Wednesday, October 01, 2008

Spyware Guard 2008

Spyware Guard 2008 is a new rogue application. Does that name sound familiar? Well, yes, there is a legitimate application named SpywareGuard (note that there is no space between Spyware and Guard, and there is no 2008) from Javacool Software. Please do not get confused!!

Spyware Guard 2008 is hosted at www.spywareguard2008.com (67.19.176.187), registered by ESTDomains (whois lookup). Here's a screenshot of the website:



The IP address 67.19.176.187 also hosts a fake online video page, with the domain name http://porn-movies-online.net. This page pushes yet another variant of Zlob fake codec hosted at http://pyroscanner.com (67.19.176.188).



By the way, the Spyware Guard 2008 installer is named as SpywareGuard2008.exe, and here's how the rogue application looks:



VirusTotal scan results of the installer can be found here. Stay away from this rogue!

Update: SpywareGuard2008 removal guide can be found here.

27 Comments:

Anonymous bjkatcher said...

I'm infected. How the hell do I get rid of it?

7:44 PM  
Anonymous Anonymous said...

While I was searching for information on my Trek 4700 mountain bike frame.I was redirected from this website ignaciocalvo.com/calendario/page.php?id=3683 which I got from google, to this website,
http://sgscanner.com/sg1/1/10119 which is where I found the SpywareGard2008 video etc.

It was a dead give away because I run a linux opensus operating system. One major advantage of running a linux system.

This happened on the 12/11 at about 11pm.

7:02 PM  
Blogger swatkat said...

@bjkatcher,
You can use Malwarebytes' Anti-Malware to remove this infection. It is a free tool, available here:
http://www.malwarebytes.org/mbam.php

@Anonymous,
Thanks for the info! Yes, the gang behind these rogue applications are using all sorts of tricks to spread their junk and make some money!!

11:59 AM  
Anonymous Anonymous said...

I AM NOT ABLE TO GO TO ANY ANTIVIRUS SITES AND HAVING TROUBLE DOWNLOADING AND INSTALLING MALWARE SOFTWARE....ATTEMPTED TO REMOVE MANUALLY W/ NO SUCCESS, ANY ADVICE, PLEASE EMAIL ME AT AFULMER70@SUDDENLINK.NET

4:15 AM  
Anonymous Anonymous said...

Off the record, I got a different strand of this virus. It's essentially a stupid nuissance but every time it is cleaned both with Spybot and MalwareBytes it keeps reproducing the MOMENT I sign into the (non Safe mode) Windows.

I'm trying as many different ways to fight off the virus right now. Spyhunter didn't do much. Using MalwareBytes, Spybot, Smitfraud, and Superantispyware at this point.

9:58 AM  
Anonymous Anonymous said...

I have it too and I used a combination of Adaware, Malwarebytes, SuperAntispyware and Norman Malware CLeaner. It seems to have gotten rid of the files that keep coming back but there is still a fake windows protection center in my tray that "recommends" that I download Spyware Guard 2008. Does anyone know how to deal with this issue? i"m pretty sure it"s a trojan downloader

10:18 AM  
Anonymous Anonymous said...

dont forget to turn off system restore

3:53 AM  
Anonymous Anonymous said...

just killed it yesterday.
1) I boost into safe mode, hit f8 when computer is boosting. 2)install and run SUPERAntiSpyware this will kill off 90% of the virus 3) install malbyte from safe mode and run it under quick scan mode 4) go to program file/malbyte folder, create a second copy of mbam.exe and rename it to (anyname).exe so that the virus can not prevent it from running 5) boost in normal mode 6) if you can't run malbyte by selecting it from program go directly to malbyte folder and double click on {rename}.exe then update it first then run it under quick scan mode to kill the rest of the virus.

4:17 AM  
Anonymous Anonymous said...

To the person who said "just killed it yesterday"... You're a legend! Thank you, Thank you, Thank you! I've been trying to get rid of that thing for 3 days and your advice was the only one which has worked, Thanks again.

12:25 PM  
Anonymous Anonymous said...

I can you get rid of this free. What program can I run and get rid of this fake spyware guard 2008 junk. I dont even know how I got it on my computer. If you can help me email me plz @ sunnidelight@ att.net.

9:21 AM  
Anonymous Painboy said...

To render the fake windows security center mute. First call Task manager and end winscenter.exe. Then go to the dos prompt and type copy con winscenter.exe, hit enter, type zit(Ctrl Z),hit enter, and select a for all, hit enter. Now spy guard thinks the winscenter is still executable and won't re-write a new file.
For me the challange has been fun and little by little I will beat it and send it to HELL! Painboy

6:58 AM  
Blogger swatkat said...

SpywareGuard 2008 removal guide can be found here:
http://www.bleepingcomputer.com/malware-removal/remove-spyware-guard-2008
Hope that helps!

5:16 PM  
Anonymous Anonymous said...

