- Antispyware Security Scanner. Security Scanner Scan Your PC's Processes, Memory And System Registry For Hidden And Dormant Spyware, Adware, Trojans, Dialers, Worms And Other Forms Of Malware! Scan And Clear Your Computer With Just A Few Clicks Of The Mouse!
- The Hackers Nightmare: The Bible Of Computer & Internet Security. How To Keep Hackers, Worms And Other Germs Out Of Your Pc. The Very Best Resource For Computer Security & Internet Security. Written For Novices & Experienced Users. Remove Malware And Speed Up Your Pc. Learn To Protect Against All Attacks And Intrusions.
Disclaimer: Please ask for assistance to your local computer technician if you're not technical to follow this article. I will try to make it as friendly as possible for you to follow.
If you have an active Symantec Anti-Virus software installed to your workstation and still got this virus warning, you are most likely infected.
Then your computer start showing Spyware Protect 2009 alert (in red color) message, that your computer is being attaked
by an Internet Virus. It could be a password-stealing attack, a trojan - dropper or similar. Do you want to block this attack? Yes or No. Don't bother to answer this quesion, this is malware program you probably get it from a malicious website for example freebie games download, musics sharing website, news portal website that shows random advertisement, etc.
and the malware will follow another Spyware alert!
again in red annoying color. You have the option to "Activate Spyware Protect 2009" or "Stay unprotected". Don't select any of these options, just reset your workstation or hold-on power off button.
When I run a tool "hijackit" from TrendMicro. I was able to see
this new entry from 01 - Hosts:
91.212.65.122 browser-security.microsoft.com, antiwareprotect.com and
www.antiwareprotect.com
For a quick check of WHOIS record: antiwareprotect.com is on privacy protect. We should all block this website from our network, or the ISP should be smart enough to block this website going out the Internet. That save us some trouble. Well, that's another article to write.
What to check in your windows registry to stop this annoying pop-up in your windows system? With the help of regedit tool, built-in with your windows operating system you might be able to correct this problem. The malware program normally use your Program Run at Windows Startup.
How to remove a startup application? Most malware or spyware bot launching from the registry keys. To remove it, delete their value associated with the program you want to remove. In this case we want to remove the sysguard.exe file in your windows registry. Using regedit tool, you should be able to see the sysguard.exe to the following location.
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
or
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
or
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
or
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]
Example location:
Then open a DOS command prompt to delete the sysguard.exe file in your windows folder. Or search the entire drive C or D, for example "dir sysguard.exe /s". This command will search your entire drive including sub-folder for sysguard.exe file.
Restart your computer and check if you still see the Spyware AntiVirus 2009 Alert in your windows system.
References:
I've seen a different antibot malware. I forgot the name, but I was able to removed it using the same process of running "regedit" tool.
ReplyDeleteI hope this help other users. Post your feedback here.