hi. I have the virus spyware guard 2008 and talked to some people on how to get rid of it. I have a disk with mbam. Spybot. And adware on it with instructions to install them and then run them in safe mode. No biggie except I can't install mbam or spybot cause the virus is affecting my Internet it keeps saying I have no connectionto server. But that can't be everything is hooked up and my iPhone works great thru the router. How do I install spybot in I can't get online?? And when I try to install mbam it does nothing it won't even open. I need help I'm very lost when it comes to this stuff and scared of what the virus is getting to like credit card #s and such help would be appreciated thanks.
Virus spyware guard 2008 is killing me
- Thread starter agiera
- Start date
- Status
Hi agiera
Get this on another computer then copy the entire Fixes folder to a CD or Flash drive the take to the desktop of the problem computer then open the Fixes folder and rum Fixit.cmd.
As instructed here: https://www.techspot.com/vb/post684649-3.html
When it boots back up do the below....
Do the TechSpot 8 steps: https://www.techspot.com/community/...lware-removal-preliminary-instructions.58138/
Skip no steps (do not install another virus scanner if you already have one).
Most importantly update MalwareBytes and SuperAntiSptware!
Before you scan with SuperAntiSpyWare do the below:
SuperAntispyware extra config
After installed double-click the icon on your desktop to run it.
Update the program definitions.
Click the Preferences button.
Then Scanning Control.
In Scanner Options make sure all boxes are checked except #3 Ignore System Restore.. are checked:
MalwareBytes extra config
After update but before running
Click settings and confirm all are Checked.
I repeat Update these 2 programs.
Run them and attach their logs.
Do this correctly and we will make a short job of this!
Mike
Get this on another computer then copy the entire Fixes folder to a CD or Flash drive the take to the desktop of the problem computer then open the Fixes folder and rum Fixit.cmd.
As instructed here: https://www.techspot.com/vb/post684649-3.html
When it boots back up do the below....
Do the TechSpot 8 steps: https://www.techspot.com/community/...lware-removal-preliminary-instructions.58138/
Skip no steps (do not install another virus scanner if you already have one).
Most importantly update MalwareBytes and SuperAntiSptware!
Before you scan with SuperAntiSpyWare do the below:
SuperAntispyware extra config
After installed double-click the icon on your desktop to run it.
Update the program definitions.
Click the Preferences button.
Then Scanning Control.
In Scanner Options make sure all boxes are checked except #3 Ignore System Restore.. are checked:
MalwareBytes extra config
After update but before running
Click settings and confirm all are Checked.
I repeat Update these 2 programs.
Run them and attach their logs.
Do this correctly and we will make a short job of this!
Mike
1. that is what he is trying to do "get back serenity".
2. He may can "try to remove it manualy" but it usually brings several buddies and immediately begins inviting others.
So the longer he waits to handle this the worse it gets if he is using the computer and browsing!
Mike
2. He may can "try to remove it manualy" but it usually brings several buddies and immediately begins inviting others.
So the longer he waits to handle this the worse it gets if he is using the computer and browsing!
Mike
actually yes my english isnt perfect and some times i do not understand some post like yours (what you wanted to say)
No problem stabdiz
He could remove it manually as you said.
But this one brings other malware with it.
And once on the computer, if he continues to use the computer then the malware will "invite" bring in even other bad things.
So removing only it would not work as now he has much more.
If he returns and does the steps I posted you will see many more.
If he don't return soon he will get so bogged down he will hardly be able to do anything and make it very hard to clean also.
Mike
He could remove it manually as you said.
But this one brings other malware with it.
And once on the computer, if he continues to use the computer then the malware will "invite" bring in even other bad things.
So removing only it would not work as now he has much more.
If he returns and does the steps I posted you will see many more.
If he don't return soon he will get so bogged down he will hardly be able to do anything and make it very hard to clean also.
Mike
try this
Hi Agiera
Before you do the 8 step process follow this instruction from this site
Procedural Steps
1.
Start->Run-> Devmgmt.msc ->ok
On the toolbar, Click on View -> "Show hidden devices"
2.
