SpyGuarder
SpyGuarder is a deceiving security program or mostly known as rogue software. Ordinarily, this type of program requires manual installation from user. It will trick victims by injecting installation code into popular applications and make it available online using free file-sharing networks.
Once downloaded and installed, SpyGuarder commences a virus scan and reports about harmful and malicious software detected on user’s computer. The malware also produces dozens of fake security alerts and tries to convince victims to purchase the fake security application.
Screen Shot Image:
Technical Details and Additional Information:
Damage Level: Medium
Systems Affected: Windows 9x, 2000, XP, Vista
Characteristics (Analysis)
Malware Behavior
While SpyGuarder is running on the computer, it continuously provides falsified security information coming from Windows system tray. One of the warning it may pop-up contains the following message:
SpyGuarder 2.1
SpyGuarder has detected harmful software in your system. We strongly recommended you to register SpyGuarder to remove these threats immediately. Click on baloon to fix these errors.
This potentially unwanted program will also scan the computer and exhibits false information such as:
Warning! harmful and malicious software detected.
Spyware programs can steal your credit card numbers and bank information details.
The computer can be used for sending spam and may get pop-ups with adult or any other unwanted content.We are sorry, but the trial version is unable to remove these threats.
We strongly recommend you to purchase Full version.
You will get 24×7 friendly support and unlimited protection.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\"SpyGuarder" = "C:\Documents and Settings\Administrator\spyguarder.exe"Associated Files and Folders:
%UserProfile%\Application Data\SpyGuarder\base.dat %UserProfile%\Application Data\SpyGuarder\base2.dat %UserProfile%\Application Data\SpyGuarder\Desc.dat %UserProfile%\Application Data\SpyGuarder\spline.dat %UserProfile%\Application Data\SpyGuarder\SpyGuarder.ini %UserProfile%\redir.dll %UserProfile%\spyguarder.exe
precisesecurity
May 24, 2008 @ 01:32:52
1. Temporarily Disable System Restore (Windows Me/XP/Vista/7) . [how to]
2. Update the virus definitions.
3. Reboot Windows in Safe Mode. [how to]
4. Run a full system scan and clean/delete all infected file(s)
5. Delete/Modify any values added to the registry. [how to edit registry]
Navigate to and delete the following registry entry:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\”SpyGuarder” = “C:\Documents and Settings\Administrator\spyguarder.exe”
Navigate to and delete the following registry subkeys:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats
\{F3642B57-3EA8-4EEA-A643-9DE138381A57}
HKEY_CLASSES_ROOT\CLSID\{F3642B57-3EA8-4EEA-A643-9DE138381A57}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F3642B57-3EA8-4EEA-A643-9DE138381A57}
6. Exit registry editor and restart Windows.
7. In order to make sure that threat is completely eliminated, carry out a full scan of your system using AntiVirus and Antispyware Software. Another way to delete the virus using various Antivirus Program without the need to install can be done with Online Virus Scanner.
Dorothy Farley
Jun 12, 2008 @ 16:21:52
Spyguarder has appeared in my desktop a few days ago making it impossible to open any of my programs. I had to order their software for 49.99 within 10/15 minutes they took 68.88 out of my account. This money was removed by a billing company who told me they don’t know Spyguarder is located or how to reach them. Do you have any idea in what state they are located? Please advise me if you can assist me. Thanks.
Rhodna Michel
Jul 25, 2008 @ 17:12:45
I had the same problem and I am a Realtor who needs their computer. They took $114.00 out of my account instead of the $49.99. Their system won’t activate with the “Key” they gave me and I have contacted their Customer service # to have the amount removed in the meantime. I am on hold, again, as I type this. Their #1-800-467-1077 has left me on hold for 30 minutes. I called my bank and they said I could sign a dispute of charges and have it removed so you might try that. I am having trouble deleting this at this time. Hope you have better luck. I am going to file a complain with my state Attorney General’s Office. Good Luck!