SpyGuarder

24 May 2008 Unwanted Program 2 Comments

SpyGuarder is a deceiving security program or mostly known as rogue software. Ordinarily, this type of program requires manual installation from user. It will trick victims by injecting installation code into popular applications and make it available online using free file-sharing networks.

Once downloaded and installed, SpyGuarder commences a virus scan and reports about harmful and malicious software detected on user’s computer. The malware also produces dozens of fake security alerts and tries to convince victims to purchase the fake security application.

Screen Shot Image:

Technical Details and Additional Information:

Damage Level: Medium

Systems Affected: Windows 9x, 2000, XP, Vista

Characteristics (Analysis)

Malware Behavior
While SpyGuarder is running on the computer, it continuously provides falsified security information coming from Windows system tray. One of the warning it may pop-up contains the following message:

SpyGuarder 2.1
SpyGuarder has detected harmful software in your system. We strongly recommended you to register SpyGuarder to remove these threats immediately. Click on baloon to fix these errors.

 

This potentially unwanted program will also scan the computer and exhibits false information such as:

Warning! harmful and malicious software detected.
Spyware programs can steal your credit card numbers and bank information details.
The computer can be used for sending spam and may get pop-ups with adult or any other unwanted content.

We are sorry, but the trial version is unable to remove these threats.
We strongly recommend you to purchase Full version.
You will get 24×7 friendly support and unlimited protection.

Added Registry Entries:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\"SpyGuarder" = "C:\Documents and Settings\Administrator\spyguarder.exe"
Associated Files and Folders:
%UserProfile%\Application Data\SpyGuarder\base.dat
%UserProfile%\Application Data\SpyGuarder\base2.dat
%UserProfile%\Application Data\SpyGuarder\Desc.dat
%UserProfile%\Application Data\SpyGuarder\spline.dat
%UserProfile%\Application Data\SpyGuarder\SpyGuarder.ini
%UserProfile%\redir.dll
%UserProfile%\spyguarder.exe

How to Remove SpyGuarder

Manual Removal Procedure

1. Press Ctrl+Alt+Del on keyboard to stop the process associated to "SpyGuarder". When Windows Task Manager opens, go to Processes tab. Find and end this process.
spyguarder.exe

2. You need to update your installed antivirus software. Please connect to the Internet and download the most recent database. This is a one-click process from your AV program’s console.
3. Thoroughly scan the computer and remove any threats found by your antivirus program. If delete option is not available, your best next choice is to quarantine the infected file. There is also a need to manually locate and delete malicious files. Please see the file section for items that are relevant to SpyGuarder Virus.

4. Next, you need to remove registry entries created by SpyGuarder. Please refer to registry section to view entries related to the rogue program. [how to edit registry]
5. Exit registry editor when you are done.

6. Get rid of SpyGuarder start-up entry by going to Start > Run, type msconfig on the "Open" dialog box. It will launch a new window containing System Configuration Utility. Click on the Startup tab and uncheck the following item.
spyguarder.exe

7. Click Apply. You need to restart Windows.

SpyGuarder Virus Removal Tools

Although manual removal of SpyGuarder is an easy process, we still recommend automatic removal to deal with this malware. You may download free tool like MalwareBytes Anti-Malware from this link. Other than that, you may also want to do a separate scan using SuperAntiSpyware Portable. Download SAS Portable and start scanning the infected computer from USB, CD or any bootable devices.

What to do next...