Jump to content

Spyware Guard 2008

warman

By warman
in General Chat

 Share

Recommended Posts

warman

warman

Posted
Posted

Hi all,

I have been infected with spyware guard 2008. This is a new version... All the information that I have got from my google search is not working. The manual steps mentioned do not apply to this new version.

I have been trying to install mbm on my infected PC but it is not letting me. You see the installation running in the task manager (processes) but nothing happens.

I have installed mbm on my laptop,

Mapped my C: drive of my infected pc to my laptop,

Right clicked on the mapped hard drive Z:

Ran MBM but after 4 seconds I get the message that the scan is complete???

I am running out of options, and re-imaging or re-installing my pc is not something I am willing to do yet.

My IE has been infected to, every time i try to login to mcafee or spy sweeper home pages I get rerouted to google search...

Not able to run Search & Destroy... Mcafee 8.01 not able to reconfigure or update... tried manually, by safe mode, safe mode with netowrk, still no success,

If any one, any where can help?

Best regards, and happy holidays to all,

warman

Link to post
Share on other sites
exile360

exile360

Posted
Posted

Greetings, and welcome warman.

The following instructions assume you have a clean computer to work from.

Create a folder on the desktop of your clean computer and call it

"copy me to desktop" without the quotes.

Next, please download Malwarebytes' Anti-Malware from here:

http://www.majorgeeks.com/Malwarebytes_Ant...ware_d5756.html

Save the setup file in the folder you created previously.

Install the program on the clean computer by double clicking it and

run Malwarebytes' and update the definitions once installation completes.

Open notepad and copy the following text into it exactly as written

then save the file as prep.bat (make sure you select the drop down

box when saving the file that says "Save as type" and select "All Files":

copy "%AllUsersProfile%\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\rules.ref" "%cd%"
ren "%cd%\mbam-setup.exe" 12setup.exe

Now double click the prep.bat file you just created, the setup file should now be renamed

and you should now have a file called rules.ref in the folder with it.

Now, as before, create another batch file called install.bat and save it in the same folder:

copy rules.ref "%AllUsersProfile%\Application Data\Malwarebytes\Malwarebytes' Anti-Malware"
ren "%systemdrive%\Program Files\Malwarebytes' Anti-Malware\mbam.exe" mscan.exe
"%systemdrive%\Program Files\Malwarebytes' Anti-Malware\mscan.exe" /quickscan

Don't execute the second batch file you just created yet, we'll be using it later.

Now, copy the folder you created containing the setup file, the rules.ref file and the 2 batch files

to a flash drive or writable cd and copy the folder to the desktop of the infected computer

Once it's there, run 12setup.exe and after the installation is complete, double click on the second

batch file you made called install.bat. Malwarebytes' should now run and scan your computer for infections.

Once the scan completes, remove any infections it finds and reboot if necessary. Once that's done

please read the instructions here:

http://www.malwarebytes.org/forums/index.php?showtopic=2936

and post your logs in a new topic here:

http://www.malwarebytes.org/forums/index.php?showforum=7

Please be sure not to install any software or use any removal/scanning tools exept those that you are

instructed to by the expert who will be assisting you as doing so can make their job much more difficult.

I hope I was helpful. Good luck and safe surfing.

Link to post
Share on other sites
ASF1nk

ASF1nk

Posted
Posted

Hello,

I have the same problem as warman.

I have followed your solution, but when I double click the prep.bat file,

I don't get the rules.ref, the setup file does get renamed though.

Malwarebytes IS installed and updated.

Do you know what I'm doing wrong?

Wish you could help, Thanks.

Link to post
Share on other sites
exile360

exile360

Posted
Posted

OK, I'm back. Sorry about that, technical difficulties. Anyway, Vista is why my batch file didn't work. Please right click the file and then click "Run as administrator". That should allow it to grab the signature file. If not, then you can simply go to C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware and right click on the "rules.ref" file and click copy and then go to the folder you made on your desktop and click paste, if UAC prompts you for permission allow it.

