It all started with Spyware Protect 2009!!!

Discussion in 'Malware Help (A Specialist Will Reply)' started by Dark_Falcon, May 19, 2009.

  1. Dark_Falcon

    Dark_Falcon Private E-2

    This is the second time I have been infected by the Spyware Protect 2009 (SYSGUARD) issue in just a few days. Although, I now suspect it may never have gone away. I have followed all the recommended methods for getting rid of it. It now appears that the main culprits are gone (i.e. SYSGUARD.exe removed, Registry entries for SYSGUARD cleaned up etc.). However, I had a lot of trouble getting MALWAREBYTES to run (had to rename execution program) and SUPERANTISPYWARE won't run at all (even with a rename). I try to run them and nothing happens. I have had both of these programs on my system for sometime now and have never had this problem. It also appears that my Norton Antivirus gets shut off whenever I reboot.

    Unfortunately, I have tried to provide all the logs that are requested. However, the only thing I can provide is the logs from MGTOOLS. As noted above, nothing else will run.

    Another Note: I can get my existing version of Malwarebytes to run (by changing the execution file name). However, I cannot get or install a new updated version. When I run my existing version of Malwarebytes I get 'nothing found'. When I try to install an update it simply stops after the initial install process (i.e. does not start MALWAREBYTES).

    Note: This first attachment was created while running in Safe Mode. I'll try to create another one after I do a normal start.

    I can usually fix most of these issues myself by running the tools in these threads but if I can't execute them at all I'm kind of at a standstill.

    Any help is greatly appreciated.

    Thanks!
     

    Attached Files:

    Dark_Falcon, May 19, 2009
    #1
  2. Dark_Falcon

    Dark_Falcon Private E-2

    Here are the logs not running in safe mode.
     

    Attached Files:

    Dark_Falcon, May 19, 2009
    #2
  3. Dark_Falcon

    Dark_Falcon Private E-2

    fyi...

    I tried another approach to these issues and it seems to have resolved some (if not all) of the issues.

    Basically, I had originally tried to follow the ReadMe First instructions and install new versions of SuperAntiSpyware and MalWareBytes etc.. However, these came up as invalid programs when I tried to execute them. Yes, I even tried changing the installation program names to try to get around this issue. They still came up with the error documented in the Readme.

    Therefore, as a last ditch effort, I went ahead and tried changing the exec program name for my 'existing' version of SuperAntiSpyware and it executed successfully. It found a ton of errors (600+). I ran the cleanup and now it appears that everything is working ok. I'm even able to run MalWareBytes without the rename and I was finally able to get the update for it. I'm running that now.

    Assuming that I'm now able to get all of the reports etc., as documented in the ReadMe, I will probably post those results. If someone is willing, I would greatly appreciate a once over of the logs to be sure I haven't left anything 'hanging'.

    The good news is that it now appears that I'm much closer to having the issue fixed. It's frustrating that it appears that these things are now getting smart enough to stop you from running the virus/malware check programs. Ugggg.....
     
    Dark_Falcon, May 19, 2009
    #3
  4. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Yes you need to attach the logs from SUPERAntiSpyware, Malwarebytes and also for ComboFix. Then you will need to re-run MGtools.exe and attach a new log since the above scans were now run and your previous log will be out of date with your current status.
     
    chaslang, May 21, 2009
    #4
  5. Dark_Falcon

    Dark_Falcon Private E-2

    Well, I 'thought' everything was clear. However, I started having very odd issues (i.e. internet wouldn't work, joining games (Supcom) wouldn't work without a reboot etc.). I would then run malwarebytes and things would show up that weren't there 15 minutes before ('like magic').

    Anyways, long story short, I have attached the logs. I noticed when I ran COMBOFIX it did identify some rootkit issues but I'm not sure if it fixed them or not.

    Any assistance, as always, is greatly appreciated!
     

    Attached Files:

    Dark_Falcon, Jun 15, 2009
    #5
  6. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Your logs are clean. So unless you are still having problems, let's cleanup from running the cleaning process and also remove somethings you did yourself.

    Start by deleting the below files:
    C:\ComboFix.txt
    C:\GetUnKey.txt
    C:\Iexplor490.exe <-- actually considered malware
    C:\MGlogs.zip
    C:\MGlogs(SAFE MODE).zip
    C:\MGlogs(Normal).zip
    C:\MGtools.exe
    C:\newfiles.txt
    C:\runkeys.txt
    C:\SpyHunter-Compact-OS.exe <-- not recommended!!!
    C:\UserInfo.txt
    C:\winfiles.txt
    C:\WINDOWS\Nircmd.exe
    C:\WINDOWS\PEV.exe
    C:\Documents and Settings\All Users\Application Data\93238276.ini
    C:\Documents and Settings\All Users\Application Data\95593746.ini
    C:\Documents and Settings\All Users\Application Data\98012336.ini


    Now let's do something you skipped in step 1 of the READ & RUN ME. Uninstall the below old versions of software:
    Java(TM) 6 Update 2
    Java(TM) 6 Update 3
    Java(TM) 6 Update 5
    Java(TM) 6 Update 7

    Now reboot. After reboot, install the current version of Sun Java from: Sun Java Runtime Environment



    If you are not having any other malware problems, it is time to do our final steps:
    1. We recommend you keep SUPERAntiSpyware and Malwarebytes Anti-Malware for scanning/removal of malware. Unless you purchase them, they provide no protection. They do not use any significant amount of resources ( except a little disk space ) until you run a scan.
    2. If we had you use ComboFix, uninstall ComboFix (This uninstall will only work as written if you installed ComboFix on your Desktop like we requested.)
      • Click START then RUN and enter the below into the run box and then click OK. Note the quotes are required
      • "%userprofile%\Desktop\combofix" /u
        • Notes: The space between the combofix" and the /u, it must be there.
        • This will uninstall ComboFix and also reset hidden files and folders settings back to Windows defaults.
      • Delete the C:\combofix folder from combofix (if it exists)
    3. Any other miscellaneous tools we may have had you install or download can be uninstalled and deleted.
    4. If running Vista, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
    5. Go to add/remove programs and uninstall HijackThis.
    6. You can delete the C:\MGtools folder and the C:\MGtools.exe file. You can also delete the C:\MGlogs.zip
    7. If you are running Vista, Windows XP or Windows ME, do the below:
      • Refer to the cleaning procedures in step 3 the READ ME for your Window version and see the instructions to Disable System Restore which will flush your Restore Points.
      • Then reboot and Enable System Restore to create a new clean Restore Point.
    8. After doing the above, you should work thru the below link:
     
    chaslang, Jun 18, 2009
    #6

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds