TechSpot

Virus spyware guard 2008 is killing me

By agiera
Dec 14, 2008
  1. hi. I have the virus spyware guard 2008 and talked to some people on how to get rid of it. I have a disk with mbam. Spybot. And adware on it with instructions to install them and then run them in safe mode. No biggie except I can't install mbam or spybot cause the virus is affecting my Internet it keeps saying I have no connectionto server. But that can't be everything is hooked up and my iPhone works great thru the router. How do I install spybot in I can't get online?? And when I try to install mbam it does nothing it won't even open. I need help I'm very lost when it comes to this stuff and scared of what the virus is getting to like credit card #s and such help would be appreciated thanks.
     
  2. mflynn

    mflynn TS Rookie Posts: 2,655

    Hi agiera

    Get this on another computer then copy the entire Fixes folder to a CD or Flash drive the take to the desktop of the problem computer then open the Fixes folder and rum Fixit.cmd.

    As instructed here: http://www.techspot.com/vb/post684649-3.html

    When it boots back up do the below....

    Do the TechSpot 8 steps: http://www.techspot.com/vb/topic58138.html

    Skip no steps (do not install another virus scanner if you already have one).

    Most importantly update MalwareBytes and SuperAntiSptware!

    Before you scan with SuperAntiSpyWare do the below:

    SuperAntispyware extra config

    After installed double-click the icon on your desktop to run it.

    Update the program definitions.

    Click the Preferences button.

    Then Scanning Control.

    In Scanner Options make sure all boxes are checked except #3 Ignore System Restore.. are checked:

    MalwareBytes extra config

    After update but before running
    Click settings and confirm all are Checked.

    I repeat Update these 2 programs.

    Run them and attach their logs.

    Do this correctly and we will make a short job of this!

    Mike
     
  3. stabdiz

    stabdiz Banned

    the best way to get back serenity is to get rid of it, try to remove it manualy for removal instructions use google. :)
     
  4. mflynn

    mflynn TS Rookie Posts: 2,655

    1. that is what he is trying to do "get back serenity".
    2. He may can "try to remove it manualy" but it usually brings several buddies and immediately begins inviting others.

    So the longer he waits to handle this the worse it gets if he is using the computer and browsing!

    Mike
     
  5. stabdiz

    stabdiz Banned

    actually yes my english isnt perfect and some times i do not understand some post like yours (what you wanted to say)
     
  6. mflynn

    mflynn TS Rookie Posts: 2,655

    No problem stabdiz

    He could remove it manually as you said.

    But this one brings other malware with it.

    And once on the computer, if he continues to use the computer then the malware will "invite" bring in even other bad things.

    So removing only it would not work as now he has much more.

    If he returns and does the steps I posted you will see many more.

    If he don't return soon he will get so bogged down he will hardly be able to do anything and make it very hard to clean also.

    Mike
     
  7. stabdiz

    stabdiz Banned

    so in that case there are many FREE or trial versions of reliable spyware removers :)
     
  8. mflynn

    mflynn TS Rookie Posts: 2,655

    Yes! And that is exactly what I proposed in my first post.

    The exact steps and programs to do just that!

    Mike
     
  9. agiera

    agiera TS Rookie Topic Starter

    I've tried and I can't stay on computer long enough to do anything. Would tranfering everything I have to an external hard drive then deleting windows and everything from my pc and re installing windows with all the virus scans and firewalls work.
     
  10. mflynn

    mflynn TS Rookie Posts: 2,655

    Boot to Safe Mode Networking and try.

    Mike
     
  11. agiera

    agiera TS Rookie Topic Starter

    ok I tried safe mode but not networking any time I try anything it says can't connect to server
     
  12. mflynn

    mflynn TS Rookie Posts: 2,655

    Of course it can't connect in in Safe Mode only!!! That is why I told you to boot to

    Safe Mode Networking!


    Mike
     
  13. dannydevito

    dannydevito TS Rookie

    try this

    Hi Agiera

    Before you do the 8 step process follow this instruction from this site


    Procedural Steps
    1.
    Start->Run-> Devmgmt.msc ->ok
    On the toolbar, Click on View -> "Show hidden devices"
    2.
    Scroll down and locate Non-plug and Play Drivers
    Click the + sign to expand
    3.
    Search for “TDSSserv.sys”
    Right click on it, and select “Disable”

