Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Spyware Guard 2008


  • Please log in to reply
21 replies to this topic

#1 Drjeff

Drjeff

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:11:10 AM

Posted 12 December 2008 - 04:28 AM

Help. Have Spyware Guard 2008. Trojan Vundo. It prevents IE or Firefox from downloading any rogue scanners, also will not open any programs that you can get downloaded, even in safe mode. Can only run Malawarebytes "portable" in safe mode, but it will not remove it (appears not to be updated). Cannot update as the browser is blocked from getting update.

BC AdBot (Login to Remove)

 


#2 rigel

rigel

    FD-BC


  • Members
  • 12,944 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:South Carolina - USA
  • Local time:04:10 PM

Posted 12 December 2008 - 08:16 AM

What version of Windows are you running?

"In a world where you can be anything, be yourself." ~ unknown

"Fall in love with someone who deserves your heart. Not someone who plays with it. Will Smith


#3 Drjeff

Drjeff
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:11:10 AM

Posted 12 December 2008 - 12:00 PM

Windows XP Home

#4 rigel

rigel

    FD-BC


  • Members
  • 12,944 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:South Carolina - USA
  • Local time:04:10 PM

Posted 12 December 2008 - 12:41 PM

Let's start with SDFix...

Please print out and follow these instructions: "How to use SDFix". <- This program is for Windows 2000/XP ONLY.
When using this tool, you must use the Administrator's account or an account with "Administrative rights"
  • Disconnect from the Internet and temporarily disable your anti-virus, script blocking and any real time protection programs before performing a scan.
  • When done, the SDFix report log will open in notepad and automatically be saved in the SDFix folder as Report.txt.
  • If SDFix is unable to run after rebooting from Safe Mode, run SDFix in either Mode, and type F, then press Enter for it to finish the final stage and produce the report.
  • Please copy and paste the contents of Report.txt in your next reply.
  • Be sure to renable you anti-virus and and other security programs before connecting to the Internet.
-- If the computer has been infected with the VirusAlert! malware warning from the clock and the Start Menu icons or drives are not visible, open the SDFix folder, right-click on either the XP_VirusAlert_Repair.inf or W2K VirusAlert_Repair.inf (depending on your version of Windows) and select Install from the Context menu. Then reboot to apply the changes.

"In a world where you can be anything, be yourself." ~ unknown

"Fall in love with someone who deserves your heart. Not someone who plays with it. Will Smith


#5 Drjeff

Drjeff
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:11:10 AM

Posted 13 December 2008 - 03:55 AM

Would not allow either browser to connect to bleepingcomputer. Downloaded SDFix on another computer, copied to thumb drive, put on infected laptop. Double click SDFix icon gives hourglass for 7 seconds then nothing--will not open. Tried R click, run as w/o checkbox---same--will not open. Not in normal or safe mode. Sucker blocks any attempt. Can connect to internet, but not any anti-virus sites. Only "portable" malwarebytes runs but does not remove.

#6 347t2xw

347t2xw

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:03:10 PM

Posted 13 December 2008 - 08:43 AM

I have the same exact issue. This "thing" has taken over. If I use anything that might be an anti-spyware program, it won't let it run. The machine (Dell 2340 with Windows XP) tells me that Spy Sweeper is damaged and needs to be reinstalled.

Cannot run any anti-spyware programs
Popups are constant
Cannot even get an anit-spyware page to open

Frustrating!!!

#7 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,391 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:04:10 PM

Posted 13 December 2008 - 09:48 AM

Welcome to BC 347t2xw

If you have an issue or problem you would like to discuss, please start your own topic. Doing that will help to avoid the confusion that often occurs when trying to help two or more members at the same time in the same thread. Even if your problem is similar to the original poster's problem, the solution could be different based on the kind of hardware, software, system requirements, etc. you are using and the presence of other malware. Further, posting for assistance in someone else's topic is not considered proper forum etiquette.

Thanks for your cooperation.
The BC Staff

Drjeff

Please post the results of your MBAM scan for review.

To retrieve the MBAM scan log information, launch MBAB.
Click the Logs Tab at the top.
mbam-log-2008-10-12(13-35-16).txt should show in the list. <- your dates will be different from this exampe
Click on the log name to highlight it.
Go to the bottom and click on Open.
The log should automatically open in notepad as a text file.
Go to Edit and choose Select all.
Go back to Edit and choose Copy or right-click on the highlighted text and choose copy from there.
Come back to this thread, click Add Reply, then right-click and choose Paste.

