How to Remove Antivirus 2009, Spyware Guard 2008 and Other Malware

antivirus
My wife, kids, and I spent this past Christmas at my parents’ house. It wasn’t long after we arrived before I gravitated to their computer to check my email, read the news, check the stock market, etc.

Much to my dismay, I found a barrage of malware, spyware, and rogue software had made its way onto their machine. I searched around a bit, and found the perfect solution: Malwarebytes’ Anti-Malware.

By far the most annoying type of software that had been installed on their machine was rogue antivirus software. The worst and most persistent offenders were Spyware Guard 2008 and Antivirus 2009. Both of these programs (and many similar ones) are designed to deceive a computer user into believing they are legitimate, by informing the user that spyware and malware has been detected on the system.

Unwitting users click away at the dialog boxes and pay to register the programs, although in reality the programs themselves are the nuisance. Although my parents appeared to have acquired these programs with relative ease, I had a very hard time finding them to intentionally install them (on a virtual machine) for taking screenshots of them in action.

Antivirus 2009

I was able to find a website that generates a very convincing screen that indicates it has located malware on the computer. The webpage and application even use the Windows Security Center Icon, which enhances its appearance of legitimacy.

security-center-icon

The Windows Security Center icon.

In reality, the webpage does not perform any scan on the system although it claims to have done so. Upon completion of the bogus scan, the page displays a dialog box that will install the program no matter what you click (if you download and run the EXE installer). Once installed, Antivirus 2009 constantly displays warnings in attempt to have the victim purchase the full version of the software (fortunately my parents had not done this).

Antivirus 2009 Screenshots

Initial view of a webpage that installs Antivirus 2009

Initial view of a webpage that installs Antivirus 2009.

antivirus-2009-webpage-step-2

"Popup" that appears after the bogus scan takes place.

antivirus-2009-scan-on-clean-system

Antivirus 2009 initial scan on a clean system.

antivirus-2009-alert-dialog

One of many annoying and incessant nags from Antivirus 2009.

Spyware Guard 2008

Spyware Guard 2008 is very similar to Antivirus 2009, in that it also attempts to have the user pay to register the product. Unfortunately, I was unable to find a website that attempts to lure me into installing the program so that I could provide screenshots. However, I was finally able to find the install exe (SpywareGuard2008.exe) on a filesharing site.

Spyware Guard 2008 Screenshots

spyware-guard-2008-installer

Spyware Guard 2008 installer

spyware-guard-2008-warning

Bogus warning dialog from Spyware Guard 2008.

spyware-guard-2008-application

Spyware Guard 2008 application showing bogus infections.

Removal of the Rogue Software

Fortunately, Malwarebytes’ Anti-Malware makes it relatively quick and easy to remove this horrendous software. Just download the program and run a full system scan. When the scan is complete, click the Show Results button and then the Remove Selected button.

anti-malware-scan-results

Malwarebytes' Anti-Malware scan results for the aforementioned rogue programs.

If there are still active programs once the removal has taken place, Anti-Malware will inform you and request a reboot to complete the removal process. Upon reboot, the system will have been disinfected.

It is important to note that although the free version of Malwarebytes’ Anti-Malware does an excellent job of detection and removal, it will not provide prevention. If you would like to prevent the installation of malware in the first place, you will need to purchase the full verison.

Photo Credit: Chris Dewey

About GeekLad

Geeklad is a technology enthusiast and programming hobbyist. Occasionally he will put together useful little bits of code (be it JavaScript or PHP) and share them with the world. He also enjoys creating and sharing howtos, describing how to do the things people want to do with their computers.
Tagged , , . Bookmark the permalink.
  • Mak

    WORKED PERFECT!!!!

  • Youssra

    Thank you sooooooooooo much
    i was about to go mad .. that was perfect :)

  • http://geeklad.com GeekLad

    That’s odd. I never had any issues running the installation. It may be
    some other malware preventing it from executing. What sort of error do you
    get when you try running it?

  • habib

    I copied the mbam-setup.exe Malwarebytes’ Anti-Malware binary in to my machine and i was not able to run it It looks like the spywareguard is blocking any excutable to be ran. I copied also SUPERAntiSpyware.exe and sdsetup.exe and was not able to start them. Any help will be appreciated. Thx

  • habib

    you were able to start the executable without any problem?
    thx

  • http://geeklad.com GeekLad

    It seems there must be something preventing the execution of the file. This
    is a long shot, but have you tried renaming the file and then executing it?
    Are you able to run an installer for any kind of program?

  • habib

    no error nothing. I tried to run it from the command line and don't see anything, no error message nothing, it quit without displaying anything. I tried to run on safe mode same result.

