 \ W I N D O W S \ S Y S T E M 3 2 \ O L E A U T 3 2 . D L L
\ D E V I C E \ H A R D D I S K V O L U M E 1 \ W I N D O W S \ S Y S T E M 3 2 \ S O R T K E Y . N L S
\ D E V I C E \ H A R D D I S K V O L U M E 1 \ W I N D O W S \ S Y S T E M 3 2 \ W S 2 _ 3 2 . D L L
\ D E V I C E \ H A R D D I S K V O L U M E 1 \ W I N D O W S \ S Y S T E M 3 2 \ W S 2 H E L P . D L L
\ D E V I C E \ H A R D D I S K V O L U M E 1 \ W I N D O W S \ S Y S T E M 3 2 \ W I N I N E T . D L L
\ D E V I C E \ H A R D D I S K V O L U M E 1 \ W I N D O W S \ S Y S T E M 3 2 \ C R Y P T 3 2 . D L L
\ D E V I C E \ H A R D D I S K V O L U M E 1 \ W I N D O W S \ S Y S T E M 3 2 \ M S A S N 1 . D L L
\ D E V I C E \ H A R D D I S K V O L U M E 1 \ W I N D O W S \ S Y S T E M 3 2 \ U R L M O N . D L L
\ D E V I C E \ H A R D D I S K V O L U M E 1 \ W I N D O W S \ S Y S T E M 3 2 \ V E R S I O N . D L L ( Ž
\-³NÇ ¸B/8X x \ D E V I C E \ H A R D D I S K V O L U M E 1 # o% 4 ¼º •º ¾ ü ¾( O ¯º ­º Š ½ ¥º ¢¼ º G¼ %¼ ¼ ¼ ` º ñ ž, ) š» Œ» q, È I» K» 6 Î ¾ R_ % † ŸÎ \ D E V I C E \ H A R D D I S K V O L U M E 1 \ & \ D E V I C E \ H A R D D I S K V O L U M E 1 \ P R O G R A M F I L E S \ 7 \ D E V I C E \ H A R D D I S K V O L U M E 1 \ P R O G R A M F I L E S \ A T I T E C H N O L O G I E S \ \ D E V I C E \ H A R D D I S K V O L U M E 1 \ W I N D O W S \ ) \ D E V I C E \ H A R D D I S K V O L U M E 1 \ W I N D O W S \ S Y S T E M 3 2 \ ‘ \ D E V I C E \ H A R D D I S K V O L U M E 1 \ W I N D O W S \ W I N S X S \ z \ D E V I C E \ H A R D D I S K V O L U M E 1 \ W I N D O W S \ W I N S X S \ X 8 6 _ M I C R O S O F T . W I N D O W S . C O M M O N – C O N T R O L S _ 6 5 9 5 B 6 4 1 4 4 C C F 1 D F _ 6 . 0 . 2 6 0 0 . 5 5 1 2 _ X – W W _ 3 5 D 4 C E 8 3 \

By Brian on Feb 27, 2009 | Reply

Caught this overnight, I guess on Firefox. The instructions helped and I’m running malware free for now. Keep fingers crossed. sysguard.exe in the Task Manager gets rid of pop ups. Same search in files will get you the program to kill. Important thing is to do in safe mode. I searched my files in regular mode and it couldn’t find it. Went to safe mode and popped right up. Thanks to all of the users who posted earlier. Good luck, it’s a pain.

By raj on Feb 27, 2009 | Reply

Great Thanks for the help
followed simply 2 steps.

get rid of the pop ups.

By raj on Feb 27, 2009 | Reply

Thanks for the help

followed simple 2 steps
1.open task manager window
2.click process & delete sysguard.exe

By Guru on Feb 27, 2009 | Reply

Thanks everyone.

Deleted the process – sysguard.exe
Deleted the file from C:/windows directory – sysguard.exe

This worked fine.

By Steve O on Feb 28, 2009 | Reply

Reply to Brian:

I searched WIN directory manually, and found easily. Didn’t use safe mode, but had to manually reboot my system.

Will remember in future.

By Jerry on Mar 1, 2009 | Reply

OK… spyware protect 2009 destroyed my dell laptop fully. it’s time to consider a new sleek macbook!

By Rob on Mar 1, 2009 | Reply

Got this stupid trojan this morning.Did the sysguard.exe delete and ran window washer after.Seems to be holding up for now.Thanks for all the help

By Mad Mom on Mar 1, 2009 | Reply

Thank you, Thank you, Thank you!!!!! It worked!

By donna on Mar 2, 2009 | Reply

What worked? How do I get my computer to work again, I am having major problems….

By LR09 on Mar 2, 2009 | Reply

I have searched the registry in both “Safe” mode and “last known good configuration” and I am unable to locate any of the registry values that need to be deleted in the Registry Editor.
Spyware Protect continues to block my internet with error messages. Therefore, I am unable to download the patch.

My only success was in finding and deleting “sysguard.exe” in my processes and “search” files. Then I deleted those files in my recycling bin.

Also, I was unable to locate any of the other 50+files in my Hard Drive search.

By LR09 on Mar 2, 2009 | Reply

“Spyware Protect 2009″ Question. My only success was in finding and deleting “sysguard.exe” in my processes and “search” files. I was not able to locate any of the other 50+files in my searches. I am unable to download the patch because Spyware Protect continues to block my internet with error messages.

Also, I have searched the registry in both “Safe” mode and “last known good configuration ” and have not located any of the registry values that need to be deleted.

By Scott on Mar 3, 2009 | Reply

i found sysguard.exe stopped the process and then deleted the file. all is running great. lets keep our fingers crossed!!!

By Scott on Mar 3, 2009 | Reply

i hope microsoft comes up with a security patch for this

By Kristi on Mar 3, 2009 | Reply

I was able to locate “sysguard.exe” only doing a search in ‘Safe Mode’. After doing that, it doesn’t pop up anymore.

However, I still get the “http://browser-security.microsoft.com/block.php?r=7.0” on my Internet Explorer. I can go online through AOL, but I can’t get anywhere with regular IE on my desktop. Has anyone resolved the latter issue?

By Danny on Mar 3, 2009 | Reply

I was able to stop the pop-ups, but I still get the “http://browser-security.microsoft.com/block.php?r=17.2″ and can’t open any of the anti-spyware/malware programs I have installed. It’s very annoying and it’s really slowing down my Internet; it takes up to an hour for a web page to fully load. Doesn’t anyone know how to fix this?

By Rajat on Mar 5, 2009 | Reply

Thanks everyone! 2 step process really -

Delete the process sysguard.exe
Delete the file sysguard.exe from C:/windows

Now how do I get my browser back ? Any tips ?

By Indie on Mar 5, 2009 | Reply

Haven’t seen this mentioned elsewhere but it also adds an entry to your hosts file for browser-security.microsoft.com which points to to their wensite. It’s done to make you think it’s a recomended microsoft thing. Remove the entry.
195.245.119.131 browser-security.microsoft.com

By Kris on Mar 5, 2009 | Reply

Hello Indie.. How and where can I delete the entry?
Thank you.

By Indie on Mar 5, 2009 | Reply

It also hooks into IE. You need to unregister the helper DLL and remove it from the registry.
C:\WINDOWS\system32>regsvr32.exe /u iehelper.dll
Run HiJackThis and look for the iehelper.dll entry and delete it. Should fix the problem.

By Mike on Mar 6, 2009 | Reply

I’m on XP. If I hit CTRL-Alt-Del, I don’t get a Process tab. I did go to C-windows-Preftech and dumped it.
Still getting the stupid Spyware alert! popup.
Any help?

By Doug on Mar 6, 2009 | Reply

Thanks for the info about the sysguard.exe file! That proved to be the bastard file behind my problems. I typed Ctrl Alt Delete to see the processes currently in action. Then I terminated the sysguard.exe file. Then I searched for it with Windows Search from the start menu. I saw its location and went to get it. It was in the Windows file, but that file has hundreds of folders. Then I got an idea. I right clicked the white background in the folder, and I clicked “arrange icons by” modified. The most recently created files went to the bottom. Then I found the sysguard.exe file and joyfully put it in the recycle bin. I’m about to empty the bin. I restarted my computer. AND NOW THERE’S NO MORE LAME STUFF! For the record, I decided to delete these two files: sysguard.exe and syssvc.exe

I use Mozilla Firefox and Windows XP.

I WISH EVERYONE OUT THERE GOOD LUCK!!!

By Bob on Mar 6, 2009 | Reply

I just recovered my system back about 5 days and so far havent seen any of the problems. Hopefully it stays that way…

By Mike on Mar 6, 2009 | Reply

I’m looking in the WINDOWs folder and I’m not finding anything…help?!

By Mike on Mar 6, 2009 | Reply

Ok nevermind, just found it. It’s next to: syssvs also. And svcho. Should I delete these?

By Brian on Mar 6, 2009 | Reply

Thank-you Indie:

That gave me control of explorer again…

Someone mentioned the death penalty for spyware, I agree.

By ROBERT on Mar 7, 2009 | Reply

TO ANYONE WITH THE SPYWARE2009 VIRUS, HERE’S WHAT YOU SHOULD DO:
1. WHEN YOU BOOT YOUR SYSTEM, PRESS F8 AND RUN IN SAFE MODE.
2. AFTER YOU LOG ON TO ADMINISTRATOR/USER, GO TO THE START BUTTON, CLICK ON SEARCH THEN TYPE (sysguard.exe) SEARCH FOR IT IN LOCAL DISK DRIVE AND ALL OTHER AREAS.. WHEN U FIND IT DRAG IT TO DESKTOP > DELETE note: IF IT DOESNT LET YOU DELETE IT, RENAME IT AND TRY DELETING IT AGAIN. IF IT STILL LET YOU, REBOOT YOU COMPUTER AND RENAME (sysguard.exe) eg. (fhshejs) then delete it.. then empty recycle.. then reboot yur system. i assure you it will be gone.

By ROBERT on Mar 7, 2009 | Reply

if you still have problems with IE. you need to go to search and type (iehelper.dll or iehelper.dll) and delete after u find it!
empty recycle bin and reboot your system..
EVERYTHING SHOULD BE OKAY AFTER!!!
if u still have problems getting online, contact your service provider..for help!

