System infected with SWP2009 demo Virus

[TheTurner]

I am hit by Spyware Protect 2009 fake antivirus software. My firewall has showed me a popup of un blocking a service. I thought it was some website related popup or some plugin or toolbar. When I clicked on unblocked the fake tool installed in my system. I had restarted my system and then found its popup on my screen. I cannot do anything in the system. There is problem with Task Manager and the system has started performing very slow. I checked on Google and found that it is a fraud antimalware. I cannot delete or remove it manually as I am getting access denied error on the screen.

[veruschkan]

I got rid of this SWP2009 demo malware by doing the following:

1) Stop the following service using Ctrl+Alt+Delete and Task Manager: sysguard.exe. This will stop the popups and the fictious scanning of the PC by the rouge antivirus.

2) Do a search for the sysguard.exe file on your PC (make sure you can see hidden files) and delete any file with that name, including the prefetch file. This will avoid it from reloading when you restart your PC.

3) Control Panel-->Internet Option-->Advanced Tab-->Click on Reset button to reset Internet Explorer to default settings. This will remove any Plug Ins/Ad-Ons that the program loaded to Internet Explorer. Also, it will default the home page to factory settings.

4) Control Panel-->Internet Option-->General Tab-->Delete all temporary files, paswords, etc.

5) Microsoft® Windows® Malicious Software Removal Tool (KB890830)http://www.microsoft.com/downloads/d...displaylang=en

6) Run the tool to scan and remove the spyware.

7) Control Panel-->Internet Option-->Advanced Tab-->Click on Restore Advanced Settings. This will restore factory default security settings for your Internet Explorer.

8) Restart your PC. At this point, when you log back in, you should no longer have sysguard service that runs the SWP2009 virus will no longer load. You should also be able to open internet explorer to factory default page and be able to return your costumized home page as you want under the Control Panel-->Internet Option-->General Tab and entering the website of your choosing.

I hope this helps!!!

[happyscientist]

I am going to go with malwarebytes. That would be the only best option to deal with such kind of fake tools. At start when this kind of virus infect the system there are less chances to recover or move back to the old state. They modify some internal registry and system files which cause all this thing Windows Repair setup just overwrites the existing system files. I am sure there is nothing deleted. Because still I can see my old softwares are installed. Task Manager shows up the related process which is associated with the tool.

[karinkitten]

I had the same problem with this virus. The trick to opening task manager is to immediately hit control+alt+delete the moment the computer shows your desktop background. The swp2009demo virus takes a moment to load and your computer will start other regular startup programs first like aim etc before it starts the virus program. The task manager will come up blank until the virus loads, then end program it when it pops up.

[Borgnine]

It is correct to some extent that Windows repair setup does not really helps. It just replaces the file and to get rid of such threats it is recommended to format the computer completely and install Windows. There are some anti-malware and anti-spyware software which works best in many ways. You can test that if that does not work then there is no other option left then formatting and installing windows back.