Computer help: System Guard 2009 removal help
System Guard 2009 removal help
by computernub4556 - 2/13/09 2:57 PMSo someone in my family clicked a pop up for system guard 2009. This downloaded what I think is a trojan onto my computer which keeps bringing up the system guard icon trying to get me to buy it. It even makes a fake windows security page. I tried to download Malwarebytes' Anti-Malware to remove it but the virus is stopping me from installing this on my computer. I tried to use spybot but to no avail. Im trying to find out if theres anyway to get malwarebites to work, if its being blocked from the System Guard 2009 virus or maybe another one. If i cant get a program to work I can try to do it manually if anyone knows the registry keys associated with the virus. Any advice from anyone would be greatly appreciated. Thank you very much
Please Try This..
by Grif Thomas
- 2/13/09 6:08 PM
In reply to: System Guard 2009 removal help by computernub4556
On a friend or family member's computer, download the Malwarebytes installer and update files from the links below, copy them to a CD or flash drive, then transfer the files to the problem machine and use them. If you can't start the computer into "normal" windows, try installing, updating, and running the scans AFTER the computer is started into Safe Mode.. I use the sites below to download the installer file and the manual updater:
Once downloaded and before transferring them to the problem machine, rename the program installer "mbam-setup.exe" file to something else like "Gogetum.exe", then copy the installer file and the update file to a CD or flash drive.. Transfer the file to the problem machine, then install the "Gogetum.exe" file, then run the update to get the program current.. After that, run a full system scan and delete anything it finds.
Malwarebytes Installer Download Link (Clicking on the links below will immediately start the download dialogue window.)
http://www.besttechie.net/tools/mbam-setup.exe
Malwarebytes Manual Updater link
http://www.malwarebytes.org/mbam/database/mbam-rules.exe
Next, download the SuperAntispyware program and the manual updater from the links below. After running the Malwarebytes tool above, if you still can't download and install it directly from the problem machine, download it on a friend or family member's computer as well. After installing and updating SuperAntispyware, run another full system scan and delete everything it finds as well. As before, you may need to rename the installer file to get the program to install.:
SuperAntispyware
http://www.superantispyware.com/
SuperAntispyware Manual Updater
http://www.superantispyware.com/definitions.html
____________
In a few situations, in order for the program to run, it was also necessary to rename the main "mbam.exe" file also after installing it.. It resides in the C:\Programs Files\Malwarebytes Antimalware folder.
______________
See the BleepingComputer removal instructions below which include using the Malwarebytes program above:
http://www.bleepingcomputer.com/malware-removal/remove-system-guard-2009
Hope this helps.
Grif
The only way to remove completely
by strongwinds - 2/13/09 7:04 PM In reply to: Please Try This.. by Grif Thomas
the only way on a windows system to remove and infection is to re-install the OS. of course you need to back up all your data before doing so though. But then its usually a matter of time until you get re-infected with something else. If you don't want to get infected again? switch to Linux. I like Ubuntu as a esay light Linux distro
Sorry, Wrong...
by Grif Thomas - 2/13/09 7:14 PM
In reply to: The only way to remove completely by strongwinds
Many infections, including System Guard 2009, can be removed without formatting and reinstalling Windows. I've performed the task many times as I clean up infected computers as a side business.
As to getting reinfected, that's a security issue that users can take steps to prevent. If a Windows Computer is getting infected repeatedly, then something is being done incorrectly. I oversee a fair amount of office computers, as well as personal computers, and almost all have NEVER been infected.. Not perfect but we are extremely clean. Windows users must be more diligent than users of Linux but then again, in many situations, Linux/Ubuntu/etc. simply isn't an option at this time.
Hope this helps.
Grif
Grif read my tag (yes I'm right)
by strongwinds - 2/13/09 7:25 PM In reply to: Sorry, Wrong... by Grif Thomas
"the only way to COMPLETELY REMOVE THE INFECTION"
yes you can remove it without re-installing the OS. BUT there's really not guaranty that its gone. the MOST EFFECITVE way to remove this virus is to re-install the OS. not that its the ONLY WAY to remove the virus but its the most effective, and guaranties that its gone.
also about Linux/Ubuntu I said, "I if you don't want to have to worry about getting infected again" implying LATER ON. and yes Ubuntu would work even know, even though there's a virus. in fact its a great way to remove your data safely without having to worry about infecting Ubuntu
sry grif I'm right. please read thoroughly before posting or making claims
Yes, There's A Guarantee That It's Gone.. So..
by Grif Thomas - 2/13/09 8:04 PM
In reply to: Grif read my tag (yes I'm right) by strongwinds
..as stated earlier, you're wrong.. Sorry, but those that don't recognize infected files and registry entries CAN be removed correctly without reinstalling an OS, aren't facing the facts and obviously haven't cleaned things correctly on Windows computers. I and other techs have done it too many times to know that we CAN guarantee that it's clean..
So giving blanket advise that "the MOST EFFECITVE way to remove this virus is to re-install the OS" is simply wrong and in many cases will cost customers and users lots of money and/or time. (By the way, System Guard 209 is NOT a virus. See the BleepingComputer link I posted earlier. It's a rogue antispyware program and in my experience, viruses are usually easier to kill.)