By Graham on Mar 7, 2009 | Reply

I’m still struggling with getting IE to run again. I can see the iehelper.dll file in the directory, but can’t delete it. Any clues?

By Darby on Mar 7, 2009 | Reply

1. Deleting sysguard from the registry using regedit and seachring for it & deleting using the search got rid of the start up prompts.
2. Deleting iehelper.dll from the regstry and searching for it and deleting it got rif of the pesky IE redirection. 3 useless hours of my life gone but never forgotten. Thanks All & Good Luck!

By ava on Mar 7, 2009 | Reply

how do i get this off my computer

By raymond on Mar 7, 2009 | Reply

Tanks, Darby.

Using your “regedit” instruction to find and delete those “sysguard” and “iehelper.dll” files has made my computer working again.

By laura on Mar 8, 2009 | Reply

OK. so yesterday thanks to these great instructions I got that nasty virus off. but now i have new one! and it’s made it so i cannot access my task manager. any other tips???

By ROAN on Mar 8, 2009 | Reply

THANK YOU FOR YOUR HELP THE INSTRUCTIONS YOU GAVE WORKED JUST PERFECTLY.

By webca on Mar 10, 2009 | Reply

IE problem: “http://browser-security.microsoft.com/block.php?r=17.2″

C:\WINDOWS\system32>regsvr32.exe /u iehelper.dll, after that delete iehelper.dll

By Paul on Mar 10, 2009 | Reply

I’m 90% there but still have the problem with IE and want to make sure I understand Indie, Robert and Webca who sound like they know what they are talking about. Do I just search for iehelper.dll and delete or is it more involved

By sa on Mar 10, 2009 | Reply

i can’t restart my m/c with safe mode..it block my regedit option and also task manager…
its like completely helpless…
any suggesstion…

By Kat on Mar 10, 2009 | Reply

This is hopeless! I don’t have the s sysguard file anywhere in my system..they must have gotten smarter and changed the name. I just got this spyware this morning and I can’t get rid of it. I can’t even go online and get any spyware on my computer to get rid of it. Any other suggestions. I’m on my laptop trying to get some help..I’ve done all the suggestions here.

By Aaron Winnell on Mar 10, 2009 | Reply

An employee discovered this nasty application yesterday. I did the following and it appears to have worked:
1. Closed the sysguard.exe process
2. Went to Start>Run and ran msconfig; unclicked sysguard.exe from the Startup list.
3. Searched for and deleted the sysguard.exe file.
4. Searched “sysguard.exe” in the C://WINDOWS/Prefetch directory and deleted it.
5. Searched for and found the iehelper.dll file and deleted it.
6. Made sure my recycling bin was empty.
7. Rebooted

This appears to have removed the application. Someone wasted their own time writing the application, and now I had to waste my time removing it.

By Ada on Mar 10, 2009 | Reply

Thank you very much for the instructions. It was really stressful to have to deal with this for two hours, but it looks like it has been removed for now.

Here is what I did:

1. removed sysguard.exe from task manager window
2. erased sysguard.exe from computer
3. erased iehelper.dll from computer (this last one I had to rename before erasing)

Good luck!

By Paul on Mar 10, 2009 | Reply

I now have IE fixed as well by following Indie’s advice (delete ‘browser-security’ entry from Hosts File)and Robert’s advice (search for iehelper.dll;include system and hidden folders in search; delete or change name of file if you can’t delete). Key to stopping Spyware Protect pop-ups for me was ending ’sysguard.exe’ process in the Task Manager, searching for and deleting files with sysguard in the name, and deleting the registry values (per above instructions in the directories shown) that looked anything like the list of programs shown above plus one extra that was like ’slaryblek’.

By Mike on Mar 10, 2009 | Reply

Hey Paul, where did you go to delete the browser-security file? I can’t find it anywhere?

By RAY on Mar 11, 2009 | Reply

how do you do this?

By Mike on Mar 11, 2009 | Reply

Found this on Wikipedia:

The hosts file is located in different locations in different operating systems and even in different Windows versions:

* Windows NT/2000/XP/2003/Vista/7: %SystemRoot%\system32\drivers\etc\ is the default location, which may be changed. The actual directory is determined by the Registry key \HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\DataBasePath.
* Windows 95/98/Me: %WinDir%\

I’ll have to look when I get home from work, but maybe this will help.

By Viet on Mar 14, 2009 | Reply

How did you remove it? … I can’t find it in my Program lists or anywhere …

By Beth on Mar 15, 2009 | Reply

I got Spyware Protect 2009 and I have followed the instructions by finding and deleting sysguard and iehelper. It seems as though the pop-ups have stopped but now the computer is extremely slow and locking up! Any suggestions would be greatly appreciated!

By KO on Mar 16, 2009 | Reply

Thanks for all the help. I spent 3 hours yesterday trying to rid my father-in-law’s computer of Spy Protect 2009. Thought I had outsmarted it. Found sysguard in the Windows folder. Called up the command prompt and thought I could delete it through DOS, but no luck as it was protected. Then thought I would do a clean install of XP as there was nothing on the hard drive needed. XP couldn’t read the hard drive! I will try the above suggestions and thanks.

By ally on Mar 17, 2009 | Reply

i removed the sysguard.exe and the popup in tray has dissapeared but i don’t know how to “search my computer” to find additional sysguard.exe…where do i look?

I’m so bummed about this- i pay a regular subscrip to mcafee to not have these probs and they tell me i have to pay their virus experts ( starting at $89.95) to remove this guy. help!

By Kevin on Mar 17, 2009 | Reply

I was infested last night using FireFox 2.0 (will be upgrading to 3.0.x shortly )

Not only was sysguard.exe in my taskmgr but also svchost.exe. Normally svchost.exe is a system process that windows runs located out of the C:/WINNT/SYSTEM32 directory. I had an additional svchost.exe located in C:/WINNT/SYSTEM32/DRIVERS directory. I know it was not supposed to be there since I had imaged the drive the day before and was able to refer to it…also, the bogus svchost.exe was created at the same time I was infested.

Needless to say, I deleted both that and sysguard.exe. As others have noted, you should remove it from your registry file as well using regedit. I searched for both the bogus svchost.exe and sysguard.exe.

Hope this helps someone…

By Tracie on Mar 17, 2009 | Reply

HELLO….I got SUCKERED into purchasing Spyware Protect 2009. It cost me $49.95 and then crashed my computer.

Not only am I out that money, but I had to re-boot my computer from scratch.

By ligi on Mar 18, 2009 | Reply

I got ride of Spyware protect using these instructions.
First I tried to delete manualy the files listed in removal instructions above, but I coudn’t find any when searching. Then I searched for sysguard.exe and I found it in WINDOWS. I could not delete it at first.

Then I read here more of your adivices,and I pressed ctrl+shift+esc, found sysguard exe and ended the process. After this I was able to delete it and send it to trash where I deleted it FOREVER. I hope:)

so in Conclusion,

1)search for sysguard.exe
2)press ctrl+shift+esc, look for sysguard.exe, click End process
3)delete sysguard exe and send it to trash, delete it from trash

This was my first time trying to delete a spyware, I am totally unexperienced, and it worked. those who made this spyware, you suck! Too easy.

By ligi on Mar 18, 2009 | Reply

Also you can use SpyHunter to detect the spyware and then remove them manually, YOU DON’T HAVE TO PAY THEM TO REMOVE THEM FOR YOU!

By Huntah on Mar 18, 2009 | Reply

oh my lord, please help after i read your comment i was like YAY! so then,..
svchost.exe SYSTEM
svchost.exe NETWORK SERVICE
svchost.exe SYSTEM
svchost.exe NETWORK SERVICE
svchost.exe LOCAL SERVICE
svchost.exe SYSTEM
which one do i delete?oh please help me

By Huntah on Mar 18, 2009 | Reply

oh kay then i followed instructions from
Aaron Windel about the thing.
heres a step by step process of mine and his
step A:1. press crl+alt+delete
2.go to processes,click “image name” to alphabatize,go to sysguard
3. disable sysguard
4.search sysguard.exe in search
(start>search)
5.search under c drive PLEASE!! make sure its under drive c not program files or any other files.
6.hopefully find it.
7. delete
8.go to recycle bin and your free(woo hoo!)

Step B:1.Close the sysguard.exe process
2. go to Start>Run and ran msconfig; unclicked sysguard.exe from the Startup list.
(note: after you do this it is recommended to restart your computer to save changes!)
3. Searched for and deleted the sysguard.exe file.
4. Searched “sysguard.exe” in the C://WINDOWS/Prefetch directory and deleted it.
5. Searched for and found the iehelper.dll file and deleted it.
6. Made sure my recycling bin was empty.
7. Rebooted
Tactic C:1.search on your own…
hopefully this is a detailed version of what you have to do. the thing that Microsoft has given you should work (helloo….microsoft)
but no dice for me so hopefully this helps anyone in need like me.

By Miles on Mar 19, 2009 | Reply

I couldn’t find anything that said Spyware Protect 2009 in the registry, but I did find a folder called AV Scan.

It contains all of the files listed in this article.

1) Open Registry Editor:
Start > Run > type “regedit” (without the quotes)

2) Delete Registry entry
*Always export the registry to your hard drive as a backup before editing it. (File > Export)
Select HKEY_CURRENTUSER > SOFTWARE > AVSCAN
Right click on the AV Scan folder and select Delete.

Also, you may need to delete the sysguard from the startup programs list. It is found under the HKEY_LOCALMACHINE > Software > Microsoft > Shared Tools > Startupreg

Delete the folder containing the command to launch sysguard at startup. Highlight the folders to see the command lines for the registry entry. If it says sysguard.exe, delete it.

After deleting the files from your hard drive and deleting the registry keys, the virus is now gone for good! Don’t forget to empty your recycle bin!

Thanks for a great article.

By Miles on Mar 19, 2009 | Reply

You can find out the file the program is using by waiting until the real popup window comes up on your desktop and right-clicking over the titlebar at the top of the popup window.

Then select properties

This will give you the name and location of the command file (i.e. C:\WINDOWS\sysguard.exe)

Now that you know the name of the file and location, you can go from there deleting it and eliminating the registry keys associated with it.

Good luck!

By Bob on Mar 19, 2009 | Reply

I’m trying to fix my moms computer, this stupid thing popped up two days ago and won’t let me do anything on there.
And I can’t find thesysguard.exe
What else can I do?

