locked
Spyware Guard 2008, How to get rid of it?? RRS feed

  • Question

  • I have tried unsuccessfully, a dozen times, to remove this program. How do I finally get rid of it? I tried live care one and mcAfee. Now what?
    Saturday, December 27, 2008 3:24 AM

Answers

All replies

  • Hello CyberJim, if you are using One Care you can contact support for help with malware removal. How to reach support - http://social.microsoft.com/Forums/en-US/onecareinstallandactivate/thread/30400b52-7f26-4ba0-bc18-17e305329d90

    If you are no longer using One Care you are off topic in this forum but you can try Malwarebytes antimalware to remove Spywareguard 2008 - http://www.malwarebytes.org/
    Jim
    Saturday, December 27, 2008 3:40 AM
    Moderator
  • Get rid of these files.. 

    c:\WINDOWS\reged.exe
    c:\WINDOWS\spoolsystem.exe
    c:\WINDOWS\sys.com
    c:\WINDOWS\syscert.exe
    c:\WINDOWS\sysexplorer.exe
    c:\WINDOWS\vmreg.dll
    %UserProfile%\Application Data\Microsoft\Internet Explorer\olesys.dll


    --------------------------------------------------

    Associated Spyware Guard 2008 Files:

    %UserProfile%\Desktop\Spyware Guard 2008.lnk
    %UserProfile%\Start Menu\Programs\Spyware Guard 2008
    %UserProfile%\Start Menu\Programs\Spyware Guard 2008\Spyware Guard 2008.lnk
    %UserProfile%\Start Menu\Programs\Spyware Guard 2008\Uninstall.lnk
    c:\Program Files\Spyware Guard 2008
    c:\Program Files\Spyware Guard 2008\conf.cfg
    c:\Program Files\Spyware Guard 2008\mbase.vdb
    c:\Program Files\Spyware Guard 2008\quarantine.vdb
    c:\Program Files\Spyware Guard 2008\queue.vdb
    c:\Program Files\Spyware Guard 2008\spywareguard.exe
    c:\Program Files\Spyware Guard 2008\uninstall.exe
    c:\Program Files\Spyware Guard 2008\vbase.vdb
    c:\Program Files\Spyware Guard 2008\quarantine
    c:\WINDOWS\reged.exe
    c:\WINDOWS\spoolsystem.exe
    c:\WINDOWS\sys.com
    c:\WINDOWS\syscert.exe
    c:\WINDOWS\sysexplorer.exe
    c:\WINDOWS\vmreg.dll
    %UserProfile%\Application Data\Microsoft\Internet Explorer\olesys.dll

     Associated Registry entries Spyware Guard 2008

    HKEY_CURRENT_USER\Software\Spyware Guard
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Spyware Guard 2008
    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "spywareguard"



    Step 1 :
    Download dial a fix and check for any restrictive policies.
    Step 2: Go to device manager under non plug and play drivers check for TDSsrv and disable it.
    step 3: Run Combofix www.comf.notlong.com
    step 4: Run Malware bytes antimalware to ensure all the files are removed.



    Thanks   

    Thousif
    Sunday, December 28, 2008 2:45 PM
  •  

    Thousif, your prescription adds a couple of extra steps to this one: http://www.bleepingcomputer.com/malware-removal/remove-spyware-guard-2008

     

    Could you please elaborate on why these extra steps are necessary. Thanks,

     

    GreginMich

    Sunday, December 28, 2008 3:52 PM
  • The main issue is the TDSservice this non plug and play driver stops all the antivirus and antispyware tools including the onecare to remove the spyware gaurd 2008. Once you disable it then its easy to remove the spyware.

    Regards
    Thousif
    Thousif
    Friday, January 9, 2009 12:55 PM
  • Thanks for this information, Thousif. I was able to confirm that the TDSSserv.sys service is indeed capable of preventing Malwarebytes from running and needs to be stopped in Device Manager: http://www.malwarebytes.org/forums/index.php?showtopic=7668&st=0&p=35969&#entry35969

     

    This method was also specifically extended to the case of Spyware Guard 2008 here:

    http://malwarebytes.besttechie.net/2008/11/06/removal-instructions-for-spyware-guard-2008/

            

    I think it’s also likely that this malware service is capable of stopping other antimalware applications as you have suggested, possibly including OneCare. If you could provide any additional information or citations specifically regarding OneCare it would be helpful.

     

    Because the antimalware applications that you include in your fix should only be used under the supervision of a malware expert, the OneCare forum moderators try to discourage customers from attempting this kind of fix on their own. Customers are redirected to OneCare Support because the Support team is familiar with these tools and is able to provide the supervision necessary for their use. So the official answer to questions about removing malware is always to contact OneCare Support. Of course we’re never really sure that the Support team has all of the latest information on problems like this one, so posting it can still be helpful. Thanks and regards,

     

    GreginMich

    Saturday, January 10, 2009 3:15 AM
  • So i've had spyware on my computer for a long time now, but i just never came to the point to get it off. I tried following your steps but it just keeps re-installing itself. I also downloaded the program a long time ago but as soon as it opens the spyware shuts it down. I got a windows xp sp2 disk and everytime i try to open it, it also shuts down. I dont know what else i could do, if you could help that'd be great.

    Thanks
    Friday, June 5, 2009 2:53 AM
  • So i've had spyware on my computer for a long time now, but i just never came to the point to get it off. I tried following your steps but it just keeps re-installing itself. I also downloaded the program a long time ago but as soon as it opens the spyware shuts it down. I got a windows xp sp2 disk and everytime i try to open it, it also shuts down. I dont know what else i could do, if you could help that'd be great.

    Thanks

     

    If you are using Windows Live OneCare and you have been infected, but OneCare did not detect or cannot remove the malware, please contact support to report this and for help with removal.

    How to reach support (FAQ) - http://social.microsoft.com/Forums/en-US/onecareinstallandactivate/thread/30400b52-7f26-4ba0-bc18-17e305329d90

     

    If  you are not using Windows Live OneCare, you are off topic for this forum. This is not a general forum for viruses, spyware, or Windows Help. For help with spyware issues, you may want to try the forums here: 

    http://aumha.net/ For help with virus removal, contact the maker of your Antivirus program.

    If you are in North America, you can call 866-727-2338 for help with virus and spyware infections. See http://www.microsoft.com/protect/support/default.mspx for details. For international information, see your local subsidiary Support site.


    Microsoft MVP Windows Live / Windows Live OneCare & Live Mesh Forum Moderator
    Friday, June 5, 2009 1:20 PM
    Moderator