Scroll down and locate Non-plug and Play Drivers
Click the + sign to expand
3.
Search for “TDSSserv.sys”
Right click on it, and select “Disable”
4. Restart your computer
5. Confirm 'TDSSserv.sys' is disabled. Repeat Step 1-3. Cancel to exit.
6. Begin or resume UPDATED 8-step Viruses/Spyware/Malware Preliminary Removal Instructions
this will help
Hi Agiera
Before you do the 8 step process follow this instruction from this site
Procedural Steps
1.
Start->Run-> Devmgmt.msc ->ok
On the toolbar, Click on View -> "Show hidden devices"
2.
Scroll down and locate Non-plug and Play Drivers
Click the + sign to expand
3.
Search for “TDSSserv.sys”
Right click on it, and select “Disable”
4. Restart your computer
5. Confirm 'TDSSserv.sys' is disabled. Repeat Step 1-3. Cancel to exit.
6. Begin or resume UPDATED 8-step Viruses/Spyware/Malware Preliminary Removal Instructions
this will help
almcneil
Posts: 1,236 +1
Here's a Solution
Hi Agiera,
I am currently cleaning this particular piece of spyware from a customer's computer as I write. He called me the same day you posted this. I believe this is a new variant of Spyware Guard and it's NASTY!! It blocked every anti-spyware/anti-virus/anti-rootkit utliity I had (>12) I was about raise the white flag when I found a comment in a thread on another site in which the person figured out how to get around the blocking. He said to rename the installation program for Malwarebytes (mbam_setup.exe) to something else and then it will run. You also need to rename the executable (mbam.exe) to something else and then it will run. I found I had to run Malwarebytes twice since this variant of Spyware Guard also blocks Internet connections for anti-spyware/anti-virus utlities. So I ran it once, it fixed the connection problems so I then could download all the recent updates which included ones for this new variant. Ran it again and *POOF*, Spyware Guard 2008 is gone!
Here are the step-by-step instructions.
1. Download the latest Malwarebytes' Anti-Malware installation program
2. Rename the installation ("mbam-setup.exe" to "setup.exe")
3. Rename executable ("c:\program files\malwarebytes' Anti-Malware\mbam.exe" to "c:\program files\malwarebytes' Anti-Malware\mbam2.exe")
4. Run a quick scan, remove all detected objects and restart the computer
5. Check for latest updates at Malwarebytes server
6. Run full scan, remove all detected spyware and restart the computer
Best,
-- Andy
Hi Agiera,
I am currently cleaning this particular piece of spyware from a customer's computer as I write. He called me the same day you posted this. I believe this is a new variant of Spyware Guard and it's NASTY!! It blocked every anti-spyware/anti-virus/anti-rootkit utliity I had (>12) I was about raise the white flag when I found a comment in a thread on another site in which the person figured out how to get around the blocking. He said to rename the installation program for Malwarebytes (mbam_setup.exe) to something else and then it will run. You also need to rename the executable (mbam.exe) to something else and then it will run. I found I had to run Malwarebytes twice since this variant of Spyware Guard also blocks Internet connections for anti-spyware/anti-virus utlities. So I ran it once, it fixed the connection problems so I then could download all the recent updates which included ones for this new variant. Ran it again and *POOF*, Spyware Guard 2008 is gone!
Here are the step-by-step instructions.
1. Download the latest Malwarebytes' Anti-Malware installation program
2. Rename the installation ("mbam-setup.exe" to "setup.exe")
3. Rename executable ("c:\program files\malwarebytes' Anti-Malware\mbam.exe" to "c:\program files\malwarebytes' Anti-Malware\mbam2.exe")
4. Run a quick scan, remove all detected objects and restart the computer
5. Check for latest updates at Malwarebytes server
6. Run full scan, remove all detected spyware and restart the computer
Best,
-- Andy
almcneil
Posts: 1,236 +1
Tails,
When I initially posted my solution, I forgot to add the step to rename the executable. I then updated my post adding that step. Make sure you tried it. If it didn't work, then you may be out of luck as I was running out of options too! This is the NASTIEST piece of spyware I've ever encountered!! I do this for a living so I've seen a lot of spyware in my time but nothing this nasty! The hackers really went out of their way to make sure you can't install or run or update any of your anti-virus/anti-spyware utilities. *&^%$!*^!!