By Katie on Mar 19, 2009 | Reply

I think I love you! I was getting sooo frustrated.. I had found the file that needed deleted, but it kept saying it was in use and I couldn’t figure out how to do it, but I took your advice and now it is gone…WOOHOO

By BT on Mar 20, 2009 | Reply

I did everything you guys said..and it seems to have worked temporarily. After a day..it came back andI deleted again.
Here is a file which you guys may have missed..and it needs to be deleted!!

“mcenspc.dll”

Search for “mcenspc.dll”..it was in my Sytem32 folder along with the iehelper.dll

thanks

By jair on Mar 20, 2009 | Reply

use spy hunter on this website it rocks no problems at all

By Kelley on Mar 21, 2009 | Reply

If you don’t have an anti-virus program such as McAfee on your system, you’re in big trouble with Spyware Protect 2009, because every time the demo comes on, usually while booting, the programs injects programs into your system. Currently, I’m still trying to delete the demo, but everything else works fine. Good luck with this motherf—–!

By Justin on Mar 21, 2009 | Reply

If You Can’t Beat It, Join It!

If you are having pop ups from Spyware, simply look at the popup and open your task manager Look at all applications running at that time. Click on the offending program; it will automatically link you into the processes, and will allow you to stop it right away. Worked for me; hope this helps!

By Nyx on Mar 24, 2009 | Reply

Pardon me for being the one to say so but I know exactly how this program gets in to most peoples computers as someone close to me showed me where went when the program got in to my computer, guys your not going to like this its from certain explicit sites. Now that I have found this place for help I can only hope it works as this is the 4th computer I have had this issue with and the last three did not survive this thing, It is horrible and eventually kills your computer so thank you who ever got this help out here for people, oh and don’t leave messages with the people that created this thing, no one answers.
Simply Disgusted,
Nyx

By Walter on Mar 28, 2009 | Reply

(QOUTE)oh my lord, please help after i read your comment i was like YAY! so then,..
svchost.exe SYSTEM
svchost.exe NETWORK SERVICE
svchost.exe SYSTEM
svchost.exe NETWORK SERVICE
svchost.exe LOCAL SERVICE
svchost.exe SYSTEM
which one do i delete?oh please help me (/QOUTE)

i see these same files in my system tray. Which ones do i need to delete/stop?

By Walter on Mar 28, 2009 | Reply

Well after reading ALL of the advices and doing everything i FINNALLY after 2 hours go rid of this. In my 10 years of using computers this is definetaly the most sick nasty virus ive ever gotten. I apparently got it from an ad that i DID NOT click in bit torrent. To anyone with this virus read and do exactly what everyone above tells you. If done right the virus will be gone in 5min. TY INTERWEBZ.

By Susan on Mar 30, 2009 | Reply

Thank you all so very much for the help on removing this nasty thing! I followed all ur advice and so far it gone!

By Daniels on Mar 30, 2009 | Reply

I can’t imagine if anybody is stupid enough to pay for Spyware Protect 2009. That’s a bad software written by bad guys to try to take your money. If you are rich and you want to spend money, at least pay for a legit tool. Or better yet, send it for charity or me. At least I would say thank you.

By Andrea on Mar 30, 2009 | Reply

It worked, thanks. I opened Window Task Mgr, Processes and deleted sysguard.exe.

By heather on Mar 30, 2009 | Reply

Go to Run type in REGEDIT then F3…it will take you to Runsave. Run should be above this. Click on Run and you should see the file sysguard.exe. highlight and delete it.

By Fred on Mar 31, 2009 | Reply

It is sad that somebody who is an I.T. major in college would spend 5 hours trying to get rid of this virus…when it would only take an hour or 2 to reformat and re-install Windows.

By Dan on Mar 31, 2009 | Reply

well, most of that stuff listed to be deleted was not on my computer. but i stopped process and deleted the registry files. however, something is very interesting:

when this program runs its ‘full system scan’, it looks through a folder that usually has a bunch of service pack related names, with the ‘$’ on both sides of the folder name. so basically its searching through files that it put there itself. hope this helps to find the source of some of this bullsxit

By Bet on Apr 1, 2009 | Reply

Deleted sysguard.exe…can’t find any of the other files in my system…but can’t visit any websites without that damn false wraning page popping up. Help!! I am losing my mind fighting this thing!

By Lili on Apr 1, 2009 | Reply

This thing is trying to kill us all..I am so confused!! I tried the directions above and nothing will come up but i still get those damn pop ups every two minutes..Im pissed

By RIKKU on Apr 1, 2009 | Reply

I have deleted the sysguard.exe file, but there still seems to be a problem with IE. When I visit Google, the text font is larger than usual. When I click on a link in the list of search results, a pop up appears for some ad, rather than taking me directly to the site. Also, a window that says “Internet Explorer has encountered a problem and needs to close” keeps appearing. Finally, the Mozilla Firefox browser often closes unexpectedly.

I am at a loss at how to resolve these issues. Can any of you help?

By Al on Apr 1, 2009 | Reply

I would like to know which svchost.exe files need to be deleted from the tskmngr.
My Internet Explorer links to a fake google. I’m trying to remove the ‘browser-security’ entry from Hosts File.
Hopefully this will work?
I’ve been at this all day!
Can someone post detailed instructions for getting Internet Explorer to work properly again?
Thanks in advance,
Alexandra

By Natasha on Apr 1, 2009 | Reply

SOO frustrating. I’ve reinstalled xp and erased everything because this virus disabled system restore. Still, my internet blocks most sites (even google) except for yahoo. I don’t know what else to do…how can this problem still exist when I erased everything?? Before reinstall, I deleted the listed reg keys…i listed the websites in Host, I deleted all the exe files I could find….This sucks I got the virus early this morning…1am. I don’t know how people stopped it so quickly.

By Allwin on Apr 1, 2009 | Reply

F OFF, Spyware protector..

Dear all, first try finding the location of sysguard.exe possibly (c:\windows\sysguard.exe)

Note the time created and remove all the files modified at that time ,put it in some folder for safety that ur not disturbing the system files b any chance)

I did that and now its fine…

By john on Apr 1, 2009 | Reply

having problems, removed almost everything mentioned still no success

By Natasha on Apr 1, 2009 | Reply

Al I would like to know the same thing. I see 4 svchost.exe files in tskmanager: 2 system users, 1 local, 1 network.

By Denver on Apr 1, 2009 | Reply

Anyone have any luck? Is there any way to get to any other websites w/ this installed? If he can get on the web I can remote into his laptop to fix it. If I can get there maybe I can post on how to get rid of this damn thing… It seems like it is getting on computers that are missing an update to windows or the AV software.

By kina on Apr 2, 2009 | Reply

I am sooo PISSED!!! I got this damn thing last night! I’ve deleted sysguard.exe and I don’t see the icons anymore, now I’m trying to delete the iehelper.dll but it won’t let me…I’ve also gone into my hidden folders and deleted all apps dated yesterday…I even renamed the file of the iehelper.dll to see if I can delete it that way…now I’ve rebooted and was able to delete that file. But now when I restart my PC my dektop is still blank…what did I do wrong and what can I do rather than always opening up task mgr and running explorer.exe…PLS HELP ME!!! This is friken nuts!!!

By thefobinca on Apr 2, 2009 | Reply

hey guys, you’ve probably read all of this, but i did the search and the stupid sysguard file was sitting right in the C:\WINDOWS folder. deleted it and haven’t had any problems (so far.)

so just search and delete, and delete the process fr/ task manager and you should be good.

God Bless

By John on Apr 2, 2009 | Reply

Hi everyone, I’ve been infected by “Spyware Protect 2009,” and was wondering if this spyware/malware/trojan virus had any correlation with the popular “Conflicker” one? Today is April 1st and seemingly is the speculated date for when Conflicker would be activated. Thanks!

By PaulJ on Apr 2, 2009 | Reply

Has anyone from this group purchased this removal tool? Did it actually work? How much was it?

Removal Tool for Spyware Protect 2009

By Wiseman on Apr 2, 2009 | Reply

Thanks to all for the above information, however, I am still running into problems. I, also, have been hit by the 2009 thing and have eliminated most of the files that have been suggested above. My computer is running “fairly” well at the moment and IE does not come up with the “blocked message” anymore. My problem is that I can’t get my spyware software to work (click on it and nothing happens) and when using google, after typing in a search criteria, the screen turns white and nothing happens….any suggestions

By Angela on Apr 2, 2009 | Reply

Does anyone know how to locate all of the above listed files and registry keys?? i can’t find the iehelper.dll either! i got rid of sysguard.exe and cannot find anything related to ’spyware protect 2009′ now. but my pc is nowhere near better yet. i can only work on it in safe mode otherwise my pc sorta shuts down, giving me a blue screen that says there was some kind of internal error and has performed a ‘physical dump’. that can’t be good right? does anyone know if it sounds like i will be able to remove this successfully? or will i have to reinstall everything and start from scratch? this sucks. i miss my facebook. lol

By matt on Apr 3, 2009 | Reply

…have removed the program. all seems well, except…
files saved in ‘my documents’ etc., will not link to and open in respective programs…still able to open the files after opening through the program though.
is this a result of the virus, or something else?
any suggestions?

By steven c on Apr 3, 2009 | Reply

thanks for that it really worked cheers

By Matt on Apr 3, 2009 | Reply

I found that I was infected with spyware protect 2009. Upon finding this site I followed some instructions, pressed control, alt, delete and hit process. I removed sysgaurd, then searched for it under files and folders and removed it. Emptied recycle bend and boom, its gone…..for now.

Hope this helps someone

By Emydidae on Apr 4, 2009 | Reply

Those of you that purchased the bogus Spyware Protection 2009, if you used a credit card your card company will do a chargeback. This will return your purchase price as a credit to your credit card (they’ll take it back from the vendor). The card company will also fine whoever it is that recieves the purchase money. Maybe they can even be found and prosecuted with the credit card company’s help.

To search your registry, click start, run, and type regedit. You can view the files but I would advise that you do not make any changes except with an IT coach.