Note: Mbam-rules.exe is not updated daily. Another way to get the most current definitions is to update through MBAM's interface from a clean computer, copy the definitions (rules.ref) located in C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware from that system to a usb stick or CD and then copy it to the infected machine.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#8 Drjeff

Drjeff
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:11:10 AM

Posted 13 December 2008 - 02:38 PM

Cannot get to log. Unknown location on computer. But I wrote out the file that could not be deleted:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c}

#9 Drjeff

Drjeff
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:11:10 AM

Posted 13 December 2008 - 03:02 PM

Got log:

Malwarebytes' Anti-Malware 1.01
Database version: 287

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 100759
Time elapsed: 1 hour(s), 3 minute(s), 29 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 6
Registry Values Infected: 1
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 3

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\WINDOWS\system32\geBrppqo.dll (Trojan.Vundo) -> Unloaded module successfully.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5f7f4a76-ba18-44da-8554-26d07b501c35} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{5f7f4a76-ba18-44da-8554-26d07b501c35} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo) -> Failed to delete.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\gebrppqo -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\geBrppqo.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\oqpprBeg.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\oqpprBeg.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully.

#10 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,391 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:04:10 PM

Posted 13 December 2008 - 03:31 PM

Your MBAM log indicates you are using an older version of MBAM with an outdated database. Please download and install the most current version of MBAM from here.
You may have to reboot after updating in order to overwrite any "in use" protection module files.

Afterwards, please update the database through the program's interface or manually download the updates and just double-click on mbam-rules.exe to install. Then perform a new Quick Scan in normal mode and check all items found for removal. Don't forgot to reboot afterwards. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. When done, click the Logs tab and copy/paste the contents of the new report in your next reply.

Note: If the malware is blocking you from downloading the updates, then the HOSTS file may be infected. If that's the case, try using this alternate download link.

-- If you cannot use the Internet or download any programs to the infected machine, you are going to need access to another computer (family member, friend, etc) with an Internet connection. Save mbam-setup.exe to a flash (usb, pen, thumb, jump) drive or CD, transfer it to the infected machine, then install and run the program. If you cannot transfer to or install on the infected machine, try running the setup (installation) file directly from the flash drive or CD so it will install on the hard drive.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#11 Drjeff

Drjeff
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:11:10 AM

Posted 13 December 2008 - 06:39 PM

I did use the latest 1.30, just sent wrong log. Was same result.
Have MBAM on thumb drive, will not open, not setup, not program, nothing will open and run in normal mode. Just hourglass for 6 seconds and then nothing.

#12 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,391 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:04:10 PM

Posted 13 December 2008 - 11:48 PM

Check you inbox.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#13 Drjeff

Drjeff
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:11:10 AM

Posted 14 December 2008 - 02:58 AM

Your suggestion to disable that item worked. Ran latest MBAM, here is log:

Malwarebytes' Anti-Malware 1.31
Database version: 1456
Windows 5.1.2600 Service Pack 2

12/13/2008 10:38:45 PM
mbam-log-2008-12-13 (22-38-45).txt

Scan type: Quick Scan
Objects scanned: 76257
Time elapsed: 23 minute(s), 24 second(s)

Memory Processes Infected: 1
Memory Modules Infected: 3
Registry Keys Infected: 21
Registry Values Infected: 4
Registry Data Items Infected: 5
Folders Infected: 6
Files Infected: 89

Memory Processes Infected:
C:\Program Files\Spyware Guard 2008\spywareguard.exe (Rogue.SpywareGuard) -> Unloaded process successfully.

Memory Modules Infected:
C:\WINDOWS\system32\geBrppqo.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\wvUoPiih.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\ufnkkq.dll (Trojan.Vundo.H) -> Delete on reboot.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wvuopiih (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8492ca0f-d450-46ec-9440-5e344b482c53} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{8492ca0f-d450-46ec-9440-5e344b482c53} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{87549b92-025e-43a0-94c5-77c23e883933} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{87549b92-025e-43a0-94c5-77c23e883933} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{8492ca0f-d450-46ec-9440-5e344b482c53} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{87549b92-025e-43a0-94c5-77c23e883933} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\spyware guard 2008 (Rogue.SpywareGuard) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\tdssdata (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\tdss (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\instkey (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\spyware guard (Rogue.SpywareGuard) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\spywareguard (Rogue.SpywareGuard) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\gadcom (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Network\UID (Malware.Trace) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\gebrppqo -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\gebrppqo -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Backdoor.Bot) -> Data: c:\windows\system32\twext.exe -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Backdoor.Bot) -> Data: system32\twext.exe -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Hijack.UserInit) -> Bad: (C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\twext.exe,) Good: (userinit.exe) -> Quarantined and deleted successfully.