The key is to somehow get Malwarebytes installed. If you can at least do that then you can eventually get this infection removed. Try my updated steps again.
Best,
-- Andy
When I initially posted my solution, I forgot to add the step to rename the executable. I then updated my post adding that step. Make sure you tried it. If it didn't work, then you may be out of luck as I was running out of options too! This is the NASTIEST piece of spyware I've ever encountered!! I do this for a living so I've seen a lot of spyware in my time but nothing this nasty! The hackers really went out of their way to make sure you can't install or run or update any of your anti-virus/anti-spyware utilities. *&^%$!*^!!
The key is to somehow get Malwarebytes installed. If you can at least do that then you can eventually get this infection removed. Try my updated steps again.
Best,
-- Andy
Tails Clock
You need to start your own thread. Entering someones like this is called Thread Hijacking.
Hopefully a moderator will move it.
But if you are in regular Safe Mode you can not access the internet. But Reboot to Safe Mode with Networking and you should be able to continue.
Copy for pasting all text in box below, then open a command prompt and paste directly to the black screen. It will cloe.
----------------------------------------------------------------------------------------------------------------------------------
Then
D/L Xclean_Micro http://www.xblock.com/download/xclean_micro.exe
No install, just run it delete all it finds decline to reboot on each item found, until the program finishes then reboot.
Xclean will run minimized and will pop up a window if it finds anything. If it finds nothing it will exit.
Please make a note of what it found if any as it has no log.
If it finds several things reboot to Safe Mode and run again before continuing below.
Malware Removal Tool by Joe Pestro http://majorgeeks.com/Malware_Removal_Tool_d4632.html
Then continue with 8 Steps.
In any case post the results back to your own thread and not back here!
Mike
You need to start your own thread. Entering someones like this is called Thread Hijacking.
Hopefully a moderator will move it.
But if you are in regular Safe Mode you can not access the internet. But Reboot to Safe Mode with Networking and you should be able to continue.
Copy for pasting all text in box below, then open a command prompt and paste directly to the black screen. It will cloe.
Code:
@echo off
sc stop TDSSserv.sys
sc delete TDSSserv.sys
exit
exitThen
D/L Xclean_Micro http://www.xblock.com/download/xclean_micro.exe
No install, just run it delete all it finds decline to reboot on each item found, until the program finishes then reboot.
Xclean will run minimized and will pop up a window if it finds anything. If it finds nothing it will exit.
Please make a note of what it found if any as it has no log.
If it finds several things reboot to Safe Mode and run again before continuing below.
Malware Removal Tool by Joe Pestro http://majorgeeks.com/Malware_Removal_Tool_d4632.html
Then continue with 8 Steps.
In any case post the results back to your own thread and not back here!
Mike
No it just causes confusion as to who has ran what and when could cause us workers double work.
It is disallowed not by me but the rules of TechSpot. If you don't soon Create your own thread the powers that be will on both of us!
You can aways read and do this thread.
OK there are 2 Safe Modes.
1. Safe Mode. Absolutly no internet
2. Safe Mode with Networking. In most cases if not damaged internet is available.
Command prompt is Start-Program-Accessories-Command prompt!
or
Click Start-Run
type
cmd
hit enter or click OK!
Mike
It is disallowed not by me but the rules of TechSpot. If you don't soon Create your own thread the powers that be will on both of us!
You can aways read and do this thread.
OK there are 2 Safe Modes.
1. Safe Mode. Absolutly no internet
2. Safe Mode with Networking. In most cases if not damaged internet is available.
Command prompt is Start-Program-Accessories-Command prompt!
or
Click Start-Run
type
cmd
hit enter or click OK!