Which brings me to my problem. I disabled sysguard.exe from Task Manager, then deleted sysguard.exe, SYSGUARD.EXE-0915AC98, and iehelper.dll . This solved the malware software problem and the IE hijaking problem. However, Windows still wants to run the (now nonexistant) program at startup. I unticked the box for sysguard.exe in the startup directory, so Windows continues to run a modified startup. If I re-tick the box will it recognize that the program no longer exists?

Also, symantec advised “Next, the program creates the following registry entry so that it executes whenever Windows starts:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\”sysguard” = “%Windir%\sysguard.exe”
It also creates the following registry subkey:
HKEY_CURRENT_USER\Software\AvScan”
I do not find the first registry entry, but the second one is a folder containing many items, which at a glance appear to match entries on the long list of c:\WINDOWS\[filenames] above. (I could not find them with Windows search even when looking in system and hidden folders.)
Is it safe to delete this entire file from the directory?

Also, my monitor now and then does an awful flickering thing, like it resizes the entire viewing area and sizes it back up, very rapidly, several times while humming. It did not do this before “Spyware Protect 2009″. Is anyone else having this problem and does anyone have suggestions?

By Subba on Apr 4, 2009 | Reply

Thanks for all inputs. This helped removing spyware protect 2009

By vic on Apr 4, 2009 | Reply

That was the most helpful thing ever. You are amazing. I was really hesitant to download anything else, and you saved me from doing that. Thank you so very much!

By stevo on Apr 4, 2009 | Reply

HEY Emydidae,

THANK YOU VERYYYYYYYYY MUCH! Ive had this VIRUS for a week now, tried all the apparent “how to’s” on removing this thing.

This Spyware protect 2009 stopped nearly everything, i couldnt run in safe mode (it stopped my keybord working on startup) i couldnt run cd’s, couldnt access antivirus obviously, couldnt open task mngr half the time, and worst of all 98% of the time i couldnt see any programs on the screen. so it was by luck i was able to open the file browser and access the regedit.

To confirm wat i did to get rid of it.
1.Opened task manager and ended sysguard.exe
2. Opened regedit and deleted HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\”sysguard” = “%Windir%\sysguard.exe”

Thanks again Emydidae for ur great advise. And may the person/people who created Spywareprotect 2009 die a miserable death.

3.Deleted the whole file of avscan : located HKEY_CURRENT_USER\Software\AvScan

By Kelly on Apr 4, 2009 | Reply

To anyone that will help..thank you!

I have started having problems tonight after I was trying to watch a free movie from a random website and then a pop up came up saying “Run time error!” and it closed my internet. didn’t think anything of it until i restarted my computer when it started to get slow like it always does and one of those pop ups came up as soon as i got on with the “Send Error Report/Don’t Send” and it was involving the sysguard.exe program. again, it really didn’t phase me because everything was running normally until i went into IE and tried to sign into myspace. i put in my required info and it gave me another one of those “send or don’t send” pop ups but this time it was saying it had to close just IE. this keeps happening no matter where i try to log in. facebook, twitter, yahoo, anywhere that involves logging in. it seems as though i need sysguard.exe running to do these things? so it’s almost the opposite problem as what this article is explaining? i really dont know. i’ve never had this kind of problem so i’m really confused. sorry if this comment is not warranted on this post, but i’m at a loss! please help!

By Chris on Apr 5, 2009 | Reply

Iv got this stupid thing on my computer. I removed the registry key’s. and the sysguard.exe, however when ever I am using windows explorer after every few folders i click through it launches IE to their web site. any one know how to remove that aspect of it? or how to disable IE…I use fire fox anyways…

By debboe on Apr 5, 2009 | Reply

hey! is there anyone who can help me with this freaking spyware protect 2009 alert, it has disabled my task manager, but i have that goint again, what do i do now. with task manager open is there something i delete ther. thanks in advance for the help

By Michelle on Apr 7, 2009 | Reply

I was hit with the Spyware Protect 2009 malware a few days ago, and kept getting kicked off Firefox/IE Explorer.

Does anyone know if intrusive ads are part of the virus? By intrusive, I mean that sometimes when I access a page from a Google search, the ad will pose as the website I clicked on. Really annoying! Is this further evidence of malware?

Also, my Regedit won’t start.

Acting on one of the above users’ advice, I ran HijackThis and deleted Spyware Protect 2009 from the list.

Does anyone know why this is happening, besides bad karma?

By MZ on Apr 7, 2009 | Reply

This worked! I was getting pop ups every 15 secs from this dang virus but clearing it from the processes and deleting from the directory got rid of it. Thanks.

By Ron on Apr 7, 2009 | Reply

This Spyware Protect virus is a bad mamma-jamma. I used Hijack this and identified four entries in the host folder of the registry, each one was clearly affiliated with Sysguard and/or Spyware. I checked those four boxes, clicked on fix and deleted those four entries.
I restarted, had a little trouble getting it into safe mode. So I aborted the restart by holding down the power button, that let the system know there was a problem in startup and let me enter safe mode. Then I logged on as administrator, located the iehelper.dll file and successfully deleted it.
System seems to be working fine now. Thanks to all of you who have provided some excellent information on this forum. I teach English at a university, and you made it so I could do this on my own. Thanks!

By Jack on Apr 8, 2009 | Reply

I’m sick and tired of these programs that say they will help you remove this malacious software, and then say you must pay them before they will remove it. I’m absolutely disgusted at the greed. Your computer is infected and nobody will even help you without getting your money.

Screw this. I’m scrapping this computer and getting a new one.

By Mandi on Apr 9, 2009 | Reply

I ended the process sysguard.exe using Task Manager, then used the ’search’ tool to find any files containing sysguard.exe. I deleted both of these, then promptly deleted them both from the Recycle Bin. I restarted – there are no more alerts popping up and the icon that had affixed itself in my bottom toolbar is gone now. Anyone know if this could be lurking somewhere else now? I deleted it within a couple hours of its making its appearance on my PC and am hoping it’s gone forever. Why didn’t my anti-virus (which includes anti-spyware) pick up on this?

By Reid on Apr 9, 2009 | Reply

If you are in browser-security.microsoft.com hell, you can at least browse if you set your IE security level to the highest level. Not that you can download.

What was really funny about all this is that the bogus Microsoft address had a php in it!

By B. on Apr 9, 2009 | Reply

People, listen up. Be very careful when looking for videos on unchartered and unknown websites.
I went to look for a specific video that YouTube didn’t have and I clicked on this video and nothing happened, then that was when my PC started becoming slower for the moment and I couldn’t do anything but wait for the browser to clear up again. Then SpyBot informed me about a value change in my system and mentioned the file “sysguard.exe”, which prompted me to research the file. Soon after Spyware Protector popped up on my taskbar and started scanned as soon as I clicked the icon.
I had tried most of the suggestions here, like deleting iehelper.dll, sysguard.exe from the folder and task manager and the icon STILL remained. I finally decided to do a system restore to 2 days in the past. (I realized that the icons of the files in my recycle bin started looking funny).
The virus is completely gone, thank goodness. I guess the virus had all these files all over the place, besides the ones I deleted.

By SOCOM on Apr 9, 2009 | Reply

Its a tricky bastard. I can’t even find any Reg records of this bs protect in my reg….

By Joe on Apr 9, 2009 | Reply

I deleted the sysguard.exe, but can’t find any of the other files people are talking about. Perhaps it’s because I only use Mozilla? But..my main question…I deleted the sysguard.exe and the popups quit (Hoo-rah!), but I can’t get access to my task manager still…help?

By Lisa on Apr 9, 2009 | Reply

Hi all-
Like many, I was able to get rid of the popups via deletion of sysguard but IE is still hijacked.
I found iehelper.dll in my system 32 folder but when I try to delete, it tells me ‘access denied’ make sure disk is not full or in use.
Anyone have this happen & what did you do to fix it? I don’t have hijack this but am willing to download if it is free. Otherwise will have to take the computer into work to have them reformat . Ugh.

By Fernando on Apr 9, 2009 | Reply

I tried to delete iehelper.dll, but it tells me ‘access denied’ , what I do was to kill the “explorer” process , and run it again. After that I was able to delete that file.

By Arika on Apr 9, 2009 | Reply

I’ve looked in my task manager multiple times under processes and can’t find anything even remotely similar to “sysguard”
The program used to be in my tray and randomly disappeared. My computer can’t find any of the files listed to delete or anything in the task managers processes. argh what now that it’s invisible? Buy a new hard drive?

By lisa on Apr 9, 2009 | Reply

Please tell me how to delete iehelper.dll.I found it in system32 and tried to delete it but is says access denied or something like that. PLSSSSS HELP…….

By Scott on Apr 10, 2009 | Reply

Okay, I had this SOB show up on the 8th. Followed to steps to get sysguard of my computer and thought it did the trick but it came back.

Finally I got rid of it (I think) last night.

Should your computer be functional this might work:

1) Unplug your internet connection or disable wireless

2) Go to task mgr and stop running sysguard, then stop the process

3) Go to your C:\WINDOWS and delete the sysguard and the one underneath it. Empty recycle right away. This should temporarily stop the messages

4) run>regedit

HKEY_CURRENTUSER>SOFTWARE>AVSCAN

You’ll find all of the files at the top of this page there. delete

5) The last part was the bugger. That was getting rid of iehelper.dll. I was able to do this as an administrator in safe mode. While I was at it. I made a new user with full entitlements. Its in Windows/System32

6) I went back into regular mode and downloaded malwarebytes (I wasn’t able to download anything off the web with the virus)
57 files came back infected, q’d and removed.

I know nothing about computers but I fished around followed the steps and I think I nailed it. We shall see.

By Matt on Apr 11, 2009 | Reply

Everyone, follow Scott’s procedures to a tee – I did, and now my computer is running properly.

Scott, thanks very much – you are the man.

By Christine on Apr 13, 2009 | Reply

I did the good ol Task Manager “End Process” thing. And then I went on to “search” found sysguard.exe, deleted it, and then when I deleted it in the recycling bin, after I deleted some unrelated documents, it said “delete 11 files from recycling bin?” and of course I said yes. And hopefully, because I ended up “emptying recycling bin” twice, that this problem won’t come back. My internet is still laggy, and a few days ago, when I was trying to click the mouse buttons I had to click things several times. Hopefully THAT problem was connected and won’t happen again. And then, AOL has some critical thing going on…that pop-up is fine, it comes up ever 5-10 minutes…not every 5-10 seconds! I hope my computer’s better now!

