Prev: Boot from CD to do recovery console
Next: ircphate.exe- trojan
From: Stephanie Good on 26 Dec 2009 09:54
Just had the infection come across as 'iuhesysguard.exe' this morning.
Malwarebytes did not detect it (it did last year) and the swp2009demo
was preventing any executables as in previous versions. It seems like
it is my Christmas present now for the past 2 years. I did
veruschkan's approach with karinkitten's restart method and everything
seems to work. I'll try the superantispyware now... See everyone again
next Christmas!

On Nov 22, 2:10 am, karinkitten <karinkitten.421...(a)DoNotSpam.com>
wrote:
> I had the same problem with this virus. The trick to opening task
> manager is to immediately hit control+alt+delete the moment the computer
> shows your desktop background. The swp2009demo virus takes a moment to
> load and your computer will start other regular startup programs first
> like aim etc before it starts the virus program. The task manager will
> come up blank until the virus loads, then end program it when it pops
> up.
>
> --
> karinkitten
> ------------------------------------------------------------------------
> karinkitten's Profile:http://forums.techarena.in/members/157017.htm
> View this thread:http://forums.techarena.in/security-virus/1118668.htm
>
> http://forums.techarena.in

From: lvjesus on 4 Jan 2010 21:34
Just wanted to say thanks for taking the time to post this. I just caught
this goober off of People of Walmart.com and have been wrestling with it for
days. I just got rid of another virus a few months ago by having my hard
drive wiped and losing all my data, so I am glad to find this since I thought
I might have the same situation. I do have my docs saved this time but would
have lost a few days of Quickbooks. I am in process as I write this but have
gotten through part already and am able to get on the internet again now. I
am downloading the removal tool now. Thanks again and God Bless.

"veruschkan" wrote:

>
> I got rid of this SWP2009 demo malware by doing the following:
>
> 1) Stop the following service using Ctrl+Alt+Delete and Task Manager:
> sysguard.exe. This will stop the popups and the fictious scanning of
> the PC by the rouge antivirus.
>
> 2) Do a search for the sysguard.exe file on your PC (make sure you can
> see hidden files) and delete any file with that name, including the
> prefetch file. This will avoid it from reloading when you restart your
> PC.
>
> 3) Control Panel-->Internet Option-->Advanced Tab-->Click on Reset
> button to reset Internet Explorer to default settings. This will remove
> any Plug Ins/Ad-Ons that the program loaded to Internet Explorer. Also,
> it will default the home page to factory settings.
>
> 4) Control Panel-->Internet Option-->General Tab-->Delete all temporary
> files, paswords, etc.
>
> 5) Microsoft® Windows® Malicious Software Removal Tool
> (KB890830)http://www.microsoft.com/downloads/details.aspx?familyid=ad724ae0-e72d-4f54-9ab3-75b8eb148356&displaylang=en
>
> 6) Run the tool to scan and remove the spyware.
>
> 7) Control Panel-->Internet Option-->Advanced Tab-->Click on Restore
> Advanced Settings. This will restore factory default security settings
> for your Internet Explorer.
>
> 8) Restart your PC. At this point, when you log back in, you should no
> longer have sysguard service that runs the SWP2009 virus will no longer
> load. You should also be able to open internet explorer to factory
> default page and be able to return your costumized home page as you want
> under the Control Panel-->Internet Option-->General Tab and entering
> the website of your choosing.
>
> I hope this helps!!!
>
>
> --
> veruschkan
> ------------------------------------------------------------------------
> veruschkan's Profile: http://forums.techarena.in/members/103690.htm
> View this thread: http://forums.techarena.in/security-virus/1118668.htm
>
> http://forums.techarena.in
>
>
 | 
Pages: 1
Prev: Boot from CD to do recovery console
Next: ircphate.exe- trojan