Your Questions About Spyware Removal Freeware

Posted by softwareguru on July 28, 2014

Helen asks…

How can I get rid of “Spyware Guard 2008” Malware? I used Malwarebytes & it wouldn’t remove it? Any Suggest?!?

I got this Malware after downloading a program. It was attached to it. I use and run “Malwarebytes Anitspyware” on a regular basis, however, after 4 full scans, it will not remove it. It will remove everything except what it says “Log in as Administer” to remove items.

softwareguru answers:

Spyware Guard 2008 Removal guide
———————————————————–
Spyware Guard 2008 is a new entrant to the family of rogue security software. It is not to be confused with SpywareGuard a fine freeware from Javacool software.

A rogue security software belongs to a family of software products that call themselves as antivirus, antispyware or registry cleaners and often use deceptive or high pressure sales tactics and deliberate false positives to convince users into buying a license/subscription. They are often repackaged and renamed. They do not actually remove malware instead many of them add more malware of their own.

Note: Visiting any of the malware hosting domains mentioned below may be injurious to the health of your computer system.

Analysis of Spyware Guard 2008 Installation

spyware-guard-2008-0010a Spyware Guard 2008 Analysis and Removal

This rogue anti-spyware currently lives in spywareguard2008.com. Spywareguard2008.com has the IP 67.19.176.187 hosted by bb.b0.1343.static.theplanet.com. The domain name appears to be registered by MAMBA on 26-Aug-2008 and the registrant details are protected by Protect Details, Inc out of Saint Petersburg, Russia. This IP is shared with Porn-movies-online.net, notorious for pushing fake video codecs. This IP is also used as a nameserver for pyroscanner.com.

A temporary redirect from gosg2008.com and Sg8go.com points to spywareguard2008.com.

Curiously their payment processor at innovagest2000s.com is not yet working, gives off a message “Invalid product !”.

The executable installer file is named SpywareGuard2008.exe (1.51 MB). This file must be manually executed for the installation of the rogue anti-spyware. At this point only a couple of engines detects this as suspicious over at VirusTotal.

Spyware-guard-2008-virustotal-results Spyware Guard 2008 Analysis and Removal

True to its genre, it installs a few suspicious files of its own in the Windows directory. They are reged.exe, spoolsystem.exe, sys.com, syscert.exe, sysexplorer.exe and vmreg.dll.

Spyware Guard 2008 – Associated Files and Folders

* C:Documents and SettingsShanmugaStart MenuProgramsSpyware Guard 2008
* C:Program FilesSpyware Guard 2008
* C:Program FilesSpyware Guard 2008quarantine

* C:Program FilesSpyware Guard 2008conf.cfg
* C:Program FilesSpyware Guard 2008mbase.vdb
* C:Program FilesSpyware Guard 2008quarantine.vdb
* C:Program FilesSpyware Guard 2008queue.vdb
* C:Program FilesSpyware Guard 2008spywareguard.exe
* C:Program FilesSpyware Guard 2008uninstall.exe
* C:Program FilesSpyware Guard 2008vbase.vdb

* C:Documents and SettingsShanmugaDesktopSpyware Guard 2008.lnk
* C:Documents and SettingsShanmugaStart MenuProgramsSpyware Guard 2008Spyware Guard 2008.lnk
* C:Documents and SettingsShanmugaStart MenuProgramsSpyware Guard 2008Uninstall.lnk
* C:Documents and SettingsShanmugaApplication DataMicrosoftInternet Explorerolesys.dll

* C:Windowsreged.exe
* C:Windowsspoolsystem.exe
* C:Windowssys.com
* C:Windowssyscert.exe
* C:Windowssysexplorer.exe
* C:Windowsvmreg.dll

Note: File names may be randomly generated.

Spyware Guard 2008 – Associated Registry keys and values

* HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRunspywareguard
REG_SZ, 106 bytes, “C:Program FilesSpyware Guard 2008spywareguard.exe”
* HKEY_CURRENT_USERSoftwareMicrosoftWindowsShellNoRoamMUICacheC:Program FilesSpyware Guard 2008spywareguard.exe
REG_SZ, 26 bytes, “spywareguard”
* HKEY_CURRENT_USERSoftwareSpyware GuardNPNP
REG_SZ, 66 bytes, “F620C418B59F44D289B18E1D1B5D896E”
* HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionUninstallSpyware Guard 2008Display Name
REG_SZ, 38 bytes, “Spyware Guard 2008″
* HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionUninstallSpyware Guard 2008DisplayName
REG_SZ, 38 bytes, “Spyware Guard 2008″
* HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionUninstallSpyware Guard 2008UninstallString
REG_SZ, 100 bytes, “C:Program FilesSpyware Guard 2008uninstall.exe”

Spyware Guard 2008 – Associated Domains

* spywareguard2008.com
* Porn-movies-online.net
* pyroscanner.com
* gosg2008.com
* Sg8go.com
* innovagest2000s.com

Spyware Guard 2008 – Removal (How to remove Spyware Guard 2008)

At the time of writing this none of the popular free anti-malware programs were detecting this. I tested with MalwareBytes’s Anti-Malware, SuperAntiSpyware, Ad-Aware 2008, Spybot Search & Destroy, A-squared free and PCTools SpywareDoctor starter edition. I will update this post once any of the above vendors include detection and removal for this rogue.

Update Oct 04: SUPERAntiSpyware free version detects and removes t

Robert asks…

virus removal freeware ?

while my computer is protected by avast anti virus and as back up threat fire if i was unlucky enough to get my pc infected can anyone reccomend a freeware program to remove viruses and such thanks paul

softwareguru answers:

That’s a strong combination! You could use free online scanners by the leading security companies. Just go to the website & run the scan. You may have to install a small activeX control. Use at least 1 scan from each group.

Virus scans:
TrendMicro – http://housecall.trendmicro.com
BitDefender – http://www.bitdefender.com/scan8/ie.html
F-Secure – http://support.f-secure.com/enu/home/ols.shtml
Panda-ActiveScan – http://www.pandasecurity.com/activescan/index
ESET – http://www.eset.com/onlinescan/cac4.php?page=details

Spyware scans:
SUPERAntiSpyware – http://www.superantispyware.com/onlinescan.html
a-squared – http://www.emsisoft.com/en/software/ax
ewido – http://www.ewido.net/en/onlinescan
AhnLab – http://global.ahnlab.com/global/products/myspyzero.html
CA – http://www.ca.com/us/securityadvisor/pestscan
PCPitStop – http://www.pcpitstop.com/store/exterminate.asp

Most of these sites require you to use Internet Explorer to run the scans

Powered by Yahoo! Answers

Comments are closed.