Mike
almcneil
Posts: 1,236 +1
Tails,
Unfortunately, I think you've reached the end of the line trying to remove this sticky, nasty piece of spyware. I just spent 6 hours and was about to give up when I found the "renaming" solution from someone at another web site. If that doens't work for you and no one else has a suggestion, then you'll have no choice but to re-install Windows.
Best,
-- Andy
pyromaster114
Posts: 243 +0
Best way to get rid of the thing:
1) Wipe hard disk drive.
2) Re-install windows.
3) ???
4) Profit.
Other than that, not much I can suggest other than what everyone else has already said.
1) Wipe hard disk drive.
2) Re-install windows.
3) ???
4) Profit.
Other than that, not much I can suggest other than what everyone else has already said.
Andy
I renamed mbam by sendind it to another file then it worked I installed it but I'm a little lost when you say rename executable I think I did it but it gave me 5 different mbams I tried them all and it said windows couldn't open. Could I try to run the scan in safe mode or did I do something wrong when I renamed the c/program file deal. My computer knowledge is not all that good but I'm learning I think I'm close to beating this virus I just think I made a mistake when I did the renaming in step 3. Or do you think my Internet is to damaged I really don't want to give in to this piece of #€%¥
I renamed mbam by sendind it to another file then it worked I installed it but I'm a little lost when you say rename executable I think I did it but it gave me 5 different mbams I tried them all and it said windows couldn't open. Could I try to run the scan in safe mode or did I do something wrong when I renamed the c/program file deal. My computer knowledge is not all that good but I'm learning I think I'm close to beating this virus I just think I made a mistake when I did the renaming in step 3. Or do you think my Internet is to damaged I really don't want to give in to this piece of #€%¥
Hmmmm... so do we have a difinitive answer on this yet? and maybe some peeps that can lay it out in plain English? (Moderators) I am gonna do what I have gleamed from this post and try it out cuz I have got this twice and figured this time I am gonna fix it! Spybot S&D or any of the others don't fix it nor does any anti virus I have found. Seems fer now it is a manual fix. *fingers crossed* and I will let ya know.
-Nonskidsurfass
-Nonskidsurfass
almcneil
Posts: 1,236 +1
Try One More Time!
agiera et al,
Sorry, I've been busy at customer sites the past 24 hours and just catching up now with my daily items.
First, keep in mind there are many variants of Spyware Guard 2008 out there. The particular one I encountered this week on a customer's computer I believe is a brannd new variant that has come out the past week or less. As I explained above, I had a terrible time removing it as it blocked every anti-spyware, antivirus and anti-malware program or utility I had. I found a solution that worked for me from someone at another site and I posted the detailed steps above. If those steps do not work for you then either you messed up on a particular step or you have a different variant of Spyware Guard 2008 or perhaps other spyware infections that are interering.
agiera, I'm reposting the steps I used in more detail. if you still have problems, then I suggestion you find someone who is tech saavy to help you. Here are the step-by-step instructions.
Best,
-- Andy
agiera et al,
Sorry, I've been busy at customer sites the past 24 hours and just catching up now with my daily items.
First, keep in mind there are many variants of Spyware Guard 2008 out there. The particular one I encountered this week on a customer's computer I believe is a brannd new variant that has come out the past week or less. As I explained above, I had a terrible time removing it as it blocked every anti-spyware, antivirus and anti-malware program or utility I had. I found a solution that worked for me from someone at another site and I posted the detailed steps above. If those steps do not work for you then either you messed up on a particular step or you have a different variant of Spyware Guard 2008 or perhaps other spyware infections that are interering.
agiera, I'm reposting the steps I used in more detail. if you still have problems, then I suggestion you find someone who is tech saavy to help you. Here are the step-by-step instructions.
- Download the latest Malwarebytes' Anti-Malware installation program ("mbam-setup.exe")
- Rename the installation program ("mbam-setup.exe" to "setup.exe")
- Run the installation program
- Rename executable (go to "c:\program files\malwarebytes' Anti-Malware" and rename "mbam.exe" to "mbam2.exe")
- Run "mbam2.exe"
- Run a quick scan, remove all detected objects and restart the computer
- Check for latest updates at Malwarebytes server
- Run full scan, remove all detected spyware and restart the computer
Best,
-- Andy
Spywareguard 2008
Thanks AlMcNeil. It worked for me. I love you.
