Jump to content

Spyware Guard 2008 - Can't run Malwarebytes


Recommended Posts

Morning,

So, my sister as been tricked into installing Spyware Guard 2008 and didn't have any antivirus running (its license had ran out). I've never seen anything like this and having a real nightmare with it.

Everything I list as trying, I have tried in both normal mode and safe mode within Windows XP SP2.

The installer won't start (the process is killed) for Malwarebytes. I have tried renaming it in situe and renaming and then copying it to the harddrive via the network.

I can't install AVG free. The process gets killed after selecting the install language.

I have (using various webpages, gone through and manually deleted everything they suggest file wise and within the registry, also searching the registry for any instances of "spyware" and removing those too.

As expected, it installs itself again.

I have also checked in the device manager for the drivers listed in another forum topic of this board. They are not present in the hidden list and everything tghere appears to be normal (I googled them all to see what they were).

I was able to open IE and surf (although it sometimes closes IE depending on what I'm looking at, sometimes when simply starting a google search). After doing some playing, now when I open IE or firefox no pages will load at all. It started by saying it couldnt be assigned an IP address from the router, so I manually setup the TCPIP settings for my network and got the network connection fully functioning (or at least windows stopped complaining) but no pages will still load.

After several hours of this I stumbled accross another topic in this forum suggesting Dr Web Cureit. I currently having this running a full scan but I'm not expecting much!

Does anyone have any idea what I can do to stop this thing and sort it out? Its a new iteration of the spyware guard (installed 5 days ago) and its really starting to upset my karma!!!

Thanks for any help!

Batfink

Link to post
Share on other sites

Welcome to Malwarebytes thebatfink

Please read and follow the instructions provided here: I'm infected - What do I do now?

When ready please post your logs here: Malware Removal - HijackThis Logs

Someone will give you further instructions to assist you with the cleaning of your system.

Note:

Do Not run any other tools or scans during the cleanup process, Do Not install any other software unless requested to do so.

Link to post
Share on other sites

Ok, thanks for the reply, here is where I'm at right now..

I have no internet connectivity on the infected machine although I am able to access it via an un-infected machine and copy files to the hard drive. I believe this stopped working last night. I had installed DrWeb Cureit but it couldn't connect to the internet to get a registration key. I figured it was just being firewalled by windows so I disabled the firewall in the windows security centre. All internet access is now gone and I believe that it was a rouge windows security centre window I did this in. I have also tried manually assigning IPs and DNS servers but it just wont work :/

AntiVir - Will not install, the process is killed.

AVG - Will not install, the process is killed.

Dr Web - Can not connect to the internet to get a key and so will not activate - but does install.

Malwarebytes - Will not install, the process is killed.

HiJackthis - Will not install, the process is killed.

Spybot - Will install, but it cannot connect to the internet to get updates so won't perform a scan.

I'm now really lost with this now. It seems nothing will work. I tried all the above in both normal and safemode and the information in my first post also still stands.

Whats my next step of attack?

Thanks B)

Link to post
Share on other sites

Hi, I have tried to follow the instructions, thats what I'm saying. I cant install any other the software in the instructions to generate reports to paste into the other forum.

Do I just say I can not generate any of the required reports due to not being able to install them in the other forum?

Cheers

Thebatfink

Link to post
Share on other sites

Incidently, I also tried renaming these files to all sorts of random things, it still seems able to catch them?!?!

Hello First sorry, but I write German.

You can a-squared Free 4.0 from another PC and then on the other PC is not a virus is installed. Then you copy the whole folder, a-squared Free 4.0 (which is located under Programs) to a USB stick or CD, with this you can then scan your PC and hopefully fix.

Link to post
Share on other sites

This was the ONLY program that removed Spyware guard 2008 for me. I used a few others before it to get the ability to install programs etc. But this one actually removed every instance of 2008.

J

Keep in mind, the versions of the malware out there do "evolve" as well. I have a client who infected their computer last week, on the 7th, and I'm trying to help, but to no avail. I am also experiencing the same issues as the original poster. (And sorry to piggy back on your thread btw!)

Here's what I am experiencing and finding:

- I cannot install ANY malware or anti-virus programs. I have been able to install a game (as a test). In the case of MBAM, it will launch the language selector and I can choose any one, and it will just close after selection

- Renaming the .exe to .scr/.bat/.com does not work, I am assuming that the spyware detects the install window's title and closes out

- I have diabled the Internet, but the spyware is buried somewhere so it will reinstall itself after a period of time, even after manually removing files, and altering registries, although something tells me the version I am altering is not the real registry version (guessing)

- All manual guides that exist SEEM outdated, I'm sure the authors of the spyware view these pages and update their program.

- Even after deleting the files, the program fins a way to re-install the spyware guard 2008 and its cohort winscenter.exe.

Lesson learned for my client, install anti-virus and anti-spyware software. But I'm not going to chastise them as if I'm a physician or dentist, I've already started to back up documents and get ready for the process, but I think MBAM authors and defenders need to realize that even if it worked with older versions of the spyware, it does not mean it will apply today.

Best regards,

Jason

Link to post
Share on other sites

  • Root Admin

Hi Jason,

Yes MBAM Developers and helpers on the forum are quite aware of the constant battle between the Malware and the removal procedures. This tools and methods change often to address it. The writers of this spyware/malware constantly write stuff trying to prevent tools from installing or removing their junk, that's why it often takes someone with more experience in this area of computing to assist users.

If you're having issues and need assistance please post a log in the HJT forum and someone will assist you with scanning and cleaning the system. Just remember that MBAM is free for personal use, if you're using it as a Technician then you need to purchase a Technician License.

Thanks.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.