By troy on Apr 14, 2009 | Reply

tried everything from above, when i shut it down and restart everything is back

By David on Apr 14, 2009 | Reply

hey guys, I just prefer ctrl-alt-del, end “sysguard-exe.” or whatever, and search it up and DELETE IT!!!

By Tony on Apr 14, 2009 | Reply

My wifes computer became infected with this virus. I killed the sysguard process in taskmanager, deleted the file, and in general followed Scotts instructions and it has seemed to work. Thanks Scott!

By John on Apr 14, 2009 | Reply

That worked for me!! I didnt find any iehelpers in hijackthis, but I was able to get to the Microsoft update website! Thanks!

By Perkie on Apr 15, 2009 | Reply

Thanks Scott, I did not find any iehelper.dll either, just 2 that are signed by Adobe.com for Adobe pro 8.

Again Thank you

By Lynda on Apr 16, 2009 | Reply

Fernando, you rock! I had the same problem with iehelper.dll – followed your instructions and poof!, it was gone. Thanks!

By Wasim on Apr 16, 2009 | Reply

To get IE control back follow this procedure posted by Indie.

It also hooks into IE. You need to unregister the helper DLL and remove it from the registry.
C:\WINDOWS\system32>regsvr32.exe /u iehelper.dll
Run HiJackThis and look for the iehelper.dll entry and delete it. Should fix the problem.

By MC on Apr 17, 2009 | Reply

Scott, thanks for the advice. It worked!!!

By chris on Apr 17, 2009 | Reply

look in ur windows folder and look for sysguard and rename it to sysguard.doc and ur av should pic it up quickly and if it doesnt go ahead and del it

By Sally on Apr 17, 2009 | Reply

I don’t know… these programmers are diabolical. I had nothing in the task list named spyware protect, but I did end the sysguard process which seems to help. I’m still searching the hard drive of the infected computer for the files named above, but spywareprotect*.*, even in hidden files, turns up nothing. I have the wireless turned off on the infected laptop so this malware doesn’t spread throughout the home network. What a flipping nightmare.

By Sally on Apr 17, 2009 | Reply

Finally eradicated everything. The sysguard and iehelper files kept popping up, despite dumping the recycle bin. Friends, do all the slash and burn in safe mode. All is well now. Thanks to everyone for the tips.

By sachin on Apr 22, 2009 | Reply

ok i have a question why does only norton users have this infection on their computer think on this and let me know at snikhop@gmail.com

By Joey on Apr 22, 2009 | Reply

Somehow I ended up with this darn spyware protect 2009 thing, and I’m pretty sure I got it from a wrestling news website I viewed for 2 seconds and closed because it slowed down my computer.

I searched through 4 different sites but they didn’t help. Once I found this one, it took me 5 minutes to find sysguard.exe and all the files related to it. Those are gone and the annoying pop ups and the icon at the taskbar are GONE!!

God bless Scott and the other people who provided the way to get rid of this!!

By matt on Apr 23, 2009 | Reply

Once you follow these steps you will find that there is files that regenerate themselves after reboot. Take note of ANY questionable files…especially in your H_KEY registry and shut down your pc. Then reboot…but in SAFE MODE. Once in SAFE MODE delete every file you may think is questionable…after scouring your pc for hours searching for this virus you should know what is not right…Here is the catch: delete whatever you think is not right…the worst result: you have to reload windows(which is your end result if you can’t end this). I spent hours following theses steps over and over, but at the end I had to boot in SAFE MODE and just delete what I felt wasn’t right. It took a minute of searching, but I scrolled my H_KEY registry and deleted every possible file I felt wasn’t necessary. I beat this and you can too. Just don’t give up. The answer is in your face: exhaust your attemps in regular xp, and when you think you are clear, go into SAFE MODE and delete the hell out of everything you think is bogus.
This is signed matt
pls beat this for me because these virus making scum don’t deserve to live.

By Frank on Apr 24, 2009 | Reply

Wow! Used the ctrl f key in the registry under my computer and deleted from c:\WINDOWS\aazalirt.exe thru c:\WINDOWS\zibaglertz.exe. All these file where in my registry and also sysguard.exe. Make sure after you delete sysguard.exe you hit the F3 key to find multiple folders. It looks like i’m fine now. Thanks to this website!

By harv on Apr 26, 2009 | Reply

can u tell me how did u remove spyware virus please

By Fuck you spyware protect 2009 on Apr 27, 2009 | Reply

SPYWARE PROTECT 2009 WAS INSTALLED ONTO MY COMPUTER AND I AM NOT HAPPY. I AM GOING TO FIND THE CREATOR OF THIS PROGRAM AND KILL THEM.

By mrnid on Apr 28, 2009 | Reply

I got hit hard from spyware protect. It got so bad I couldn’t even open any webpages. I used your advice and deleted sysguard.exe and its processes. After doing a system recovery all works fine. Thank you everyone for the advice!

By Phoebe on Apr 28, 2009 | Reply

thank you so much and all the people who commented on it!!!i REALLY appreciate it.
but the weird thing was that after deleting those files i couldn’t find it in my recycling bin to clear it..
is that alright? please reply!
PS but my computer seems fine now…..(fingers crossed)

By A frustrated gal on Apr 28, 2009 | Reply

So, since I haven’t saved my docs to an external harddrive, if I do, do I corrupt that too??? I want to just do a system reboot but don’t want to loose all my pictures and files- help!

By H Patterson on Apr 29, 2009 | Reply

Followed Scott’s step by step from April 9. Worked perfectly. Got rid of the IE block problem too.

By annaanu on Apr 29, 2009 | Reply

I have3 different virusprotect spyware virusses on my machine now.
Back in January I was able to clean spyguard 2008 just fine. With all the simple directions. At that time I could use taskmanager, and regedit.
But now the administrator (who is me) has somehow disabled these programs. I can find no place on this windows machine to change the administrator choices back to normal.
The only place I can go is the run: CMD and msconfig.
I’m on my power mac now and I have even tried downloading spyhunter and spyware doctor saved the .exe programs to disk and tried using them on the machine but they cannot be initialized.
I have ESET NOD 32 and it has found the same 9 infections everytime I boot up and do another scan.
In order to stop the virusprotectpro.exe without stopping the process?
How do I stop processes without task manager?

By Shadow on Apr 29, 2009 | Reply

3 days took me !
Delete all files modified around the time when the problem started. This was easy and fixed the pop up screen problems.
BUT I still had a slow computer and multiple automatic attempts to access a fake microsoft.com site(something called “browser-internet security”). None of the above mentioned files were present in my computer(not even a single one!).
So,I start looking through the processes and I found one consuming huge memory. 18244.exe-file in my case: search for this in the computer-I found 2 associated files and delete all of them (make sure you stop the process first from task manager).
PC – working fine again, Me – quite excited!!!

By janine on Apr 30, 2009 | Reply

The death penalty would be too good for these bastards!

By hunter713 on Apr 30, 2009 | Reply

quote: “I support the death penalty for first offense convicted virus/trojan/hijack writers and users”

i would burnthem alive and broadcast over the internet, so normal people can enjoy it.

By Garry on May 1, 2009 | Reply

Guys, I have the Spyware 2009 but NONE of the files or registry values exist on my computer. They just aren’t there, what do i do?

By Happy web user on May 1, 2009 | Reply

Scott April 10 – thank you, thank you, thank you

By trufflebar on May 3, 2009 | Reply

Oh my god, thank you so much, xp-vista.com. I was so freaked out when I saw these pop ups, I almost bought the thing, then I got a little suspicious, because my Norton Security said nothing about any viruses. I terminated the program, hopefully it is gone

By ringobud on May 4, 2009 | Reply

I cant try any of this because now i cant get any of my desktop to come up. just my background photo and task manager.

By ringobud on May 4, 2009 | Reply

i cant even get in via safe mode

By ringobud on May 4, 2009 | Reply

I cant get anything to work in safe mode so im not able to do anything can you help?

By karl on May 4, 2009 | Reply

i got this stupid fucking thing from YOUTUBE.COM how can i remove this thing without downloading a deleter and manual removing it.

By schnitzelboi on May 5, 2009 | Reply

I DID IT!!!

NOTE: This only works if you haven’t fallen for the scam and have not gone in on Spyware Protection’s offer. If you have, this may not help you.

1. Open task manager (ctrl-alt-del), go to the processes tab, and terminate sysguard.exe
2. Go to C:WINDOWS and delete sysguard.exe
3. Go to C:WINDOWS/Prefetch and delete the only file starting with sysguard (I forget the name… I was so happy to delete it, I forgot to write it down!)
4. Restart your computer and the piece of sh** is gone!

By SAVORY on May 6, 2009 | Reply

On start up,quickly press F11 to reboot then hurry and go do search (sysguard)delete
because some people can reboot there computer and it will still appear.You have to hurry and delete it before it starts running or it wont allow you to delete.

By Swapna on May 10, 2009 | Reply

Thanks. all the above information is when it gets installed, i just wanted to get rid of pop ups. the spyware didn’t get installed in my comp.

By Bryan on May 10, 2009 | Reply

thank you so much Alex(creator of this site) and all the other people’s comments that helped to delete this F ing spyware my computer is better now thank you!!

By bryan on May 10, 2009 | Reply

ok i deleted the program and everything that has sysguard in it’s name and there’s no more pop ups, but now every time i open a window or click a link this window opens that says
“Internet Explorer Warning – visiting this web site may harm your computer!What you can try:

Purchase Spyware Protect 2009 for secure Internet surfing (Recommended).”

how do i get rid of that?

By Rob on May 10, 2009 | Reply

Hello Everyone, I followed a suggestion from someone on this site and it worked…..so far. Here is what this person suggested:

It’s easy! Press cntrl alt del, push PROCESS button, than stop sysguard.exe process, after that search sysguard.exe and simply terminate it. He-he-he! ) I’m not an IT guy, I’m a pianist & composer, but I win, dudes ))

Good luck because until I read this suggestion, it was a pain in the butt.

By ECJ on May 11, 2009 | Reply

I followed the advice of Robert (posting on March 7) and it worked perfectly. After deleting the sysguard.exe from the Start Menu Search the pop-ups were gone and my internet access was recovered.

I tried to do a second search for the iehelper.dll but never found it. It seems there are different levels of severity and complexity associated with this bad boy.

