Spyware Guard 2008 Malware. Tried a lot of things already.

By Tails Clock
Dec 18, 2008
  1. I use Windows XP service pack 3. I am stuck in Safe Mode with networking as normal mode gives me a BSOD. I had no anti-virus software at all.
    I've downloaded Malwarebytes' Anti-Malware and installed it using the renaming method, but even when using that method I cannot run it. I've also been blocked from many many websites where you can download anti-malware programs. I got a friend to download and send me them though, but niether will install. They are Super Anti Spyware Pro and Adaware.
    I can't run or install any of them. I've deleted the malware several times, every single file for it or that it has made and it just came back.
    I used and found and removed CnsMin and H'tKeysH@@k. I was then told to use but that website is blocked for me. Also I have no system recovery points.
  2. Kazi

    Kazi TS Enthusiast Posts: 121

    First RENAME your MBAM.exe and then run it again and see if it will load

    quick scan

    then update

    then full

    If this does not work, only real method left is format
    as this virus is brutal

    If you format
    do this

  3. Tails Clock

    Tails Clock TS Rookie Topic Starter Posts: 16

    I didn't write it very well but I meant to say that I had tried that already too.
    I really can't beleive a single file can defeat every program ever made to beat it.
    I wish I could at least remember the name of the site it came from.
    Thanks for all your help.

    I just did a quickscan and got rid of 12 or so things, they look a lot like ones I'd deleted before manually. I did not restart it afterwords like it said as I don't want to risk not being able to use it again. But I can't get it to update for some reason. It says my firewalls might be blocking it but normaly a message comes up asking me if I want to disable the program or not and one has not come up so I doubt it's my firewall. Maybe the malware is stopping it from updating? Any suggestions?

    PS: For those who want to know how I got the program to finaly work, I just prayed hard, really. (To Satan, he's way nicer than god)
  4. mflynn

    mflynn TS Rookie Posts: 2,655

  5. Tails Clock

    Tails Clock TS Rookie Topic Starter Posts: 16

    Did what it said and now I CAN'T RUN AYTHING AT ALL. It asks me what I want to open it with instead... Now that I closed Malware Bytes I can't open it back up again...
    I restarted because the malware bytes thing said to and also to try and get programs running no avail.

    This has messed my computer up, and a restart didn't fix it. how do I undo what this has done? I keep being asked what program to open .EXE's with.

    EDIT: Oh right, PM the errors. sorry.

    EDIT2: Couldn't send one even if I wanted to because the site has some silly restrictions.
  6. kimsland

    kimsland Ex-TechSpotter Posts: 14,524

    You may be confused
    All support is freely provided on the forum
    There is no need to PM or try to gain extra posts to PM
  7. Tails Clock

    Tails Clock TS Rookie Topic Starter Posts: 16

    I'm more of an ***** for not reading the part where it said "Malware pros".
    I guess I didn't really do anything wrong. But I'm still messed up thanks to that code which has done more harm than help.
  8. kimsland

    kimsland Ex-TechSpotter Posts: 14,524

    Carry out the following procedures..

    1. Click Start‚ click run. In the Run box‚ enter CMD
    2. In the Command window‚ enter the following commands (in red) at the prompt.
    C:> assoc .exe=exefile
    C:> ftype exefile=“%1” %*

    If the Command window does not pop up‚ try the following procedure.

    1. At boot up‚ when the computer first starts up‚ press and hold down F8 to display the Windows Advanced Options menu‚ release F8.
    2. Highlight Safe Mode and Command Prompt. Press Enter.
    3. When prompted select your Operating System Enter.
    4. Log on as Administrator and the Command Prompt will appear. Execute each of the two commands below.>
    C:> assoc .exe=exefile
    C:> ftype exefile=“%1” %*

    Restart normally
  9. Tails Clock

    Tails Clock TS Rookie Topic Starter Posts: 16

    If I was able to open the CMD just a while ago but can't now, will I somehow be able to by restarting in that mode? The reason I cannot open it now is because it too asks me what to open it with. I fear the code mflynn gave me has destroyed my pc. I cannot use CMD or any .exe anymore.

    EDIT: tried putting your code into a .cmd file but it's the same as what happens to a .exe
  10. kimsland

    kimsland Ex-TechSpotter Posts: 14,524

    Please try Safe Mode Command prompt
    And let me know asap
    The reason why I say this, is to place warning on the other thread
  11. Tails Clock

    Tails Clock TS Rookie Topic Starter Posts: 16

    It did get the CMD up, but I took longer because I realised I had to write the code down on paper as Explorer.exe wouldn't run and so I couldn't view the TXT file I'd made.
    Also the code you gave did not work for me, I altered it to:
    C:>assoc .exe=exefile
    C:>ftype exefile=“%1” %*
    It then worked and now I can use things again.

    (the code is different in that I removed a space)
  12. rf6647

    rf6647 TS Maniac Posts: 829

    fixx.cmd makes it better

    The following was PM'd to mflynn. I hope you can follow this.

    vb8177 report of usage
    I experimented using the method. I could not use 'notepad'.

