Tags:





While I appreciate the irony..
March 26, 2009 5:51 PM   RSS feed for this thread Subscribe

I've been attacked by some malware called "Spyware Protect 2009". Have you guys seen this before? Screenshot and symptoms inside - hoping someone can help me kill this thing.

This is what it looks like in action.

Note than NONE of the balloons or popups you see are from any of the legitimate security software on my computer, they're all from the malware. The popups show up every minute or so, and there's even a system tray icon for this non-existent piece of software now.

It's also done something strange to Task Manager - the border around the center of the window is gone; I can't see or access the File menu, for example.

I'm running Spybot with the latest definitions, but that scan is going to take a while. Anybody got any experience dealing with this thing?
posted by CRM114 to computers & internet (22 comments total) 15 users marked this as a favorite
It's been said before a hundred times on other virus threads... if you are certain you're infected, the only real insurance is reinstalling the OS. Anti-virus programs miss viruses all the time, and likewise cleaners can miss elements of virus removal. And once you're compromised you can't be certain what else the virus put there, or what was there before that particular virus got noticed. Windows has so many hooks, interdependencies, and permissions vulnerabilities that wiping the slate clean is good insurance.
posted by crapmatic at 5:59 PM on March 26 [2 favorites has favorites]


+1 for formatting
posted by tdreyer at 6:03 PM on March 26


Shit. This is the computer with 3 years of pictures and mp3s that I kept saying I'd get an external hard drive to back up for months now. Can I transfer all that stuff to an external HDD without risking taking the virus with it, then f-disk?
posted by CRM114 at 6:05 PM on March 26


The other posters have it -- reformatting and reinstalling is your best bet. If you opt to chance it by attempting a removal, Google yields some reasonable results, such as http://www.2-spyware.com/remove-spyware-protect-2009.html.

Hopefully, you have good backups; if not, look into something like Mozy, JungleDisk (my preference), Carbonite, or any of the other good tools out there and save yourself some hassle the next time around. At least in this case, you should be able to save some data.
posted by ellF at 6:07 PM on March 26


You may have to format, maybe.

But first, fuck Spybot - honestly, fuck it. It was good three years ago. It's not anymore.

I work in IT, and we live and die with Malwarebytes Anti-Malware.

Download it from here:
http://www.malwarebytes.org/

It's a great tool, and I've yet to meet something that it couldn't rip out and totally demolish.
posted by kbanas at 6:09 PM on March 26 [11 favorites has favorites]


Detailed instructions for getting rid of this nasty are available here: http://www.malwarebytes.org/forums/index.php?showtopic=12374

(note: I've not gotten bit with this, so I can't say that I've personally tried this - but the instructions at least LOOK solid).
posted by deadmessenger at 6:14 PM on March 26


Seconding Malwarebytes Anti-Malware. It's always done the trick for me, and I recommend it in most virus threads. Run it several times, though, to make sure you get everything. Formatting should be an absolute last resort. I've run into tons of viruses and problems and with (sometimes a LOT of) work, I've never had to do it.

Additionally, if you're still having problems, there are some manual removal steps here, but several of the comments point to Malwarebytes being capable of removing it.
posted by HonorShadow at 6:18 PM on March 26 [1 favorite has favorites]


I got something similar to this - I got a new drive in a USB enclosure, took the drive out, swapped the infected drive into the enclosure. I re-imaged the PC and copied files - pictures, home movies, etc - off the USB drive. As long as you don't execute anything on the old drive, you should be OK. Also, install an anti-virus after you re-image. it helps a little at least. ALso, I now have a bigger drive in my system.
posted by GuyZero at 6:20 PM on March 26


1.) Disable Windows System Restore
2.) Download and install Malware Bytes

There are some new Spyware infections that will prevent you from running/scanning with Malware Bytes. If this is the case, you *might* get lucky enough to rename the MalwareBytes executable and then get it to run/scan successfully.

If you can't (get MalwareBytes to run).. then my suggestion would be to physically remove your hard drive, hook it up to an external adapter, and scan it from a friends machine. This may be a complete pain in the ass, but its a whole lot less painful than Formatting.

Most of the recent "AntiVirus2009" variants that I've come across can be removed with Malware Bytes and get you back to a clean system without formatting. (Yes - I know the only 100% sure way is to Format and start over.. but is that realistic for most home users? no. )

After cleaning the system, I generally recommend NOD32 antivirus, Firefox with adblock/scriptblock and possibly things like Windows Defender.

Dont get discouraged. Spyware is beatable.
posted by jmnugent at 6:21 PM on March 26


I just cleaned off a PC with this and a few viruses on it this week for a friend's dad. I found that disabling system restore, installing Malware Bytes, installing an up-to-date free anti-virus program (the one they had was out of date by 3 years, worse than worthless because it gave them a false sense of security) booting into safe mode and scanning for malware and viruses took care of it. Once that was done, I booted back into regular mode and scanned everything once again and I got zero positives.
posted by SirOmega at 6:25 PM on March 26


Formatting is overkill. I just cleaned this off a coworkers computer today as well. Go to task manager and kill the sysguard.exe process to remove the running program from your screen.