    4. Restart your computer

    5. Confirm 'TDSSserv.sys' is disabled. Repeat Step 1-3. Cancel to exit.

    6. Begin or resume UPDATED 8-step Viruses/Spyware/Malware Preliminary Removal Instructions



    this will help
     
  14. almcneil

    almcneil TS Guru Posts: 1,277

    Here's a Solution

    Hi Agiera,

    I am currently cleaning this particular piece of spyware from a customer's computer as I write. He called me the same day you posted this. I believe this is a new variant of Spyware Guard and it's NASTY!! It blocked every anti-spyware/anti-virus/anti-rootkit utliity I had (>12) I was about raise the white flag when I found a comment in a thread on another site in which the person figured out how to get around the blocking. He said to rename the installation program for Malwarebytes (mbam_setup.exe) to something else and then it will run. You also need to rename the executable (mbam.exe) to something else and then it will run. I found I had to run Malwarebytes twice since this variant of Spyware Guard also blocks Internet connections for anti-spyware/anti-virus utlities. So I ran it once, it fixed the connection problems so I then could download all the recent updates which included ones for this new variant. Ran it again and *POOF*, Spyware Guard 2008 is gone!

    Here are the step-by-step instructions.

    1. Download the latest Malwarebytes' Anti-Malware installation program
    2. Rename the installation ("mbam-setup.exe" to "setup.exe")
    3. Rename executable ("c:\program files\malwarebytes' Anti-Malware\mbam.exe" to "c:\program files\malwarebytes' Anti-Malware\mbam2.exe")
    4. Run a quick scan, remove all detected objects and restart the computer
    5. Check for latest updates at Malwarebytes server
    6. Run full scan, remove all detected spyware and restart the computer

    Best,
    -- Andy
     
  15. almcneil

    almcneil TS Guru Posts: 1,277

    Tails,

    When I initially posted my solution, I forgot to add the step to rename the executable. I then updated my post adding that step. Make sure you tried it. If it didn't work, then you may be out of luck as I was running out of options too! This is the NASTIEST piece of spyware I've ever encountered!! I do this for a living so I've seen a lot of spyware in my time but nothing this nasty! The hackers really went out of their way to make sure you can't install or run or update any of your anti-virus/anti-spyware utilities. *&^%$!*^!!

    The key is to somehow get Malwarebytes installed. If you can at least do that then you can eventually get this infection removed. Try my updated steps again.

    Best,
    -- Andy
     
  16. mflynn

    mflynn TS Rookie Posts: 2,655

    Tails Clock

    You need to start your own thread. Entering someones like this is called Thread Hijacking.

    Hopefully a moderator will move it.

    But if you are in regular Safe Mode you can not access the internet. But Reboot to Safe Mode with Networking and you should be able to continue.

    Copy for pasting all text in box below, then open a command prompt and paste directly to the black screen. It will cloe.

    Code:
    @echo off
    sc stop TDSSserv.sys
    sc delete TDSSserv.sys
    exit
    exit
    ----------------------------------------------------------------------------------------------------------------------------------
    Then

    D/L Xclean_Micro http://www.xblock.com/download/xclean_micro.exe
    No install, just run it delete all it finds decline to reboot on each item found, until the program finishes then reboot.

    Xclean will run minimized and will pop up a window if it finds anything. If it finds nothing it will exit.

    Please make a note of what it found if any as it has no log.
    If it finds several things reboot to Safe Mode and run again before continuing below.

    Malware Removal Tool by Joe Pestro http://majorgeeks.com/Malware_Removal_Tool_d4632.html

    Then continue with 8 Steps.

    In any case post the results back to your own thread and not back here!

    Mike
     
  17. mflynn

    mflynn TS Rookie Posts: 2,655

    No it just causes confusion as to who has ran what and when could cause us workers double work.

    It is disallowed not by me but the rules of TechSpot. If you don't soon Create your own thread the powers that be will on both of us!

    You can aways read and do this thread.

    OK there are 2 Safe Modes.

    1. Safe Mode. Absolutly no internet
    2. Safe Mode with Networking. In most cases if not damaged internet is available.

    Command prompt is Start-Program-Accessories-Command prompt!

    or

    Click Start-Run
    type
    cmd
    hit enter or click OK!

    Mike
     
  18. almcneil

    almcneil TS Guru Posts: 1,277

    Tails,

    Unfortunately, I think you've reached the end of the line trying to remove this sticky, nasty piece of spyware. I just spent 6 hours and was about to give up when I found the "renaming" solution from someone at another web site. If that doens't work for you and no one else has a suggestion, then you'll have no choice but to re-install Windows.

    Best,
    -- Andy
     
  19. agiera

    agiera TS Rookie Topic Starter

    tried to rename mbam and it says disk is write protected how do I remove write protection
     
  20. pyromaster114

    pyromaster114 TS Guru Posts: 246

    Best way to get rid of the thing:
    1) Wipe hard disk drive.
    2) Re-install windows.
    3) ???
    4) Profit.