  • Gecks69

    1. with Superantispyware.com free download. Download on another uninfected computer. copy Superspyware install (.exe) file to infected computer and change the name of the install file (something.exe). Run this new file and change the name of the install location to
    C:programfileSupertemp | Once this installation is complete, browse to that folder. I changed the name of the Superantispyware.exe file to Supertemp.exe (May not be necessary). There should also be a file in this folder named:bootsafe.exe! Run this application to restart your
    computer in Safe Mode – Directory Services Repair. Once the computer restarts in this mode then browse back to the Supertemp folder and run the Supertemp.exe. It should now work and start scanning. Mine detected about 88 infections but you will specifically see the 7 or so files of spyware guard 2008. Reboot when the scan is done and you should be good to go!
    I did not do definition updates during this! I did not want to access the internet during this process!
    Note: The file name changes are required because the spyware guard 2009 won’t let them install/run. This is for spyware guard 2009 even though it detects 2008 and 2008/B.

  • Gecks69

    1. with Superantispyware.com free download. Download on another uninfected computer. copy Superspyware install (.exe) file to infected computer and change the name of the install file (something.exe). Run this new file and change the name of the install location to
    C:programfileSupertemp | Once this installation is complete, browse to that folder. I changed the name of the Superantispyware.exe file to Supertemp.exe (May not be necessary). There should also be a file in this folder named:bootsafe.exe! Run this application to restart your
    computer in Safe Mode – Directory Services Repair. Once the computer restarts in this mode then browse back to the Supertemp folder and run the Supertemp.exe. It should now work and start scanning. Mine detected about 88 infections but you will specifically see the 7 or so files of spyware guard 2008. Reboot when the scan is done and you should be good to go!
    I did not do definition updates during this! I did not want to access the internet during this process!
    Note: The file name changes are required because the spyware guard 2009 won’t let them install/run. This is for spyware guard 2009 even though it detects 2008 and 2008/B.

  • Mats

    I just run “fast scanning” and I say as Mak, Youssra and Habib,
    thank you sooo much,worked perfect,thx !!!
    Mats

  • habib

    Worked by renaming the executable file name and ran it in safe mode. Thanks a lots

  • habib

    Worked by renaming the excutable file name and ran it in safe mode. Thanks a lots

  • http://www.btgap.com Rhonda

    Thank you so much for this information…..every word of it had come true….although i didn't add the stuff….the pop ups continued…and the fake windows appeared…this page allowed me to know it was fake…excellent advice…thanks a heap…will come back and let you know the update after using the malwarebytes anti-malware…i had this scan already going when i read this…found it on What the Tech…formeerly Tom Coyote's page…God Bless…and say a prayer for me…it's very aggravating…i think we got it from my daughter downloading games to play…Rhonie

  • http://geeklad.com GeekLad

    Excellent, I'm glad to hear renaming the executable did the trick and allowed you to install Malwarebytes. I may have to write up a quick blog post about that, but I'm glad the info is at least captured here in the comments.

  • Brani

    Thanx a lot buddy! This really works and I appreciate sharing this info with others.
    Brani from Slovakia

  • tim

    After performing scan with malwarebytes, it did not detect any malicious files. What now?

  • http://geeklad.com GeekLad

    You should not have any problems with malware or rogueware infections. Did
    you have problems to begin with?

  • tim

    Yes, my pc has the antivirus 2009 spyware and it appears Malwarebytes is not detecting anything malicious. I've also run Smitfraudfix, Combofix, Ad-Aware all to no avail.

  • http://geeklad.com GeekLad

    That's quite a dilemma. Perhaps there is some other malware is preventing the scanners from being able to properly disinfect the system.

  • sarah

    There is a certain flavor of antivirus2009 that mbam will not detect.

  • Albarnes

    Can anyone help please. it seems antivirus2009 has infected my desktop. i have run some scanners including malwarebytesAM but it hasnt removed everything and now comes up clean. i downloaded and ran 'spyhunter' which found 5 'virtumonde' infections. i still get the antivirus2009 google tip on the google page and also regularly get blocked unneccessarilly. what can i do next or is it too complicated for someone as rubbish at computers as me??

  • http://geeklad.com GeekLad

    It sounds as though you may have one of the variants sarah mentioned. When I find some time, I need to see if I can do further research and find a way to remove these variants that Malwarebytes fails to handle.

  • http://twitter.com/softhub List My Search.com

    Malwarebytes is an amazing piece of software, will definatley recommend to my blog readers

  • http://www.best-registrycleaner.net Best Registry Cleaner

    Worked by renaming the executable file name and ran it in safe mode. Thanks a lots

  • http://www.best-registrycleaner.net Best Registry Cleaner

    Worked by renaming the executable file name and ran it in safe mode. Thanks a lots

  • Anonymous

    useful information!!!

  • Anonymous

    Thank you for telling us your experience….

  • Abdiel Technologies

    Hound  is a site which search job for you accross the world …hound directly connect with the employers  it means you apply  directly to employers. hound does not allow any banner to promote there bussiness 
    it only provide what the employer wants it is basically a good site which give us a great utility.its a amazing site everyone should try this site … it help us to search job world wide n it is very convenient . 
    in this sit e you did not need to search more just type your qualification and in which city do u want to do job that’s it …….
    operations manager jobs