Then run Malware Bytes. Did a quick scan there. That will clean up the executables and the registry entries this makes.

Then did a full scan, it found nothing, then scanned with Spybot S&D and that also found nothing.

That computer looks pretty clean now as far as I can tell.
posted by gatorbiddy at 6:32 PM on March 26 [1 favorite has favorites]


Oh and an extra tip if you ever get infected with something and it won't allow Malware Bytes to run, just change the filename of mbam.exe to something else like tempmbam.exe and then it will lauch and run successfully.
posted by gatorbiddy at 6:38 PM on March 26 [1 favorite has favorites]


If you double click the border of the task manager, the menu should reappear. +1 for MalwareBytes. I'll also mention SuperAntiSpyware. There is a chance of backing up without bringing the virus along, but I would say formatting because it's less time-consuming.
posted by ThirstyEar2 at 6:41 PM on March 26


I'm in the middle of doing exactly what gatorbiddy prescribed right now on the infected laptop. The quickscan made all the evident symptoms go away.

In a couple of weeks (I'm about to make a big move so I was kind of planning on this anyway) I'm going to take ellF's advice and upload all of my pictures and mp3s to cloud storage, then format and reinstall XP.

Anyone have any more suggestions of thoughts on storage solutions? JungleDisk looks good but I'd love to hear any other opinons.
posted by CRM114 at 6:49 PM on March 26


crapmatic: "It's been said before a hundred times on other virus threads... if you are certain you're infected, the only real insurance is reinstalling the OS."

tdreyer: "+1 for formatting"

ellF: "The other posters have it -- reformatting and reinstalling is your best bet."

No, no, no, no, NO. I've gotten my share of viruses over the years, and I've never had to reformat my machine. It's total overkill, and should be a last resort.

Dump Spybot, pick up a more competent program like Malwarebytes, and scan, scan, scan. If that doesn't work, search online for the particulars of your infection -- you should find forum posts and such from others with the same bug. Most of the time they will have discovered a solution that you can try, too.

Trust me on this... I had a nasty infection a few weeks ago -- the first recommendation was to nuke it from orbit, but I eventually managed to remove it completely with information gleaned from an online help forum. And if that little bugger can be gotten rid of, anything can.
posted by Rhaomi at 7:44 PM on March 26 [1 favorite has favorites]


Anyone have any more suggestions of thoughts on storage solutions? JungleDisk looks good but I'd love to hear any other opinons.

JungleDisk seems to be pretty popular as these things go, (I've talked to people who use it and are very happy with the cost-per-byte, and the ease-of-use) but the adage is "If you don't have it twice, you don't have it." I'm maybe overboard about backups, but I'd grab an external USB, as well. They're incredibly cheap these days. I got a 500 gb Free Agent Pro for about $100.00 6 months ago. They're even cheaper than that without Firewire, if you shop. $79.00 or $89.00, if you can find a sale.
posted by Devils Rancher at 7:44 PM on March 26


I had great success using Avast! to clean my computer of a similar infection and keep it bug-free for a few months now. And it's free!
posted by gnutron at 8:12 PM on March 26


Thanks all for the outpouring of advice and thinking. Very useful, all around. Malwarebytes (which I'd never heard of prior to this thread) seemed to do the trick: the second complete system scan picked up nothing, and I ran all of the other security software on the laptop just to be sure. Symptom-free.

Thanks all!
posted by CRM114 at 8:25 PM on March 26


Are you running anti-virus? I see a red shield in your corner. If you dont then install AVG free.

On top of that I recommend Windows Defender. Especially if you are prone to viruses.
posted by damn dirty ape at 9:37 PM on March 26


I was running AVG, but I hadn't updated my definitions this week, hence the red shield.

I am not prone to viruses! What kind of guy do you think I am? ;)
posted by CRM114 at 4:38 AM on March 27


I had this on my computer and spent WEEKS trying most of the suggestions above. The virus got past Norton, disabled Task Manager, and Malwarebyte couldn't get it. After much frustration trying numerous fixes, I transferred my important documents and pics to a thumb drive and reformatted. After putting my docs back on, everything seems fine. It will take awhile to get all my software back on. Microsoft Office reinstalled without making me buy a new copy. This is the worst crap I have ever seen.
posted by tamitang at 6:23 AM on March 27


And you better not be surfing under your Admin ID...
posted by Guy_Inamonkeysuit at 6:47 AM on March 27


« Older I want to find a cool webcam i...   |   Please recommend me a book abo... Newer »

You are not logged in, either login or create an account to post comments