I wasted all my free time over two days on that.
I followed your instructions on page 1 (I didn't realize there was a page 2) and it got rid of it. There were other viruses/malware, one redirecting Google searches via a 'go.google.com' spyware site.
I renamed Malwarebytes and installed it. Then a quick scan, full scan, update and quickscan again. The Spywareguard wasn't removed until after scan by the updated version.
Thanks again, Happy Christmas and a prosperous New Year.
Thanks AlMcNeil. It worked for me. I love you.
I wasted all my free time over two days on that.
I followed your instructions on page 1 (I didn't realize there was a page 2) and it got rid of it. There were other viruses/malware, one redirecting Google searches via a 'go.google.com' spyware site.
I renamed Malwarebytes and installed it. Then a quick scan, full scan, update and quickscan again. The Spywareguard wasn't removed until after scan by the updated version.
Thanks again, Happy Christmas and a prosperous New Year.
If renaming the MBAM and SAS installation files doesn't work
I had problems simply renaming MBAM & SAS and trying to run them. I believe I had a variant of this that blocked any exe files from running in addition to routing my browser to phony websites so I couldn't download files directly. Here's what I did and it allowed me to install both MBAM and SAS, update them and clean out all the nasty stuff:
1. Download the MBAM & SAS installation files to a USB drive from a non-infected cpu
2. Save MBAM to the infected cpu under the C:\Program Files\Spyware Guard 2008 and rename it spywareguard.exe. Under this folder, there is already an exe file with this name so you will have to delete or rename it. From this point you should be able to run the MBAM installation process and then update and scan your cpu. Remember that this variant will replace the file if deleted and then reopen the file if you close it. I believe since it detected spywareguard.exe (even though it was actually MBAM) it didn't replace it and then just kept reopening it. During the scan you will be prompted to install MBAM again (maybe once per minute). Just cancel this out until the scan is finished. Delete/quarantine the files and you will be prompted to restart.
3. Now, do the same thing with SAS. I did them both again after this just to be sure.
4. At this point, I no longer have spyware guard 2008 but still have this fake windows security center running in the taskbar but I can now run exe files, visit websites and download from the internet . Apparently, Ad Aware rids your cpu of this so I'm in the process of running that now. I'll provide an update in a minute.
I had problems simply renaming MBAM & SAS and trying to run them. I believe I had a variant of this that blocked any exe files from running in addition to routing my browser to phony websites so I couldn't download files directly. Here's what I did and it allowed me to install both MBAM and SAS, update them and clean out all the nasty stuff:
1. Download the MBAM & SAS installation files to a USB drive from a non-infected cpu
2. Save MBAM to the infected cpu under the C:\Program Files\Spyware Guard 2008 and rename it spywareguard.exe. Under this folder, there is already an exe file with this name so you will have to delete or rename it. From this point you should be able to run the MBAM installation process and then update and scan your cpu. Remember that this variant will replace the file if deleted and then reopen the file if you close it. I believe since it detected spywareguard.exe (even though it was actually MBAM) it didn't replace it and then just kept reopening it. During the scan you will be prompted to install MBAM again (maybe once per minute). Just cancel this out until the scan is finished. Delete/quarantine the files and you will be prompted to restart.
3. Now, do the same thing with SAS. I did them both again after this just to be sure.
4. At this point, I no longer have spyware guard 2008 but still have this fake windows security center running in the taskbar but I can now run exe files, visit websites and download from the internet . Apparently, Ad Aware rids your cpu of this so I'm in the process of running that now. I'll provide an update in a minute.
- Status
Similar threads
Latest posts
-
Logitech thinks the computer mouse needs an AI upgrade- Dimitrios replied
-
Lenovo and Micron are first to announce a laptop using LPCAMM2 memory- Shawn Knight replied