Folders Infected:
C:\Program Files\Spyware Guard 2008 (Rogue.SpywareGuard) -> Quarantined and deleted successfully.
C:\Program Files\Spyware Guard 2008\quarantine (Rogue.SpywareGuard) -> Quarantined and deleted successfully.
C:\Program Files\Spyware Guard 2008\quarantine\Malwarebytes' Anti-Malware (Rogue.SpywareGuard) -> Quarantined and deleted successfully.
C:\Program Files\Spyware Guard 2008\quarantine\Malwarebytes' Anti-Malware\Languages (Rogue.SpywareGuard) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\twain_32 (Backdoor.Bot) -> Delete on reboot.
C:\Documents and Settings\TANYA GONNASON\Start Menu\Programs\Spyware Guard 2008 (Rogue.SpywareGuard) -> Quarantined and deleted successfully.

Files Infected:
C:\WINDOWS\system32\wvUoPiih.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\ufnkkq.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\geBrppqo.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\oqpprBeg.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\oqpprBeg.ini2 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hfytgwby.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ybwgtyfh.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\nwxyadig.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\gidayxwn.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\oiusveou.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\uoevsuio.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ptgrmdpo.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\opdmrgtp.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\pxjdjgkg.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\TDSSbrsr.dll (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\TDSSoiqh.dll (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\TDSSriqp.dll (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\TDSSxfum.dll (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\TDSSmhlt.sys (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\Documents and Settings\TANYA GONNASON\Local Settings\Temp\TDSS5af.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\TANYA GONNASON\Local Settings\Temporary Internet Files\Content.IE5\H48ZOWI8\zc113432[1] (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\Program Files\Spyware Guard 2008\conf.cfg (Rogue.SpywareGuard) -> Quarantined and deleted successfully.
C:\Program Files\Spyware Guard 2008\mbase.vdb (Rogue.SpywareGuard) -> Quarantined and deleted successfully.
C:\Program Files\Spyware Guard 2008\quarantine.vdb (Rogue.SpywareGuard) -> Quarantined and deleted successfully.
C:\Program Files\Spyware Guard 2008\queue.vdb (Rogue.SpywareGuard) -> Quarantined and deleted successfully.
C:\Program Files\Spyware Guard 2008\spywareguard.exe (Rogue.SpywareGuard) -> Quarantined and deleted successfully.
C:\Program Files\Spyware Guard 2008\uninstall.exe (Rogue.SpywareGuard) -> Quarantined and deleted successfully.
C:\Program Files\Spyware Guard 2008\vbase.vdb (Rogue.SpywareGuard) -> Quarantined and deleted successfully.
C:\Program Files\Spyware Guard 2008\quarantine\Malwarebytes' Anti-Malware\changes.rtf (Rogue.SpywareGuard) -> Quarantined and deleted successfully.
C:\Program Files\Spyware Guard 2008\quarantine\Malwarebytes' Anti-Malware\license.txt (Rogue.SpywareGuard) -> Quarantined and deleted successfully.
C:\Program Files\Spyware Guard 2008\quarantine\Malwarebytes' Anti-Malware\mbam-dor.exe (Rogue.SpywareGuard) -> Quarantined and deleted successfully.
C:\Program Files\Spyware Guard 2008\quarantine\Malwarebytes' Anti-Malware\mbam.chm (Rogue.SpywareGuard) -> Quarantined and deleted successfully.
C:\Program Files\Spyware Guard 2008\quarantine\Malwarebytes' Anti-Malware\mbam.dll (Rogue.SpywareGuard) -> Quarantined and deleted successfully.
C:\Program Files\Spyware Guard 2008\quarantine\Malwarebytes' Anti-Malware\mbam.exe (Rogue.SpywareGuard) -> Quarantined and deleted successfully.