GOOD LUCK, and thanks Robert!

By bryan on May 11, 2009 | Reply

ok i just found iehelper.dll in one of my systems, but when i try to delete it, it says “cannot delete iehelper:access is denied.
Make sure thaqt the disk is not currently in use”
i checked my task manager and it’s not there(already deleted sysguard)
plz help

By yvonne on May 11, 2009 | Reply

yes, i’ve had macs for 15 yrs and never got a virus.
I’ve had a PC for 3 yrs and have had several, including this spyware one.
I’m going back to MAC!
~y

By shari on May 12, 2009 | Reply

I found in my task manager but was under sys.exe so look for the different names it could be. I stopped the process and it removed itself imediately from my start up bar but I have not restarted, assume I will have to reboot in safe mode and do it there to make it official? this was for spyware protect 2009 with a blue white shield in my start/taskbar

By Becky on May 12, 2009 | Reply

I have had my PC for less than a month! Wake up this morning, and bam….Spyware Protect 2009. This thing has drove me crazy all day long. Every time I try to access a page such as this, to remove the sucker, it sends me a ‘Cannot Display Page’ message. It won’t let me look at them! So, here I sit at work, with all this info printed out, hoping and praying when I get home in the morning, I can get this thing off. I’m no computer genius, so wish me luck on not crashing my PC getting into all this. I would download some type of software to do it for me, but like I said, the stupid worm won’t even let me on a antispyware page!! We’ll see….

By laeloni on May 14, 2009 | Reply

Thank you! that crap was driving me crazy!!!!!

By Lisa on May 15, 2009 | Reply

Thank you!!!! This worked beautifully! ( I think) It’s gone, and only took about 2 minutes to do.

By Lee on May 17, 2009 | Reply

Acer TM5600 deleted all the usual suspects except one of 3 usp10.dll’s. Renamed the one that (access denied) refused to delete, and finally rebooted. Now machine loops between Acer startup screen and XP loading screen. Any ideas?

By matt on May 17, 2009 | Reply

took me three hours then i got it gone. was kinda simple after i finally got it.

to make pop ups stop so you can actually fix it.
control alt delete. then right click on dllhost.exe
end process tree

then go to search all programs and files.

sysguard.exe
right click and delete then delete from recycle bin and you should be good to go.
worked for my xp

By lucky wappy on May 18, 2009 | Reply

information in Dutch (Belgium) would be helpfull. Keep in mind that aged users may have problems understanding all this stuff.
May I just ignore this spyware information?

By melissa on May 18, 2009 | Reply

block that website in your explorer as a bad website.

By Becky on May 18, 2009 | Reply

Thanks for the help getting rid of Spyware Protect. How do I now get my computer running at a usable speed again. I can get online to my home page, but if I try to get to another page it doesn’t load. Thank you!!!

By cory on May 19, 2009 | Reply

I put my computer in safe mode to try a system restore now I can’t get out it says copy of windows must be activated in a phony looking screen so I can’t restore or get back to normal mode even after shutting down any ideas or is my pc history

By Jeremy on May 20, 2009 | Reply

If you look at Macs website enough people own them that people are writing viruses for them

By sandra on May 21, 2009 | Reply

It’s been two days since you posted your comment. I don’t know if ,by now, your computer is up and running again. If not, then I think there are still some malicious files from this malware left inside your computer. I,myself,had this attack before and I tried to manualy get rid of these files but it became very exhausted for me. So I downloaded a program that guaranteed to get rid of these files and it really did. Usually you have to pay to get the program, But there are some free versions that you can use without having to pay. If you (or anybody) want to know, please reply to my post and I will tell you.
(I forgot to mention that this reply was for Becky.)

By travii on May 21, 2009 | Reply

ughh idk how this dayum thing keeps coming bak i cant find any of the files name nd this thing wont go away i deleted everything in my computer really i even accidently deleted my sound .

By jorge arguello on May 21, 2009 | Reply

I delet the program is so simple! look for sysguard.exe <– then move the file to your desktop. if you try to delet the file i will say that you can not delet the file because is in use so this if ehat you have to do.! restart your pc.. and you have delet the file sysguard.exe that you move to your desktop you have to be fast.! if you don’t do it fast then the sysguard.exe <— ill run so it won’t let you delet.!

but! there’s another thing! ill tell you later

By John on May 22, 2009 | Reply

1. Boot to safe mode
2. Search C: for any files named sysguard….delete them.
3. Run regedit and search for all instances of sysguard (use F3 key to search)…delete them.
4. Delete all the files in C:\windows\prefetch

That should do it.

By nathan on May 22, 2009 | Reply

I followed the directions, but when I reboot all I get is my wallpaper. Help?

By Relieved Student on May 22, 2009 | Reply

Thank You SOOOO much! Now I can finish my research paper!

By Lsmith52 on May 22, 2009 | Reply

This was a nasty one. I got it off the “Family Guy” episode website.

By JEss on May 22, 2009 | Reply

THANK YOU!!!!! I am at work YIKES!

By Kaeess on May 22, 2009 | Reply

This worked perfectly
Thanks!

By mike on May 23, 2009 | Reply

how do i get rid of spyware 2009?

By Ocelot on May 23, 2009 | Reply

Indie you’re a .fu.king .fu.cking GENIUS and a GOD. Thank you. I resolved my problem.

By W.L on May 23, 2009 | Reply

Hell yes, this helped a lot. Thanks!

By Mary on May 24, 2009 | Reply

I tried this and several of the above names came up–I deleted them all! I’m keeping my fingers crossed that this works.

By brian on May 25, 2009 | Reply

how do i get rid of the spyware protect 2009 demo. i just want to remove the demo

By Andres on May 25, 2009 | Reply

I got spyware protect 2009 annoying pop up windows. So I did System Restore. This sets your date before your computer is infected. You fool the virus so every maleware after that date is removed. It got like this:

Start>programs>accesories>system restore.

Chose the date you know is prior the infection. And that’s it, pop up windows gone!

By flutterbyred04 on May 26, 2009 | Reply

you are awesome! Thank you for the input. I did what you said and bye bye spyware protect 2009.

By Abel on May 26, 2009 | Reply

hey how do we romove all those files? can someone tell me how please??

By Abel on May 26, 2009 | Reply

hey i also tried the part where u restore your computer to an erlier date. but nothing has changed,there was actually an error saying it was incomplete. the syware is still on my pc. please help!!

By Abel on May 26, 2009 | Reply

help please!! even after restoring my computer to an erlier date, the spyware is still there! help please!

By Abel on May 26, 2009 | Reply

hey, for ROBERT from march 7, wen i try to search it on the start menue, nothing come up

By Sparkie on May 27, 2009 | Reply

Oh!, thank you so much Schnitzelboi for your suggestion of 5/5/09 of how to get rid of this stupid thing. It worked for me too and was so easy to do, especially when I didn’t even know how to open task manager so I appreciate your detailed step by step instructions!

By Russ on May 27, 2009 | Reply

I was able to remove the process sysguard.exe, then I did a system restore to last week. So far so good.

By Sparkie on May 27, 2009 | Reply

Thanks everybody for their comments and help!

By Ian on May 28, 2009 | Reply

Thanks, your answer was right on the money

By Angie on May 28, 2009 | Reply

Does McAfee Security Center work to remove the virus? I had it the other day and today when I turned the computer on there was a notice that malicious software had been removed and everything works now. I looked for the files noted above and don’t have them.

By vic on May 31, 2009 | Reply

I ve stopped the sysguard.exe process and then deleted it from windows folder , it was on the pottom of the folder displayed as a gray icon: there are no more pop ups and explorer works. It is such a nasty virus i ve tried 4 different anti spy ware programs and none of them were able to detect it. But thank you all it worked. Good Luck!

By chris on Jun 1, 2009 | Reply

Hi,
I recently got some sort of virus/spyware on my comp, and at first it jus meant when i went on the internet and typed something in it would say ‘jumping’ then go to a random page.
now my internet doesnt connect atall. i used malware to remove the spyware, but my internet still wont connect..
can anyone help please?
thanks,
chris

By matt on Jun 5, 2009 | Reply

ok so the sysguard.exe got deleted by symatic for me, however, it deletes a file with the browser as well, how do i get my http port back, other ports such as utorrent and aol work, just port 80 is blocked still from this crappy spyware, any suggestions???

By scott on Jun 7, 2009 | Reply

I agree. This kind of advertising is absolutely ridiculous and invading. I would call up the Spyware Protext 2009 company and curse them out for hiring these assholes to come up with sneaky viruses if I had their number.

By Ace on Jun 7, 2009 | Reply

I tried all of the above suggestions, but didn’t work. I then serached for “redir” file. I think it stands for re-direct and once I deleted it, the problem was solved. redir file is usually combined with another file. For me it was wuredir.exe Search for redir and delete it and the problem will be solved.

By dino on Jun 9, 2009 | Reply

hey..can someone tell me exackly how to remove this piece of crap syguard.I have done a few things and it lies dormant, someone said find the file wuredir.exe but when i do a search tons come up and im not computer litterate enough to find the exe file.can you help me.thanks

By Jimmy on Jun 22, 2009 | Reply

What i did to remove this spyware is i first went to the task manager and disabled the sysguard.exe you can start your task manager by holding control alt and delete at the same time once you do that go to “My Computer” the go to your Hard Drive or C: drive and look for the “Windows” folder once you find it open it and look for two files one of them is Sysguard and the other one is syssvc and delete them both once you do that you will need to open your recycle bin and delete both of them from your recycle bin. once you do that you need to open up your internet explorer and look for the tools icon once there there is a manage add ons option now scroll down till you see an add on that is named bho and should be dated about the time you were infected with this spyware you need to disable this add on. you should now have effectively removed and disabled all parts of this spyware…good luck…

By Luis on Jun 23, 2009 | Reply

This is so easy, sysguard.exe is in sytem 32. also to really get rid of everything take your harddrive out put it in another machine as a slave, then open it and delete your pagefile.sys on C: you cant delete it while windows i sloaded, but i am very sure it is virus riddled, you can scan it from the other hard drive if you wish youll find viruses. also scan the rest of your drive and make sure it didnt mess with your host files, in windows/system32/drivers/etc make sure its not pointing to a server. good luck guys, i just removed it myself

By Vin on Jun 27, 2009 | Reply

I found these two ips in the DNS entry for TCPIP.

