My wife, kids, and I spent this past Christmas at my parents’ house. It wasn’t long after we arrived before I gravitated to their computer to check my email, read the news, check the stock market, etc.
Much to my dismay, I found a barrage of malware, spyware, and rogue software had made its way onto their machine. I searched around a bit, and found the perfect solution: Malwarebytes’ Anti-Malware.
By far the most annoying type of software that had been installed on their machine was rogue antivirus software. The worst and most persistent offenders were Spyware Guard 2008 and Antivirus 2009. Both of these programs (and many similar ones) are designed to deceive a computer user into believing they are legitimate, by informing the user that spyware and malware has been detected on the system.
Unwitting users click away at the dialog boxes and pay to register the programs, although in reality the programs themselves are the nuisance. Although my parents appeared to have acquired these programs with relative ease, I had a very hard time finding them to intentionally install them (on a virtual machine) for taking screenshots of them in action.
Antivirus 2009
I was able to find a website that generates a very convincing screen that indicates it has located malware on the computer. The webpage and application even use the Windows Security Center Icon, which enhances its appearance of legitimacy.
The Windows Security Center icon.
In reality, the webpage does not perform any scan on the system although it claims to have done so. Upon completion of the bogus scan, the page displays a dialog box that will install the program no matter what you click (if you download and run the EXE installer). Once installed, Antivirus 2009 constantly displays warnings in attempt to have the victim purchase the full version of the software (fortunately my parents had not done this).
Antivirus 2009 Screenshots
 Initial view of a webpage that installs Antivirus 2009. |
 "Popup" that appears after the bogus scan takes place. |
 Antivirus 2009 initial scan on a clean system. |
 One of many annoying and incessant nags from Antivirus 2009. |
Spyware Guard 2008
Spyware Guard 2008 is very similar to Antivirus 2009, in that it also attempts to have the user pay to register the product. Unfortunately, I was unable to find a website that attempts to lure me into installing the program so that I could provide screenshots. However, I was finally able to find the install exe (SpywareGuard2008.exe) on a filesharing site.
Spyware Guard 2008 Screenshots
 Spyware Guard 2008 installer |
 Bogus warning dialog from Spyware Guard 2008. |
 Spyware Guard 2008 application showing bogus infections. |
|
Removal of the Rogue Software
Fortunately, Malwarebytes’ Anti-Malware makes it relatively quick and easy to remove this horrendous software. Just download the program and run a full system scan. When the scan is complete, click the Show Results button and then the Remove Selected button.
Malwarebytes' Anti-Malware scan results for the aforementioned rogue programs.
If there are still active programs once the removal has taken place, Anti-Malware will inform you and request a reboot to complete the removal process. Upon reboot, the system will have been disinfected.
It is important to note that although the free version of Malwarebytes’ Anti-Malware does an excellent job of detection and removal, it will not provide prevention. If you would like to prevent the installation of malware in the first place, you will need to purchase the full verison.
Photo Credit: Chris Dewey
WORKED PERFECT!!!!
Thank you sooooooooooo much
i was about to go mad .. that was perfect 🙂
you were able to start the executable without any problem?
thx
That’s odd. I never had any issues running the installation. It may be
some other malware preventing it from executing. What sort of error do you
get when you try running it?
I copied the mbam-setup.exe Malwarebytes’ Anti-Malware binary in to my machine and i was not able to run it It looks like the spywareguard is blocking any excutable to be ran. I copied also SUPERAntiSpyware.exe and sdsetup.exe and was not able to start them. Any help will be appreciated. Thx
1. with Superantispyware.com free download. Download on another uninfected computer. copy Superspyware install (.exe) file to infected computer and change the name of the install file (something.exe). Run this new file and change the name of the install location to
C:programfileSupertemp | Once this installation is complete, browse to that folder. I changed the name of the Superantispyware.exe file to Supertemp.exe (May not be necessary). There should also be a file in this folder named:bootsafe.exe! Run this application to restart your
computer in Safe Mode – Directory Services Repair. Once the computer restarts in this mode then browse back to the Supertemp folder and run the Supertemp.exe. It should now work and start scanning. Mine detected about 88 infections but you will specifically see the 7 or so files of spyware guard 2008. Reboot when the scan is done and you should be good to go!
I did not do definition updates during this! I did not want to access the internet during this process!
Note: The file name changes are required because the spyware guard 2009 won’t let them install/run. This is for spyware guard 2009 even though it detects 2008 and 2008/B.
Worked by renaming the executable file name and ran it in safe mode. Thanks a lots
Thanx a lot buddy! This really works and I appreciate sharing this info with others.
Brani from Slovakia
I just run “fast scanning” and I say as Mak, Youssra and Habib,
thank you sooo much,worked perfect,thx !!!
Mats
Thank you so much for this information…..every word of it had come true….although i didn't add the stuff….the pop ups continued…and the fake windows appeared…this page allowed me to know it was fake…excellent advice…thanks a heap…will come back and let you know the update after using the malwarebytes anti-malware…i had this scan already going when i read this…found it on What the Tech…formeerly Tom Coyote's page…God Bless…and say a prayer for me…it's very aggravating…i think we got it from my daughter downloading games to play…Rhonie
After performing scan with malwarebytes, it did not detect any malicious files. What now?
You should not have any problems with malware or rogueware infections. Did
you have problems to begin with?
Yes, my pc has the antivirus 2009 spyware and it appears Malwarebytes is not detecting anything malicious. I've also run Smitfraudfix, Combofix, Ad-Aware all to no avail.
That's quite a dilemma. Perhaps there is some other malware is preventing the scanners from being able to properly disinfect the system.
There is a certain flavor of antivirus2009 that mbam will not detect.
Can anyone help please. it seems antivirus2009 has infected my desktop. i have run some scanners including malwarebytesAM but it hasnt removed everything and now comes up clean. i downloaded and ran 'spyhunter' which found 5 'virtumonde' infections. i still get the antivirus2009 google tip on the google page and also regularly get blocked unneccessarilly. what can i do next or is it too complicated for someone as rubbish at computers as me??
It sounds as though you may have one of the variants sarah mentioned. When I find some time, I need to see if I can do further research and find a way to remove these variants that Malwarebytes fails to handle.
Malwarebytes is an amazing piece of software, will definatley recommend to my blog readers
Worked by renaming the executable file name and ran it in safe mode. Thanks a lots
Worked by renaming the executable file name and ran it in safe mode. Thanks a lots
useful information!!!
Thank you for telling us your experience….
Hound  is a site which search job for you accross the world …hound directly connect with the employers  it means you apply  directly to employers. hound does not allow any banner to promote there bussinessÂ
it only provide what the employer wants it is basically a good site which give us a great utility.its a amazing site everyone should try this site … it help us to search job world wide n it is very convenient .Â
in this sit e you did not need to search more just type your qualification and in which city do u want to do job that’s it …….
operations manager jobs