Drew Community  

Go Back   Drew Community > General Forums > Technology Discussion
uLogin ID  
Password
FAQ Members List Calendar Search Today's Posts Mark Forums Read


Reply
 
Thread Tools Search this Thread Display Modes
  #1  
Old 01-12-2009, 02:30 PM
Kirstin E. Bethavas Kirstin E. Bethavas is offline
Ranger Cub
 
Join Date: Apr 2007
Posts: 45
Default Spyware Guard 2009 Virus - help?

I've managed to contract a nasty virus, I think - Spyware Guard 2009 keeps popping up masquerading as Windows "Securiry" Center (if you want to fool people .. maybe you should use spellcheck? anyway ..) and while Spybot S&D can identify the problem both in Program Files and in the registry, it can't seem to eradicate it. Neither can AVG, another program which was recommended to me by a friend.

My question - Does anyone know of a way to get this virus off of my computer? Or, would reimaging my computer fix the problem? I do know how to reimage the T61 laptop, which is what I've got. I know I have to be on campus to do it without the CD, but it might be preferable to surrendering my computer to CNS - I don't really want to be without a computer for a month again, both because I haven't got a home computer to use for the rest of break and to be without a computer at the begining of the semester is a royal pain.
Reply With Quote
  #2  
Old 01-13-2009, 12:41 AM
Michael L. Jokubaitis
 
Posts: n/a
Default

Kirstin,

Have you tried manually removing the malware? If not, then it might be worth a try.

It is a two-step process. First, you need to remove all the executable (.exe) files associated with the malware. Second, you need to remove the offending registry values from the Windows Registry.

Before trying this approach, however, it is advisable (meaning do it) to backup your registry before altering it. That way, if anything should go amiss you can return to your original configuration.

Backing-up the Registry:
  • Click Start.
  • Navigate to All Programs>>Accessories>>System Tools>>Backup.
  • The Backup Wizard should open (“Welcome to the Backup or Restore Wizard”).
  • In the text of the window should be a link (blue highlight) saying “Advanced Mode.” Click it.
  • Once in Advanced Mode, click Backup Wizard (Advanced).
  • The wizard should automatically re-launch in Advanced mode.
  • Click Next.
  • Select “Only back up System State data.”
  • Click Next.
  • Pick a name for and place to save the file (the desktop is fine).
  • Click Next.
  • Click Finish
Restoring the Registry (only if anything should go wrong with removing the malware):
  • Steps 1-4 same as above.
  • Once in Advanced Mode, click Restore Wizard (Advanaced).
  • The wizard should automatically re-launch in Advanced mode.
  • Click Next.
  • Select the name of the file you created above from the list or search for it.
  • Click Next.
  • Click Finish.
Now that that’s all out of the way, we’re on to removing the offending malware. This process may be a little tricky if you haven’t done it before, so be careful.
  • Find (search if need be) for all programs with spywareguard2009 in the title. There should be one entry (in particular) named
    • spywareguard2009.exe
  • Delete it.
  • Click Start>>Run.
  • In the Open field type: regedit
  • The Windows Registry Editor will open.
  • On the left is the registry key pane. On the right is the registry values pane.
  • There are three offending registry entries:
HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Run\”spywareguard” = “C:\Program Files\Spyware Guard 2009\spywareguard.exe”


HKEY_CURRENT_USER\Software\Spyware Guard


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Uninstall\Spyware Guard 2009
  1. Find these entries in the appropriate registry keys (designated by the all-caps text at the beginning of the above entries).
  2. Right-click the values/entries and click Delete.
  3. When you’re finished, exit the Registry Editor, and restart your system.
I know this is a bit long-winded, but this process should remove the malware. If there are any problems, let me know.


Good luck,


Michael

Last edited by Michael L. Jokubaitis : 01-13-2009 at 12:45 AM.
Reply With Quote
  #3  
Old 01-13-2009, 02:25 PM
Jonathan Ortiz's Avatar
Jonathan Ortiz Jonathan Ortiz is offline
Young Squirrel
 
Join Date: May 2007
Posts: 8
Default

In addition to that, you should also run this program.

http://www.download.com/Malwarebytes...-10804572.html

That combination was able to get rid of the virus for me when I got it at some point over the summer.
Reply With Quote
  #4  
Old 01-13-2009, 04:35 PM
Kirstin E. Bethavas Kirstin E. Bethavas is offline
Ranger Cub
 
Join Date: Apr 2007
Posts: 45
Default

I tried going into the registry and still wasn't able to get rid of it, so I simply hiked up to Drew today and camped out in the library to reimage my computer. It works now, though!

I'll keep the instructions/program just in case it should ever happen again, though.

Thank you so much, guys!
Reply With Quote
Reply


Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump


All times are GMT -4. The time now is 08:59 AM.


Powered by vBulletin® Version 3.5.7
Copyright ©2000 - 2019, Jelsoft Enterprises Ltd.

Drew University is not responsible for the content of posts made on this site. All posts and comments reflect the opinion of the author.