    • Restarted > safe mode with networking > re-opened thread
    • Pasted command file into command prompt window. when completed, cmd window closed
    • Attempted to call out ‘notepad’
      • Attempted to call out ‘notepad’ from the ‘start menu’ > ‘most recently used task list’ > notepad > prompted me for ‘application to be used’
    • Attempted this method – Same result
      • start > all programs > accessories > Notepad > prompted me for ‘application to be used’

    This was successful to create a file
    • Open ‘cmd prompt’ window > edit > paste text into edit window > save file
    Note: cmd prompt’ window also prompted me for ‘application to be used’. Browsed …\system32\cmd.exe.

    I executed 'fixx.cmd' by dragging it to the 'command prompt' window.
  13. kimsland

    kimsland Ex-TechSpotter Posts: 14,524

    @Tails Clock

    Thanks I edited above
    This came from me trying to be too quick! :eek:

    I am concerned that there were other changes as well. ie:


    Lets prove this, by testing another one
    Please run any screen saver.
    Actually I'll get one...

    Start->Run-> C:\WINDOWS\system32\sspipes.scr

    Please report back, this should take about a minute .
  14. Tails Clock

    Tails Clock TS Rookie Topic Starter Posts: 16

    Same problem. Asks me what to open it with.
  15. kimsland

    kimsland Ex-TechSpotter Posts: 14,524

    Well that's enough proof for me !

    I'll inform mflynn, to fix the issue immediately
  16. kimsland

    kimsland Ex-TechSpotter Posts: 14,524

    Sorry rf6647, I'm confused what you are talking about here :confused:

    I have asked mflynn (through PM) to reply here when he's back on
  17. rf6647

    rf6647 TS Maniac Posts: 829


    For 1st pass execution, Paste command file contents into 'command prompt' window hobbles the infection and the computer.

    For 2nd pass, Create & Execute 'fixx.cmd' which rectifies the situation.

    I used 'edit' in the 'command prompt' window to create & save the file.

    There was a trick to opening the 'command prompt' window. When challenge appears 'Open With', browse to 'c:\windows\system32\cmd.exe' and 'ok'.

    Since this member indicates problems with 'Explorer', this makes it difficult to execute 'fixx.cmd' by dragging into the 'command prompt' window.

    However, using the fully qualified path!!filename in the command prompt window should work.
  18. Tails Clock

    Tails Clock TS Rookie Topic Starter Posts: 16

    my net or this site are messing up, it just deleted my post. Basically I understood RF and will try that if I ever get this problem again.
    I had 10 bits of malware unrelated to spyware guard 2008 that I found on my 3rd of so scan, I will scan more now.
    I still cannot update malware bytes.

    Some time later: It found 5 files, they mention TDSS...
  19. mflynn

    mflynn TS Rookie Posts: 2,655

    Hello Tails Clock, Rich, Kim

    I apologize for all inconveniences. That is the reason I asked the Malware Pros to help watch it as it was a new attempt to help with this problem.

    Issue has been corrected. It had to do with the double %%'s (now removed) these are required only when run from a Batch or CMD file as discovered by Rich.

    Rich If you have Attachment space if you want to Attach to my thread the Batch/CMD file that worked I would appreciate it. As I have no more attachment space left as it is consumed by Fixit!

  20. Tails Clock

    Tails Clock TS Rookie Topic Starter Posts: 16

    I went to your topic and was unable to DL the attachment. Will it fix the damage done by the previous code I entered?
    I also can't run .cmd files so even if I could DL it I'd still be unable to use it.
    What do I need to enter into the Command prompt to go back to running all my files again?
  21. mflynn

    mflynn TS Rookie Posts: 2,655

    Yes it would!

    But you do not need to download the attachment.

    The Copy and paste operation, has been fixed and will now correct all. And should allow you to proceed with the cleanup.

    You should do this from Safe Mode Networking and go straight to MBAM and SAS before the Malware gains control again.

    But then get back and post all remaining issues we need to handle.

  22. Tails Clock

    Tails Clock TS Rookie Topic Starter Posts: 16

    I ran the fix thingy in my CMD and all seems good and fine, except that I can't tell what it did. MalwareBytes still wont update and I still can't run it using it's proper name.
    Is there something else I'm meant to be doing after running your fix? Is the fix even meant to allow me to update Malware Bytes?
    Maybe it has something to do with me net. Ever since I got the malware my net has been pretty bad and disconnecting a bit, but that should still let me update the program. Also I recently got the full version of Malware Bytes but I STILL can't update it or enable it's protection feature.
  23. kimsland

    kimsland Ex-TechSpotter Posts: 14,524

  24. Tails Clock

    Tails Clock TS Rookie Topic Starter Posts: 16

    I quick scanned after I used the fix and this is my log.
    I have not tried those two links you gave about getting rid of TDSS yet but am going to do that now.
  25. kimsland

    kimsland Ex-TechSpotter Posts: 14,524

    Due to finding and removing Malwares :grinthumb
    You will need to update Malwarebytes again, and then run another full scan
    Irritating I know, but Malware can hide other malware, and therefore multiple scans required (before restarting and running HJT, a few hours from now ;) )
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...