85.255.112.118
85.255.112.143

nslookup reveals..
Name: 85.255.112.118.static.ukrtelegroup.com.ua
Address: 85.255.112.118

Name: 85.255.112.143.static.ukrtelegroup.com.ua
Address: 85.255.112.143

Anyone that knows how to spam or dos attack on these b*astards would be greatly appreciated.

By Dave on Jul 3, 2009 | Reply

it was a pain but the info above helped alot thanks. – especially the bit about prefetch entries to track down the culprit file. I had kaspersky installed fortunately – it didnt stop the install but it may have stopped significant damage but i still had to delete sysguard.exe, ld12.exe and iehelper.dll manually myself in safe mode. I also deleted one registry key for sysguard.exe.

By pedro on Jul 7, 2009 | Reply

cut off hands – cut out tongue – then death penalty!

By Joe on Jul 27, 2009 | Reply

There are numerouse standalone programs that you can use outside of the regular task manager, once this trojan starts locking things up. “IBProcMan”/ ie; itty bitty process manager is one of them. No matter how hard your system freezes up, it will eventually loosen back up. Be patient. Use you folders tree to move to files, insead of double clicking them to move around. Revouninstaller is another program that has a “hunter” feature. Where, once this thing pops up in your system tray, you can identify the folder its in. If you cant delete it, rename it. As tempting as it is to kill these processes, you must have them running to see which ones are causing the havoc. Yes, there are scanners and what not and its important to remove them in safe mode. But the scanners rely on definition updates. If you keep up with your pc, youll be able find and recognize the sourcew just as quick. And dont forget about the antiroot kits and to scan your registry once you remove the active .exes, or processes.

By jan on Jul 29, 2009 | Reply

this thing is driving me nuts. i deleted iehelper, sysguard. can only run in safe mode, no internet. macafee won’t work this is the 4th day at it. do i have to delete every file on the list manually in start, search.

By Elaine on Sep 12, 2009 | Reply

I installed a program on my computer and when I click on it, a message comes up and says, the data files cannot be accessed. to continue, please ensure that the neccessary media is accessible. What do I do? How do I check this? What does this mean?

By Kyle on Oct 2, 2009 | Reply

Hi I got this a few days ago. Mine has evolved into the process piagsysguard.exe
I am searching the registry for anything to do with it, and found the list of files by using the .pf method above. I deleted the actual .exe, it was in a file
c:\program files\mlnbws\piagsysguard.exe. I will update on if it gets rid of it all, I just hope that the evolving name info will help

By lilkunta on Oct 24, 2009 | Reply

Hello. I was infected by sys guard(muwe sys guard). I have a toshiba l25 with windows XP sp2.

It had disabled both my ethernet and wifi inet connections. It had diabled the regedit and the system restore ( when i try i get a msg saying contact your admin & Im logged in as the admin! ). What do I do? I have tried to go to ’safe mode with networking’ but it wont work. I have tried ’safe mode’ but it to doesnt load. In order to get to safe mode I have to select ‘directory services restore mode’,
and this way I get to safe mode. Yet when I do get to safe mode, regedit & system restore is still disabled! Also the shortcut icon trojan
(called security tool) is still on the desktop.

PLEASE HELP!

By sys remove on Oct 24, 2009 | Reply

I found an easier way to remove the program after an hour of trying.

step 1. open task manager and look for a program that resembles sysguard.exe. mine was labeled ssyslvg.exe. make sure you write the name of the task down before step 2.

step 2. right click the program and end the process. it won’t have any affect on your computer besides stopping the popups.

step 3. go to the start menu and click search. type the name of the task you wrote down in the search bar.

step 4. rename the the files that are found GAY because the files are infact gay buttfucking fags. also so you can remember the name to find them again incase it doesn’t work the first time.

step 5. right click the files and click delete to recycling bin. if the files don’t delete the first time try again. it took me 2 attempts.

step 6. empty your recycling bin and restart your computer.

step 7. TURN YOUR FIREWALL ON.

By david on Nov 10, 2009 | Reply

Exactly HOW did you remove it? Nothing is working for me.

By MWRadio on Nov 15, 2009 | Reply

Found this on a guy’s computer 11/14/09. New varient. The main running process was named xjwlsysguard.exe. Created registry key HKey_Current_User\Software\AVScan. Also found the installer that ran at every reboot as imrppoiw. This installer needs to be removed too, or you will just have the program back again when you reboot! HKey_Local_Machine\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Also somewhere else I forget now. To all the people who think these change themselves, they do not. There is a guy or team of guys out there writing this for thier own profit, enough people are dumb enough to pay them to fix the problem caused by this program to make it a million dollar business for the writers! The writers change the program regularly to make it harder to remove so you will knuckle under and pay them. Don’t do it! The program is set up to install under one of several different names, so that it is harder to find and remove. It has a huge list to choose from, which is changed with each new release. The best way to find this is with Search. Look for files created about the time you first saw the “AntiVirus” or “AntiSpyware” scanner. Right click and look at thier properties. If they are from Microsoft or a Card vendor (Ati, Creativelabs etc.) you don’t have the right one, keep looking. The one you are looking for will be an .exe, probably will not have an icon picture (it’ll be the white box with the blue border), will not have a Company name! Found mine to be about 255kb (567.exe) So limit your search to be at least 254kb or more it will reduce the number of entries you need to check. It may also be more likely to be in a Temp folder or Temporary Internet Files. Mine was in C:\Documents and Settings\\Local Settings\Applicatioin Data\Temp Do not delete it. Rename it by just adding a chacter at the front so that you can put it back if you choose wrongly! When you find the one that reinstalls the program you will be able to kill and remove the ?sysgaurd.exe and when you reboot the thing won’t start again. This is how you know you won! If you are clean for awhile with no other problems then you can safely go back and delete the files you renamed. Good Luck! Happy hunting.

By IQE on Nov 20, 2009 | Reply

Spyware Protect is a terrible pest. In my case the exe file was called gtmosysguard.exe I killed that process with ProcesXP but when I restarted the machine, Spyware P. appear again and now it don´t let me open ProcessXP. I called my support service and I´m going to format the machine.

By IQE on Nov 20, 2009 | Reply

Another thing, I´m almost sure that I get infected when I visited the website of AMCIS 2010 conference, an international conference about IT, maybe the website was infected and the webmaster didn’t notice

By KB on Nov 20, 2009 | Reply

Good info MWRadio. I originally found the program in C:\Documents and Settings\\Local Settings\Application Data\…. The file name was rrmosysguard.exe. Deleted it and once I was able to get back on the internet did some searching and found this page. Sure enough under HKey_Current_User\Software\AVScan i found many of the files mentioned in the original manual removal instructions. Removed those and then sure enough as MWRadio mentions, in HKey_Local_Machine\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, I found a file called dukfmwau which pointed to rrmosysguard.exe. One more thing, I was unable to run any progams including task manager because of the virus. When one of the fake messages appeared, I right clicked on the message and went to properties. This is how I first found out the name of file. Then during a reboot, I was able to start task manager before the Antivirus2009 had a chance to start up. From here I stopped the rrmosysguard.exe process and then I was able to open programs without the fake message stopping me. Good luck. This thing sucks!

By A-Z on Nov 21, 2009 | Reply

you can open task manager but you have to be quik to open task manager before sysguard loads itself after booting up windows.

By Robert on Nov 26, 2009 | Reply

For those of you that lost the internet… once you kill the stupid thing… do a system restore back to before you got it and your internet should be back.

By GL on Nov 26, 2009 | Reply

Got this on one of my locked-down PCs. Cannot open command prompt/task manager if I logged in as the infected user. I was able to find the offending (offensive too!) task under %userprofile%\local Settings\Application Data\some-name\????sysguard.exe. After renaming the file and removing the registry entry life is back to normal. Also found out afterwards that the installed Trend Micro Antivirus/Antispyware could detect the infection but could not fix the problem Still don’t know how the pc got infected. Only clue that may be of interest is that the browsing history showed an entry for today as kaka://c:\document and settings\username\local settings\application data\kjkpjk\qlrcsysguard.exe/alert.htm. But then when I googled kaka: I did not find anything relevant.

By Carol on Nov 28, 2009 | Reply

daughter got the virus on computer i tried to locate it, nothing, unfortunately i did not look here, i tried resintalling windows with cd, i get desktop but its empty. say missing ie something, what else can i do thank u

By Hopeless with PC’s on Nov 29, 2009 | Reply

I followed these instructions which I found on another site and it worked for me. Equally important, it’s easy!:

Restart computer. As soon as windows opens pull up the task manager (ctrl+atl+del) and click on “processes”. Wait for the .exe file with the word “guard” in it (it will probably be four random letters followed by sysguard: ie: “xxxxsysguard.exe”) . Write down the file name and end the process (this will keep the virus from hijacking your system while you get rid of it)

Go to the start up menu and hit “run” and type in “msconfig” then go to the “startup” tab and find the .exe file previously terminated to see where the .exe file is located. (On my computer it was in “documents and settings\owner\local settings\ etc. etc.”).

In ‘Explore’ open up the to the folder it was in (you may want to view “hidden files”) and delete the .exe file and the folder (the folder name was a bunch of random mixed up letters) and empty the recycle bin to make sure it’s gone.

Restart system it should be gone!”

I then did a scan with McAfee (which the bloody virus had made unusable) just as a double check.

Good luck!

By LS on Nov 29, 2009 | Reply

Be careful of antimalware-do not use Antimalware Pro-its a fraud
Found best way to remove sysguard2010 was task manager (Control,Alt,Del)…remove the one ending in sysguard.exe…then Norton Antivirus – advanced version picked this up as a Trojan Horse…after running it several times…if you can’t get internet, I found that you have about a 2 minute time frame after task manager deletion to get on the internet.

