Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Spyware Guard 2008 virus infected (I think.)


  • Please log in to reply
7 replies to this topic

#1 closetangel

closetangel

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:10:40 PM

Posted 08 December 2008 - 09:48 PM

Hi - I am fairly sure I have the Spyware Guard 2008 virus. I've run Malwarebytes Anti-Malware as well as SUPERAntiSpyware (twice, for both). And I'm still getting the message in the bottom window popping up. "Your computer might be at risk blah blah"

If I connect to the internet, it pops open the Windows Security Center window and hijacks any IE window I open.

Before this - all I had was Avast Anti Virus - which has always been fine in the past. Even now it recognizes that it is a virus at C:\Windows\System32winscenter.exe\(UPX) , but it cannot delete it.

Also, my address bar when I go into My Computer has vanished -when I choose that view to show it - it just show up in the upper left hand side, but I am unable to access.


Am not sure what else I need to do - please help!

BC AdBot (Login to Remove)

 


#2 buddy215

buddy215

  • Moderator
  • 13,324 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:10:40 PM

Posted 09 December 2008 - 07:40 AM

The malware is constantly changing to hide from security programs.
Suggest you check for updates for the two programs and if either has new updates rerun the scan(s). After updating, run the SAS scan in safe mode for best results.

There is another program that removes the malware you have. Smitfraudfix.
Read the instructions carefully before using. http://siri.geekstogo.com/SmitfraudFix.php
“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#3 DaChew

DaChew

    Visiting Alien


  • Members
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:11:40 PM

Posted 09 December 2008 - 10:37 AM

google suggests that this is a newer infection, an updated avast scan from safe mode would be my choice

see this guide for safe mode and running atfcleaner and SAS

http://www.bleepingcomputer.com/forums/ind...mp;#entry948894

I would update MBAM and rerun another scan also
Chewy

No. Try not. Do... or do not. There is no try.

#4 closetangel

closetangel
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:10:40 PM

Posted 09 December 2008 - 01:47 PM

I updated the Malaware Anti-Malware and SUPERAnti *right before I ran them.

I will try the Smitfraudfix and ATFCleaner once I get home tonight, and let you know if it works.

Thanks for the suggestions! I really appreciate the help!

#5 closetangel

closetangel
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:10:40 PM

Posted 10 December 2008 - 02:32 AM

Okay, I ran Smitfraudfix - removed my desktop, but not the spyware.

I followed DaChew's instructions for atfcleaner and SAS and am still infected.

Reran MBAM & SAS with the most recent updates. Still nothing. :thumbsup:

Here is the most recent log from SAS:
------------------------

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 12/10/2008 at 01:32 AM

Application Version : 4.22.1014

Core Rules Database Version : 3640
Trace Rules Database Version: 1623

Scan type : Complete Scan
Total Scan Time : 01:14:40

Memory items scanned : 180
Memory threats detected : 0
Registry items scanned : 4674
Registry threats detected : 0
File items scanned : 19383
File threats detected : 1

Adware.Tracking Cookie
C:\WINDOWS\system32\config\systemprofile\Cookies\audrey@wmvmedialease[1].txt

-------------------------
Now what should I do? Thanks in advance for the help!!

Edited by closetangel, 10 December 2008 - 02:56 AM.


#6 DaChew

DaChew

    Visiting Alien


  • Members
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:11:40 PM

Posted 10 December 2008 - 06:50 AM

please update avast and run a scan from safe mode as I suggested
Chewy

No. Try not. Do... or do not. There is no try.

#7 buddy215

buddy215

  • Moderator
  • 13,324 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:10:40 PM

Posted 10 December 2008 - 07:27 AM

According to the SAS log you posted you did not use the latest updates. Should read "core:3669", "Trace 1648"
Your version is dated 11/23/08. Many updates since then.
Suggest you update SAS and rescan. SAS added several items for Spyware Guard in their last update yesterday.
“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#8 closetangel

closetangel
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:10:40 PM

Posted 10 December 2008 - 12:12 PM

Thank you both, again for the help - once this gets off - cookies (the kind you eat, not internet kind) to you both!

I'm currently running the avast Safe Mode scan at home right now.

If that doesn't clear it, I will rerun the SAS (I had updated it before running on 12/9/08, but will be sure that it is fully updated this time - "core:3669, Trace 1648") and repost the log here.

THANK YOU AGAIN!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users