Re: swp2009 demo hit my computer tonight



Just wanted to say thanks for taking the time to post this. I just caught
this goober off of People of Walmart.com and have been wrestling with it for
days. I just got rid of another virus a few months ago by having my hard
drive wiped and losing all my data, so I am glad to find this since I thought
I might have the same situation. I do have my docs saved this time but would
have lost a few days of Quickbooks. I am in process as I write this but have
gotten through part already and am able to get on the internet again now. I
am downloading the removal tool now. Thanks again and God Bless.

"veruschkan" wrote:


I got rid of this SWP2009 demo malware by doing the following:

1) Stop the following service using Ctrl+Alt+Delete and Task Manager:
sysguard.exe. This will stop the popups and the fictious scanning of
the PC by the rouge antivirus.

2) Do a search for the sysguard.exe file on your PC (make sure you can
see hidden files) and delete any file with that name, including the
prefetch file. This will avoid it from reloading when you restart your
PC.

3) Control Panel-->Internet Option-->Advanced Tab-->Click on Reset
button to reset Internet Explorer to default settings. This will remove
any Plug Ins/Ad-Ons that the program loaded to Internet Explorer. Also,
it will default the home page to factory settings.

4) Control Panel-->Internet Option-->General Tab-->Delete all temporary
files, paswords, etc.

5) Microsoft® Windows® Malicious Software Removal Tool
(KB890830)http://www.microsoft.com/downloads/details.aspx?familyid=ad724ae0-e72d-4f54-9ab3-75b8eb148356&displaylang=en

6) Run the tool to scan and remove the spyware.

7) Control Panel-->Internet Option-->Advanced Tab-->Click on Restore
Advanced Settings. This will restore factory default security settings
for your Internet Explorer.

8) Restart your PC. At this point, when you log back in, you should no
longer have sysguard service that runs the SWP2009 virus will no longer
load. You should also be able to open internet explorer to factory
default page and be able to return your costumized home page as you want
under the Control Panel-->Internet Option-->General Tab and entering
the website of your choosing.

I hope this helps!!!


--
veruschkan
------------------------------------------------------------------------
veruschkan's Profile: http://forums.techarena.in/members/103690.htm
View this thread: http://forums.techarena.in/security-virus/1118668.htm

http://forums.techarena.in


.



Relevant Pages

  • Re: swp2009 demo hit my computer tonight
    ... button to reset Internet Explorer to default settings. ... any Plug Ins/Ad-Ons that the program loaded to Internet Explorer. ... it will default the home page to factory settings. ... Once I got back control I ran "McAfee" for a scan. ...
    (microsoft.public.security.virus)
  • Re: swp2009 demo hit my computer tonight
    ... button to reset Internet Explorer to default settings. ... any Plug Ins/Ad-Ons that the program loaded to Internet Explorer. ... Microsoft® Windows® Malicious Software Removal Tool ... This will restore factory default security settings ...
    (microsoft.public.security.virus)
  • Re: swp2009 demo hit my computer tonight
    ... button to reset Internet Explorer to default settings. ... any Plug Ins/Ad-Ons that the program loaded to Internet Explorer. ... it will default the home page to factory settings. ... Microsoft® Windows® Malicious Software Removal Tool ...
    (microsoft.public.security.virus)
  • Re: After Windowsupdate
    ... please try to reset IE settings to default: ... Open Internet Explorer ... General tab. ... Close all the Internet Explorer windows. ...
    (microsoft.public.windows.server.general)
  • Re: Exch2K3 OWA & RWW "Loading..." issue
    ... Can you modify security tab of IE on these problematic clients? ... compare settings with a available access OWA client? ... Actually we can control IE security setting in domain level via GPO. ... Add a web site to safe domains in everyone's Internet Explorer ...
    (microsoft.public.windows.server.sbs)