Link to post
Share on other sites
exile360

exile360

Posted
Posted

That's okay, all you have to do is rename the setup file to 12setup.exe and go to that folder I mentioned in my last post and copy the rules.ref file to the folder you created on your desktop manually. The main reason for the batch file is convenience. It is strange that it wouldn't work on your Vista system though, as I created that file 2 days ago on my system at home which is running Vista and it worked fine. It could just be your antivirus blocking it, but as I said, it's no big deal.

Link to post
Share on other sites
exile360

exile360

Posted
Posted

Well guess what, I just tested my batch file (again) and apparently on some systems the program doesn't like having it's folder renamed, so please use this batch file instead, as:

copy rules.ref "%AllUsersProfile%\Application Data\Malwarebytes\Malwarebytes' Anti-Malware"
ren "%systemdrive%\Program Files\Malwarebytes' Anti-Malware\mbam.exe" mscan.exe
"%systemdrive%\Program Files\Malwarebytes' Anti-Malware\mscan.exe" /quickscan

Just create it the same way you created the other 2. Run it after you've installed malwarebytes on the infected computer and let me know how it goes.

PS: Just figured out why you got the invalid parameter error, I misspelled "quickscan" (I left out the c). See what happens when I try to rush? Good grief, I'm sorry about that. :)

edit: I went ahead and corrected my post above as well so no one else who reads this thread will get confused by my mistake.

Link to post
Share on other sites
  • Root Admin
AdvancedSetup

AdvancedSetup

Posted
  • Root Admin
Posted

Give this a try and see if it helps or not.

  • Download FixPolicies.exe by Bill Castner and save it to your desktop.
  • Double click on FixPolicies.exe to run it.
  • Click on Install. It will create a folder named FixPolicies on your desktop.
  • Open the FixPolicies folder.
  • Double click on Fix_policies.cmd to run it. Command Prompt will open and close quickly this is normal.
  • Reboot your computer after it runs
Link to post
Share on other sites
exile360

exile360

Posted
Posted

Sorry, but what do you mean deleted itself? Did it delete the setup file that's in the folder on your desktop, or did it uninstall itself?

Now, as for the task manager, to get it enabled (no worries, I triple checked my spelling this time :) ) copy the following text into notepad and save it as allowtask.reg then double click it and reboot, the taskmanager should work afterwards:

Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableTaskMgr"=dword:00000000

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\LocalUser\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableTaskMgr"=dword:00000000

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\]
"DisableTaskMgr"=dword:00000000

let me know how it goes, thanks

edit: sorry AdvancedSetup, didn't realize you were posting there.

Link to post
Share on other sites
  • Root Admin
AdvancedSetup

AdvancedSetup

Posted
  • Root Admin
Posted

Before we go any further. Have you posted to the HJT forum yet?

This should be being reviewed in that forum, not here.

Please read and follow the instructions provided here: Pre- HJT Post Instructions

When ready please post your logs here: Malware Removal - HijackThis Logs

Someone will be happy to assist you further with cleaning your system.

During this scan and cleanup process you should not install any other software unless requested to do so.

Link to post
Share on other sites
exile360

exile360

Posted
Posted

It may fix some of the problems, but often infections like this are so persistent that System Restore doesn't fully get rid of them and they end up redownloading any removed components as soon as you get online. That's why it's probably best to follow AdvancedSetup's instructions. The expert you'll be working with will make absolutely sure you're clean.

Link to post
Share on other sites
exile360

exile360

Posted
Posted

No problem, please download Dial-a-fix from here: http://djlizard.net.nyud.net:8080/software...-v0.60.0.24.zip Once you download it, unzip it and run Dial-a-fix.exe. Click on the Policies button on the bottom of the window, and when the second window opens up there should be a list of restrictions, make sure there is a check mark next to each one (there should be by default) and click the Remove button on the lower left. That should fix issues with accessing the registry, task manager, and many other settings and tools in windows.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.