By Amataya on Nov 30, 2009 | Reply

I had a new variation of this Spyware Protection 2009 (still tries to send you to the website and hi-jacks internet explorer). I had Malwarebytes and avast but both were disabled by the virus. I tried downloading new ones but they would say they were infected and wouldn’t allow me to install. Tried to use task manager and start-run-cmd but it blocked those as well. I deleted sysguard.exe but that did nothing but when I search sysguard another program came up I believe it was igcsysguard.exe or something like that I know it started with an i and had sysguard in it. It would not allow me to delete because it was running. I could not get my computer in safemode but what I was able to do was restart my computer and before all the process were running I was able to pull up task manager (ctr alt del) went to processes and stopped the program (it was on there several times) once those processes were stopped I was able to run Malwarebytes and removed the problem. So I would advise to search the SYSGUARD in your search area and see if this thing pops up. You can also manually delete the file. Hopefully this helps someone.

By Greg on Nov 30, 2009 | Reply

My sons Dell had this and “registry defender”. I was able to remove both thru the regedit, but I am still having issues getting IE, FF, chrome to hit the internet. Any advice? I see a few people talking about removing svchost.exe, but that hasnt worked either. Help???

By Chris on Dec 1, 2009 | Reply

One thing I noticed after looking at a user’s computer who had the virus is it looks like the virus changes the Internet settings to use a proxy at 127.0.0.1 on port 555. It must be using this to do the redirection you speak of. To fix this open Internet Options from the Tools menu in IE. Then click on the Connections tab. Click on the “LAN Settings” button and make sure the “Use proxy server for….” check box is not on or that the proper Proxy Server settings are entered.

By Frank on Dec 3, 2009 | Reply

Thanks heaps Chris I had the ‘vthbsysguard.exe’ version and after killing the tasks, deleting the exe and cleaning out the registry I still had the proxy server setting you mention.

All I did to get this thing on my computer was click on a pop up – something about how to whiten teeth cheaply!!! I’ll never click on a pop up ever again

By tom on Dec 4, 2009 | Reply

(To remove proxy setting; goto “Tools/ Internet Options/ Connections/ LAN settings” and untick the “proxy server” settings.)
My kid inadvertently clicked on a popup and I had the “hnhosysguard.exe” variant and could not kill process in task manager.I got into safemode and tried removing temp files and pc crashed( should have killed process from there first,duh). Could not boot into safemode again.
Luckily had a utility called “Emergency Repair Disc” (ERD) which allowed me to boot from the cd and edit registry and also remove the necessary files/folders. Then logged back as normal and ran antivirus software which picked up and removed trojan virus. Took a couple of hours but Job Done!

By avenger on Dec 5, 2009 | Reply

************To All That Got Infected with Spyware Protection 2009 **************

If you boot up in Safe mode and run system restore and restore your computer to “yesterday” or the day before infection it WILL be gone.

By Gary on Dec 5, 2009 | Reply

Simple solution to beat this (If I did it, you can as well).

1) Start task manager as soon as your windows starts up(if Spyware Protect 2009 or Sysguard.exe begins operating before you get task manager open, you wont be able to open task manager. Simply reboot your computer and try again.).

2) Go to processes from task manager menu, then end the process for it by whatever name it may be (mine used the name qhbisysguard.exe).

3) Go to internet explorer, tools, manage add ons and disable any add ons related to the process you terminated last step.

4) From there you should be able to use most programs regularily, I had to go to internet explorer, tools, internet options, connections, LAN settings, then click off use a proxy server and click automatically detect settings. This allowed me to log on the internet.

5) Go to the start menu, click Run, type regedit, click edit and find, then type in the name of the process you ended in step 2 and search. Delete anything associated with the name of the process (qhbisysguard for me), Spyware Protect 2009, sysguard and iehelper.

By Tesa on Dec 8, 2009 | Reply

Thanks Gary! Your instructions were perfect.

By Thomas on Dec 13, 2009 | Reply

Gary’s instructions worked perfectly.. Thanks Gary. My file was odqssysguard.exe and for some reason the regular windows search wouldn’t find it but it was in two places, c:\windows\prefetch and another directory related to my name documents & settings\\ etc..
When I did the regedit search 3 of the related files had names like “001″ so I right clicked on it and selected modify and it showed me the nasty file name inside so I deleted the 4 or 5 registration items that had it, cleaned out all my IE history, cookies, everything.. empty the recycle bin and reboot, she’s as good as new.

By Sean on Dec 20, 2009 | Reply

i ended abfsysguard.exe……stops pop-ups, what other processes should i end?

By Sean on Dec 20, 2009 | Reply

thx very much gary, i followed ur instructions and i can use google chrome and safari again!!!(and IE)

By Paul on Dec 20, 2009 | Reply

If you have the means, set up a dual-boot system (so you can boot into a different OS if one should get infected).
It tried to block my ability to reboot, run task manager, run virus/spyware scanners, and any number of other things on Windows XP. All I did was reboot (the attempted block was too late to stop the computer from shutting off) – and boot into Windows 7. From there I ran Spybot S&D to get the name, popped online; and started having Windows 7 search for and remove those files from the XP hard drive – as well as saving a file on the drive with which registry entries to delete/modify to get the internet back up and running in XP.
(I have 7 and XP because my copy of 7 was delivered later than my computer; and I’ve kept XP so that I can still run programs currently incompatible with 7).
If you can pull it off, I would suggest dedicated a little file space to install a second OS (Linux may require a different hard drive if what I’ve heard is true). Definitely research how to do it first though just to make it easier on yourself .

By Ross on Dec 21, 2009 | Reply

Gary, Thanks so much for the clear instructions! So far, so good. Merry Christmas!!

By Larry on Dec 21, 2009 | Reply

You also need to delete the files in the registry or it will regenerate itself

start, select run, type regedit
click on my computer on left tree
select edit, find, sysguard

As each one pops up delete then hit F3 to continue
Be very careful as there is no recovery from editing the registry directly

The problem with sysguard is it replicates itself from the registry on hidden files…definitely a problem.

By Mark on Dec 26, 2009 | Reply

Gary…you the man.

Changing the LAN settings was key to getting my internet restored once I deleted the all the sysguard crap.

By Christof on Dec 26, 2009 | Reply

First of all … thanks to all of you for posting your suggested fixes. I seem to have gotten sysguard off of my computer. It hit me on Christmas Eve (Merry Christmas, right?!). In any case, by following what I read on this site, I was able to get sysguard off of my computer (I think). At least it is no longer popping up. But I still can’t get Internet Explorer, Google Chrome, or Firefox to work. I was, however, able to make a call on Skype. So I know my internet connection is working. (Btw, I’m obviously typing this on a different computer.) In any case, I got rid of iehelper.dll as some suggested and this doesn’t seem to have solved my problem. I thought maybe I’d need to reinstall Google Chrome and IE, but since I installed Firefox after making all these fixes and it doesn’t work, I’m guessing reinstalling IE or Chrome won’t solve things either. Any thoughts? Thanks for sharing your genius with me … and the world.

By Mark G on Dec 28, 2009 | Reply

I was hit with sysguard, too (for me, it was named fnhesysguard.exe). It ended up being a Christmas Day ‘present’ for me! I found out the trick about getting my anti-virus program (Symantec) running from the task bar before sysguard fired up. I also found out that sysguard had listed itself in the Symantec scan exceptions menu – these culprits are tricky!

Now I have 2 remaining problems that I wonder if anyone has any suggestions for my XP machine. 1. I was able to get my IE proxy settings working, but the proxy excpetions list won’t take. 2. Any attachments on Outlook have a generic icon. Specific icons such as those for Word or Powerpoint do not appear.

Any advice would be appreciated.

By Angie on Dec 28, 2009 | Reply

Thank you Larry!!
I had used MalWarebytes and SpyBot and thought my computers were free of that mess. I did what you suggested in the registry and sure enough, there they were again!

By jason b on Dec 29, 2009 | Reply

My wife got this malware on our computer after clicking on a friends picture at myspace.

What a nightmare!

I used the “get task manager open pronto” method to turn off the offending process. After that i removed all items found searching sysguard from the registry. After this was done i couldn’t get the internet connection to work so i did a system restore back a day.

By Julien S on Dec 31, 2009 | Reply

I stop the task right away when I login

Mine came up as ytjasysguard.exe
Location:
C:\Documents and Settings\Owner\Local Settings\Application Data\wfndpn

As well I did find the PF in the prefetch folder.

In the registry that wfndpn folder came up as Sandboxie so something else to look out for

By Diana on Dec 31, 2009 | Reply

GARY! Your post on Dec. 05, 2009 was the best solution to my encounter with this virus! THANK YOU! My file name was aqjksysguard.exe you usually find the name easily on task manager and click the processes tab then click on user name below to show you the programs running in your user name only. You should see some weird name that you don’t recognize. Then follow Gary’s instructions… thanks again gary!

By Roland on Jan 4, 2010 | Reply

Thank you for the information, very helpful for removing the pop-ups, and X Rated content that showed up on screen. Don’t need this content showing up with kids at home.

Thank you.

By john on Jan 4, 2010 | Reply

i also have recently adopted this virus it came to me on a normal looking windows pc scan and i sheepishly went along with it. but thanks to you guys i was able to get rid of it …i think i had to search for aaepsysguard.exe but im pretty sure its gone thanks Everyone

By LOP on Jan 20, 2010 | Reply

I found the malware installed at the following location on my computer: D:\Documents and Settings\{USERNAME HERE}\Local Settings\Application Data\gxexoo\mryisysguard.exe
It also modified my startup routine to include refrence to this mryisysguard.exe such that it start up anytime I start my computer
Then it modified my IE internet option – Connection – LAN Settings – Use Automatic Configuration Script. It placed a refrence to a .pac file from my C:drive that direct the IE to a website!!!
Clean the malware by searching for text that contain sysguard in safe mode, you will probably get some variant of the spellings with sysguard.exe Delete the file and the folder, restore your IE LAN settings by removing text in the Address field on the: Use Automatic Configuration Script
More importantly, follow all the suggested steps by good people on this thread

By Chrisy on Jan 21, 2010 | Reply

Boot to Safe Mode. Go to run and type msconfig>click on Launch system restore>choose restore my computer to an earlier time>pick a date from when you know the system was not infected (it will be in bold) and restore your system to that time. It will reboot and finish up the job after the reboot and you log in.

By emlarge on Feb 6, 2010 | Reply

For those of you who can’t access the internet after being hit by this marware, I found that it had added a value in my system registry to the following key: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\InternetSettings\ProxyServer If you remove this value you should be able to access the internet again. (Start -> Run -> Type regedit, browse to the directory above, and remove the value (don’t delete the key though, just remove the value).