For those users which haven't created backups of their important files, using the "reformat and reinstall" isn't an option.. About six months ago, I cleaned up a badly infected machine for a high school teacher who failed to backup her Master's thesis.. 4 years of work. Why she didn't back it up, I don't know, but the computer was almost unworkable because of multiple viruses, trojans, and spyware.. It took me a day and half worth of scanning and manual file and registry removals but it eventually ran perfectly with no remnants of malware.. The important part... With a little instruction and with effective use of hardened browsers and malware scanners, the user has yet to be infected when I talked to him last week.
Hope this helps.
Grif
grif
by strongwinds - 2/13/09 8:42 PM In reply to: Yes, There's A Guarantee That It's Gone.. So.. by Grif Thomas
its a matter of opinion now. we've both stated our sides and I believe that the user will make a good choice. I'll not say any more
TY
by computernub4556 - 2/15/09 12:00 PM In reply to: Yes, There's A Guarantee That It's Gone.. So.. by Grif Thomas
Thanks for the help grif, I was able to remove it without reinstalling the OS lol.
=(
by computernub4556 - 2/15/09 3:29 PM In reply to: TY by computernub4556So I tried to remove the registry entries manually with regedit thought it was gone but System Guard showed up again. Grif I tried to dnl malwarebytes with my desktop and install it on the infected PC, I changed the file name to something random, but it still wont let me install it on the PC. Is there anything else I can do to get malwarebytes on there?
Did You Run SuperAntispyware AND Malwarebytes?
by Grif Thomas - 2/15/09 5:46 PM
In reply to: =( by computernub4556
And please be more specific about what you've done and you're seeing.. "it still wont let me install it" doesn't tell us much about what exactly happened.. Was there an error?
What does "System GRuard showed up again" mean exactly?
Your last post mentioned that things were working fine now.. Did you run the spyware removal tools last time or not? Registry cleaning alone won't get it done. Is that all you did? Or did you do something else?
One other note.. System Guard 2009 malware will frequently install a blocker program which prevents installation of any program at all. In order to remove the blocker, it must be done "outside" of Windows. On a separate, clean computer, please create the Avira Rescue disc and follow the instructions in the link below to run it.. Once that's done, make sure the "problem" computer is set to boot the DVD/CD Rom first in the BIOS. (Many are already set that way), Then place the Rescue Disc in the DVD/CD drive and restart the computer.. It should autorun and scan the computer for viruses and a few types of spyware.. Once it cleans up the machine (it may take a couple of hours to run), then remove the Rescue Disc, restart the computer, and it should allow you to install Malwarebytes and SuperAntispyware although it's important to rename the installation files of both programs..
Avira Rescue Disc Link
http://www.free-av.de/en/tools/12/av...ue_system.html
- place the rescue disc in the infected computer and boot from it. (You'll need to have the BIOS settings so the DVD/CD-Rom drive boots first in the boot order.) When it loads, choose option 2 (Boot from Rescue CD)
- choose English language (use the up/down arrow to select "English", then press the space bar to change the X to the correct box, then press the "Enter" key.), then watch the progress at the end of the boot, you should see a menu
- choose the second option: "Scan your system with AntiVir"
- If the screen goes black during the scan, you should be able to press the space bar to bring the scan back to view.
Hope this helps.
Grif
LOL! hehe, okay srsly why malware?
by strongwinds - 2/15/09 9:57 PM In reply to: =( by computernub4556why are you so desperate for malwarebytes? why not use AVG, Avast or something else? there's many other tools that will work.
Unfortunately, AVG and Avast Haven't Found the Problem
by Grif Thomas - 2/16/09 9:31 AM
In reply to: LOL! hehe, okay srsly why malware? by strongwinds
I've tried them both recently and as of a week ago when I cleaned out two identical machines with this problem, they would remove the problem. Indeed, both of the computers were running AVG when infected. Still, each to his own.
If you read the Bleepingcomputer link provided earlier, it recommends Malwarebytes. It has been specially updated to repair this specific problem. That's why Malwarebytes..
Hope this helps.
Grif
And Also Curious Why Laughing At Misfortune Of Others?
by Grif Thomas - 2/16/09 9:41 AM
In reply to: LOL! hehe, okay srsly why malware? by strongwinds
Sad thing..
Hope this helps.
Grif
IN Renaming The Removal Tools..
by Grif Thomas - 2/16/09 10:44 AM
In reply to: =( by computernub4556
Remember to try using different executable file extensions as well.. If MBAM will not run, try renaming it to almost any name using the extension below. Right-click on the mbam-setup.exe file (and possibly the mbam.exe file after it's installed), and change the .exe extension to .bat, .com, .pif, or .scr and then double-click on it to run.
Hope this helps.
Grif
of couse..
by strongwinds - 2/16/09 11:36 AM In reply to: IN Renaming The Removal Tools.. by Grif Thomas
why don't you back up your data and re-install the OS?
1. problem will be solved virus gone.
2. the computer will fun much faster.
by the time you finally get malware bytes installed, working there's not guaranty that the problem will be solved. you could already re-installed the OS and be done.
| Forum legend: | |
 |
Locked thread |
 |
Moderator |
 |
CNET staff |
 |
Samsung staff |
 |
Norton Authorized Support team |
 |
AVG staff |
 |
Windows Outreach team |
 |
Dell staff |
 |
Intel staff |