I hope the ones who do these programs all DIE!!!

7:54 PM  
Blogger SaucePanMan said...

This comment has been removed by the author.

6:30 PM  
Blogger SaucePanMan said...

I suppose the zombies who write these are reading this blog as well! Anyway they ought to be caught and given an electric shock for every computer they have infected. This is how I got rid of mine: As it stops the www.avg.com site from being accessed: copy a program like paint.exe to c:\ and rename it to winscenter.exe. copy it back to the windows\system32 folder. Next rename it to spywareguard.exe and copy it to c:\Program Files\Spyware Guard 2008. Do alt-ctrl-del and stop any current spywareguard.exe and winscentre.exe from running. Re-boot and download latest FREE antivirus program from www.avg.com. Run it and remove!
That worked for me. (p.s. I paid £34 for SPYHUNTER from enigma and IT DID NOT WORK).

6:39 PM  
Anonymous Anonymous said...

I got rid of it by installing and running the free versions of AdAware, followed by MalwareBytes.

Now that it's gone, Norton Internet Security 2009 catches and blocks this evil little piece of crap, but ironically, I only got infected in the first place because I was forced to use IE to download Norton...

5:48 AM  
Blogger Iggy said...

Just want to post a note to say that after reading the comments here, I downloaded Malwarebytes and ran it, and it got rid of Spyware Guard absolutely seamlessly and completely. First I took SaucePanMan's suggestion of replacing spywareguard.exe and winscenter.exe with paint.exe. That was fine as a quick band-aid, but of course the Trojan is still there. So then I ran Malwarebytes and it just killed it completely, including getting rid of a Trojan that I've been trying to get rid of for two weeks.

Thanks all. Malwarebytes is my new favorite program, and is going to get purchased.

9:32 PM  
Blogger swatkat said...

Hi SaucePanMan,
Thanks for posting the manual removal procedure. It would help people whose PCs are infected with this badware! By the way, as Iggy suggested, latest versions of Malwarebytes' Anti-Malware can remove it completely. And, it's free too...

1:01 PM  
Anonymous Anonymous said...

Help, I can't install programs even with admin login.

8:30 AM  
Anonymous Steve-O said...

Here is how to get rid of this piece of crap.
This virus wont let you run the malware software that you need to remove it so you have to do the following, it worked perfectly for me.

1. On an uninfected PC download Malwarebytes' anti-malware (you can google and download from CNET, its free). Then download the UPDATE.

2. Save both files to a memory stick. Boot the infected PC in SAFE MODE then copy both files to the Desktop of the infected PC.

3. Once the files are copied to your desktop Spyware Guard will keep it from installing so right click on the files and change the names of both files to something else I used dome.exe and domi.exe

4. Click and install the newly renamed Malwarebytes program. It will now run since its been renamed. Take note of what directory that you put it in, your going to need that in a minute.

5. Once it installs, believe it or not this piece of Sh*t virus still wont let it run so you have to go into the directory that you installed in into, typically: Program Files/Malwarebytes' Anti-Malware and rename the .exe file, I think it's mbam.exe, to something else, I used dome.exe Then click on the newly renamed file, it will now run.

6. Once Malwarebytes loads go to your desktop and click the update file that you renamed earlier to load the updates.

7. Now run the scan. It will find a bunch of trash related to Spyware Guard 2008. When the scan finishes click the button that removes the spyware. It will probably find some files that it cannot remove until you reboot.

8. Reboot and Spyware Guard 2008 will be gone.

This worked perfectly for me. GOOD LUCK.
SteveO

11:16 AM  
Anonymous Anonymous said...

im infected with spyware guard 2008

I HIGHLY RECOMMEND GETTING RID OF IT EMMIDIATELY! apparently, not only is this program very annoying, but, it apparently SENDS RANDOM VIRUSES. It does this to make the victim believe the program is to be trusted. it doesnt mean everything this programs says you're infested with is true, but one or two on the list may be there, sent from this goddamn program.

8:56 PM  
Blogger Johnny said...

Steve-o, how do you download the UPDATE?

1:32 AM  
Anonymous Anonymous said...

Many thanks to Steve-O! Your method worked and ended much frustration! In my case I had to install, as slow as it was, in normal mode for the installation to complete. But it did and I'm back in gear. Thanks again!!

10:24 AM  
Anonymous Anonymous said...

im infected so badtht i cant download a remover or visit an virus protector site PLEEEEEEZ HELP PLEEEEZ EMAIL ME AT himynameizdante@aol.com

12:13 AM  
Blogger Frank S said...

This program dupes many a person. It got my mother to install it. I had to buy more software to remove it sigh.

Remove Spyware Guard 2008

4:34 AM  
Anonymous generic cialis said...

Interesting article, added his blog to Favorites

12:56 PM  
Anonymous Free Antivirus Download said...

do you have spyware guard's new version because it is old version. free antivirus download

1:02 PM  

Post a Comment

<< Home