Format and reload is the only thing that worked for me.
Complete instructions:
http://www.bleepingcomputer.com/malware-removal/remove-spyware-guard-2008
Spyware Guard 2008 is a particularly insidious little bug that most spyware and virus protection software won’t detect. The only thing I found that could remove it was SuperAntiSpyware, and it took three tries to root out everything. Thankfully, the program is free. You can download it at http://www.superantispyware.com/.
Here is something I found on the Net. Not sure if it will work, but you can give it a try.
Go to Start/Control Panel/Display/Appearance and look for the file “bg.” Go to Search and under “All files anf folders” type in “bg” and voila! you will find bg.jpg and bg.bmp. Delete both files and you will have removed the last remnant of this vicious and nasty rogue application
Accdg to one website (http://www.malwarehelp.org/spyware-guard-2008-analysis-and-removal-2008.html),
Superantispyware will remove it (http://www.superantispyware.com/superantispyware.html?rid=3596)
Another website:
http://www.xp-vista.com/spyware-removal/spyware-guard-2008-removal-instructions-spywareguard2008
You can try Malwarebytes - it depends on which variant you have.
They keep moving the location of the files and renaming them. Ultimately you may end up reformatting and reloading the machine though.
*
Save all of your stuff on an outside hard drvie, then use the restore disks, That is the last option. but I must say that I had to do that, over 50% of the time.
If you can still boot up, spend 30 or 40 bucks to back up your personal stuff, on an a hand held drive. if you can’t boot up, well, I can only suspect that your computer crashed upon trying to establiblish Microsofts SP2. My computer crashed four times trying to do that. Absolute solution, purchase a cheap serial port thing to back up tour stuff, disconnect it, then follow the Mfr’s thing to place your computer to an out of the “out of the box state”, if you have patience, you can do this. I’m saying if your off of the internet, you cant access the internet, you can’t be infecetd. Good luck.
prisoner6
Stopzilla worked for me.
You *must* have access to an uninfected computer and either a flash drive or a CD (you can try using LAN, but I prefer to keep the infected computer quarantined).
Important things to note:
- Quarantine your computer from the Internet. Physically unplug your network cables. Do this immediately as soon as you’re aware that you’re infected.
- Don’t bother deleting the Spyware Guard 2008 folder or the winscenter file. They will just come back.
- Do kill the processes immediately whenever they come up.
- The malware may have all kinds of nasty effects, including but not limited to:
Blocking Internet access to sites where you can download things that will remove it
Blocking access to the IP addresses used by MalwareBytes and other anti-spyware programs, preventing them from updating
Preventing Safe Mode from booting up
Interfering with System Restore
Installing viruses continuously in various files all over your computer, even when you are not connected to the Internet
Hijacking your search engine so that clicking on links sends you to malicious sites
And many other worse effects as described above.
Procedure for removal:
1. Download malwarebytes AND the latest update onto your flash drive on an uninfected computer. The malware may prevent malwarebytes from updating itself (did for me).
2. Download SuperAntiSpyware.
3. Change the names of all 3 files. The malware may prevent execution of the files with their original names.
4 Install malwarebytes onto the infected computer. Install the update file. Change the name of the executable file for the installed program.
5. Run malwarebytes (Complete Scan). Stay with your computer, allow the scan to run all the way through, and kill spywareguard.exe and winscenter.exe every time they start up. spywareguard.exe will start randomly every 2-6 minutes and winscenter.exe will start once every 8-15 minutes. If you leave your computer unattended during this scan, it may install more stuff in places that were already scanned.
6. Delete everything it finds and let it restart your computer. Visible signs of infection should be gone, but your computer may still be sluggish. You’re not done.
7. Install SuperAntiSpyware and update it. The update should run properly. You can leave your computer unattended for this one.
8. Delete everything it finds. It is likely to find several instances of TDSSserv, among others.
9. Reboot. Run your preferred antivirus (Avast, AVG, TrendMicro) to reassure yourself that everything’s gone.
10. Your computer should be back to normal. If you like, you can run malwarebytes one more time to make sure no traces are left.
Dumb question perhaps, but how do you know you are injected with this virus? (for those of us perhaps unknowingly infected).
placemarker
Thoughts appreciated.