C:\Program Files\Spyware Guard 2008\quarantine\Malwarebytes' Anti-Malware\mbamext.dll (Rogue.SpywareGuard) -> Quarantined and deleted successfully.
C:\Program Files\Spyware Guard 2008\quarantine\Malwarebytes' Anti-Malware\mbamgui.exe (Rogue.SpywareGuard) -> Quarantined and deleted successfully.
C:\Program Files\Spyware Guard 2008\quarantine\Malwarebytes' Anti-Malware\mbamservice.exe (Rogue.SpywareGuard) -> Quarantined and deleted successfully.
C:\Program Files\Spyware Guard 2008\quarantine\Malwarebytes' Anti-Malware\ssubtmr6.dll (Rogue.SpywareGuard) -> Quarantined and deleted successfully.
C:\Program Files\Spyware Guard 2008\quarantine\Malwarebytes' Anti-Malware\unins000.dat (Rogue.SpywareGuard) -> Quarantined and deleted successfully.
C:\Program Files\Spyware Guard 2008\quarantine\Malwarebytes' Anti-Malware\unins000.exe (Rogue.SpywareGuard) -> Quarantined and deleted successfully.
C:\Program Files\Spyware Guard 2008\quarantine\Malwarebytes' Anti-Malware\unins000.msg (Rogue.SpywareGuard) -> Quarantined and deleted successfully.
C:\Program Files\Spyware Guard 2008\quarantine\Malwarebytes' Anti-Malware\vbalsgrid6.ocx (Rogue.SpywareGuard) -> Quarantined and deleted successfully.
C:\Program Files\Spyware Guard 2008\quarantine\Malwarebytes' Anti-Malware\zlib.dll (Rogue.SpywareGuard) -> Quarantined and deleted successfully.
C:\Program Files\Spyware Guard 2008\quarantine\Malwarebytes' Anti-Malware\Languages\albanian.lng (Rogue.SpywareGuard) -> Quarantined and deleted successfully.
C:\Program Files\Spyware Guard 2008\quarantine\Malwarebytes' Anti-Malware\Languages\bulgarian.lng (Rogue.SpywareGuard) -> Quarantined and deleted successfully.
C:\Program Files\Spyware Guard 2008\quarantine\Malwarebytes' Anti-Malware\Languages\catalan.lng (Rogue.SpywareGuard) -> Quarantined and deleted successfully.
C:\Program Files\Spyware Guard 2008\quarantine\Malwarebytes' Anti-Malware\Languages\chineseSI.lng (Rogue.SpywareGuard) -> Quarantined and deleted successfully.
C:\Program Files\Spyware Guard 2008\quarantine\Malwarebytes' Anti-Malware\Languages\chineseTR.lng (Rogue.SpywareGuard) -> Quarantined and deleted successfully.
C:\Program Files\Spyware Guard 2008\quarantine\Malwarebytes' Anti-Malware\Languages\czech.lng (Rogue.SpywareGuard) -> Quarantined and deleted successfully.
C:\Program Files\Spyware Guard 2008\quarantine\Malwarebytes' Anti-Malware\Languages\danish.lng (Rogue.SpywareGuard) -> Quarantined and deleted successfully.
C:\Program Files\Spyware Guard 2008\quarantine\Malwarebytes' Anti-Malware\Languages\dutch.lng (Rogue.SpywareGuard) -> Quarantined and deleted successfully.
C:\Program Files\Spyware Guard 2008\quarantine\Malwarebytes' Anti-Malware\Languages\english.lng (Rogue.SpywareGuard) -> Quarantined and deleted successfully.
C:\Program Files\Spyware Guard 2008\quarantine\Malwarebytes' Anti-Malware\Languages\finnish.lng (Rogue.SpywareGuard) -> Quarantined and deleted successfully.
C:\Program Files\Spyware Guard 2008\quarantine\Malwarebytes' Anti-Malware\Languages\french.lng (Rogue.SpywareGuard) -> Quarantined and deleted successfully.
C:\Program Files\Spyware Guard 2008\quarantine\Malwarebytes' Anti-Malware\Languages\german.lng (Rogue.SpywareGuard) -> Quarantined and deleted successfully.
C:\Program Files\Spyware Guard 2008\quarantine\Malwarebytes' Anti-Malware\Languages\greek.lng (Rogue.SpywareGuard) -> Quarantined and deleted successfully.
C:\Program Files\Spyware Guard 2008\quarantine\Malwarebytes' Anti-Malware\Languages\hungarian.lng (Rogue.SpywareGuard) -> Quarantined and deleted successfully.
C:\Program Files\Spyware Guard 2008\quarantine\Malwarebytes' Anti-Malware\Languages\italian.lng (Rogue.SpywareGuard) -> Quarantined and deleted successfully.
C:\Program Files\Spyware Guard 2008\quarantine\Malwarebytes' Anti-Malware\Languages\macedonian.lng (Rogue.SpywareGuard) -> Quarantined and deleted successfully.
