Just recently I noticed something very interesting on my wife’s laptop. I noticed it because I’m normally the one who install her anti-virus (AV) and other programs. This one was obvious because there appeared to be another AV program reporting that laptop is being attacked or hacked and that I must purchase it in order to protect the computer from this attack!
The bogus AV is called Spyware Guard 2009. This one is categorized as a parasite–meaning that it is one heck of a program to remove from your computer. It is one destructive and nasty parasite because it does the following:
- Prevents you from going to the Internet
- screws up the user profile…meaning that if you log out then login, it will tell you that your user profile is missing; effectively you can’t get back to your desktop
It does more, but I didn’t wait too long to find out.
Most users would be easily scammed and overwhelmed by this, but fortunately I’m not most users. Even then, it was one heck of a parasite to remove. How did I do it?
I did a lot of searches on the Internet (using another computer). Most solutions I found provided free scans to find the problem but wanted me to pay to remove. However, I found a solution that allowed me to scan an remove. It is called Malwarebyte’s Anti-malware.
It allowed me to scan and identify registry entries and files that were part of this parasite. Then it gave me the option to remove them. It couldn’t remove about 5 of them, even after a couple of attempts. I knew then that I had a relatively new or different strain.
Fortunately, MalwareByte Anti-Malware clearly identified which ones it couldn’t remove. I tried removing them in Windows safe mode, with no luck–system reports that they cannot be deleted.
As a last resort, I booted using ERD Commander and deleted the bad files and registry entries. And FINALLY got rid of that parasite.
The last thing I did was removed the administrative rights of my wife’s account. This should help prevent any future major infection.
I hope this is helpful to others who read this.