    Other than that, not much I can suggest other than what everyone else has already said.
     
  21. agiera

    agiera TS Rookie Topic Starter

    Andy
    I renamed mbam by sendind it to another file then it worked I installed it but I'm a little lost when you say rename executable I think I did it but it gave me 5 different mbams I tried them all and it said windows couldn't open. Could I try to run the scan in safe mode or did I do something wrong when I renamed the c/program file deal. My computer knowledge is not all that good but I'm learning I think I'm close to beating this virus I just think I made a mistake when I did the renaming in step 3. Or do you think my Internet is to damaged I really don't want to give in to this piece of #€%¥
     
  22. nonskidsurfass

    nonskidsurfass TS Rookie

    Hmmmm... so do we have a difinitive answer on this yet? and maybe some peeps that can lay it out in plain English? (Moderators) I am gonna do what I have gleamed from this post and try it out cuz I have got this twice and figured this time I am gonna fix it! Spybot S&D or any of the others don't fix it nor does any anti virus I have found. Seems fer now it is a manual fix. *fingers crossed* and I will let ya know.
    -Nonskidsurfass
     
  23. almcneil

    almcneil TS Guru Posts: 1,277

    Try One More Time!

    agiera et al,

    Sorry, I've been busy at customer sites the past 24 hours and just catching up now with my daily items.

    First, keep in mind there are many variants of Spyware Guard 2008 out there. The particular one I encountered this week on a customer's computer I believe is a brannd new variant that has come out the past week or less. As I explained above, I had a terrible time removing it as it blocked every anti-spyware, antivirus and anti-malware program or utility I had. I found a solution that worked for me from someone at another site and I posted the detailed steps above. If those steps do not work for you then either you messed up on a particular step or you have a different variant of Spyware Guard 2008 or perhaps other spyware infections that are interering.

    agiera, I'm reposting the steps I used in more detail. if you still have problems, then I suggestion you find someone who is tech saavy to help you. Here are the step-by-step instructions.

    1. Download the latest Malwarebytes' Anti-Malware installation program ("mbam-setup.exe")
    2. Rename the installation program ("mbam-setup.exe" to "setup.exe")
    3. Run the installation program
    4. Rename executable (go to "c:\program files\malwarebytes' Anti-Malware" and rename "mbam.exe" to "mbam2.exe")
    5. Run "mbam2.exe"
    6. Run a quick scan, remove all detected objects and restart the computer
    7. Check for latest updates at Malwarebytes server
    8. Run full scan, remove all detected spyware and restart the computer

    Best,
    -- Andy
     
  24. Onetap

    Onetap TS Rookie

    Spywareguard 2008

    Thanks AlMcNeil. It worked for me. I love you.
    I wasted all my free time over two days on that.

    I followed your instructions on page 1 (I didn't realize there was a page 2) and it got rid of it. There were other viruses/malware, one redirecting Google searches via a 'go.google.com' spyware site.

    I renamed Malwarebytes and installed it. Then a quick scan, full scan, update and quickscan again. The Spywareguard wasn't removed until after scan by the updated version.

    Thanks again, Happy Christmas and a prosperous New Year.
     
  25. nolihostem

    nolihostem TS Rookie

    If renaming the MBAM and SAS installation files doesn't work

    I had problems simply renaming MBAM & SAS and trying to run them. I believe I had a variant of this that blocked any exe files from running in addition to routing my browser to phony websites so I couldn't download files directly. Here's what I did and it allowed me to install both MBAM and SAS, update them and clean out all the nasty stuff:

    1. Download the MBAM & SAS installation files to a USB drive from a non-infected cpu
    2. Save MBAM to the infected cpu under the C:\Program Files\Spyware Guard 2008 and rename it spywareguard.exe. Under this folder, there is already an exe file with this name so you will have to delete or rename it. From this point you should be able to run the MBAM installation process and then update and scan your cpu. Remember that this variant will replace the file if deleted and then reopen the file if you close it. I believe since it detected spywareguard.exe (even though it was actually MBAM) it didn't replace it and then just kept reopening it. During the scan you will be prompted to install MBAM again (maybe once per minute). Just cancel this out until the scan is finished. Delete/quarantine the files and you will be prompted to restart.
    3. Now, do the same thing with SAS. I did them both again after this just to be sure.
    4. At this point, I no longer have spyware guard 2008 but still have this fake windows security center running in the taskbar but I can now run exe files, visit websites and download from the internet . Apparently, Ad Aware rids your cpu of this so I'm in the process of running that now. I'll provide an update in a minute.
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...