C:\Program Files\Spyware Guard 2008\quarantine\Malwarebytes' Anti-Malware\Languages\norwegian.lng (Rogue.SpywareGuard) -> Quarantined and deleted successfully.
C:\Program Files\Spyware Guard 2008\quarantine\Malwarebytes' Anti-Malware\Languages\polish.lng (Rogue.SpywareGuard) -> Quarantined and deleted successfully.
C:\Program Files\Spyware Guard 2008\quarantine\Malwarebytes' Anti-Malware\Languages\portugueseBR.lng (Rogue.SpywareGuard) -> Quarantined and deleted successfully.
C:\Program Files\Spyware Guard 2008\quarantine\Malwarebytes' Anti-Malware\Languages\portuguesePT.lng (Rogue.SpywareGuard) -> Quarantined and deleted successfully.
C:\Program Files\Spyware Guard 2008\quarantine\Malwarebytes' Anti-Malware\Languages\romanian.lng (Rogue.SpywareGuard) -> Quarantined and deleted successfully.
C:\Program Files\Spyware Guard 2008\quarantine\Malwarebytes' Anti-Malware\Languages\russian.lng (Rogue.SpywareGuard) -> Quarantined and deleted successfully.
C:\Program Files\Spyware Guard 2008\quarantine\Malwarebytes' Anti-Malware\Languages\serbian.lng (Rogue.SpywareGuard) -> Quarantined and deleted successfully.
C:\Program Files\Spyware Guard 2008\quarantine\Malwarebytes' Anti-Malware\Languages\slovak.lng (Rogue.SpywareGuard) -> Quarantined and deleted successfully.
C:\Program Files\Spyware Guard 2008\quarantine\Malwarebytes' Anti-Malware\Languages\slovenian.lng (Rogue.SpywareGuard) -> Quarantined and deleted successfully.
C:\Program Files\Spyware Guard 2008\quarantine\Malwarebytes' Anti-Malware\Languages\spanish.lng (Rogue.SpywareGuard) -> Quarantined and deleted successfully.
C:\Program Files\Spyware Guard 2008\quarantine\Malwarebytes' Anti-Malware\Languages\swedish.lng (Rogue.SpywareGuard) -> Quarantined and deleted successfully.
C:\Program Files\Spyware Guard 2008\quarantine\Malwarebytes' Anti-Malware\Languages\turkish.lng (Rogue.SpywareGuard) -> Quarantined and deleted successfully.
C:\Program Files\Spyware Guard 2008\quarantine\Malwarebytes' Anti-Malware\Languages\ukrainian.lng (Rogue.SpywareGuard) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\twain_32\local.ds (Backdoor.Bot) -> Delete on reboot.
C:\WINDOWS\system32\twain_32\user.ds (Backdoor.Bot) -> Delete on reboot.
C:\Documents and Settings\TANYA GONNASON\Start Menu\Programs\Spyware Guard 2008\Spyware Guard 2008.lnk (Rogue.SpywareGuard) -> Quarantined and deleted successfully.
C:\Documents and Settings\TANYA GONNASON\Start Menu\Programs\Spyware Guard 2008\Uninstall.lnk (Rogue.SpywareGuard) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mcrh.tmp (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\twext.exe (Backdoor.Bot) -> Delete on reboot.
C:\WINDOWS\system32\TDSSlxwp.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\~.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\sysexplorer.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\reged.exe (Rogue.SpywareGuard) -> Quarantined and deleted successfully.
C:\WINDOWS\spoolsystem.exe (Rogue.SpywareGuard) -> Quarantined and deleted successfully.
C:\WINDOWS\sys.com (Rogue.SpywareGuard) -> Quarantined and deleted successfully.
C:\WINDOWS\syscert.exe (Rogue.SpywareGuard) -> Quarantined and deleted successfully.
C:\WINDOWS\vmreg.dll (Rogue.SpywareGuard) -> Quarantined and deleted successfully.
C:\Documents and Settings\TANYA GONNASON\Desktop\Spyware Guard 2008.lnk (Rogue.SpywareGuard) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\TDSSrhym.log (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\TDSStkdv.log (Trojan.TDSS) -> Quarantined and deleted successfully.

#14 Drjeff

Drjeff
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:11:10 AM

Posted 14 December 2008 - 03:02 AM

And Spyware Guard 2008 is still there.....

#15 Drjeff

Drjeff
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:11:10 AM

Posted 14 December 2008 - 03:04 AM

Start menu says new programs installed..... and it is Spyware Guard 2008




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users