Battling Malware: SpyGuarder and Vista AntiVirus 2008
The other night I spent about 2 1/2 hours at the house of a friend, trying to free his PC of some particularly nasty malware, SpyGuarder and Vista AntiVirus 2008. Both are classified as rogue anti-spyware programs. This type of malware attempts to trick you into buying their full versions by running free scans with a trial version, and showing you all sorts of viruses, trojans, keyloggers, etc. with which your system is supposedly infected. They then offer to remove all these infections if you’ll just click the link and upgrade to the full version of their program, which of course, costs money. There are a number of problems with both these programs.
- Your system doesn’t really have the infections these programs claim. Or to be more accurate, they have no way of knowing one way or another, since the so-called “scans” they do are completely fake. Nor could they remove the infections if you did have them, since they do not actually fight spyware or viruses, but are likely to install some of their own. Of course, if you elect to do this, future scans will say that your system is now clean.
- These programs are obnoxiously persistent. Any attempts to cancel the scans, close the windows, or kill the processes just result in another process being launched.
- These programs prevent legitimate anti-spyware programs from installing and running. Generally, when trying to clean spyware out of a system, one of the first things I do is install and run Adaware from lavasoft. Vista AntiVirus 2008 would not let me install it, popping up a fake system message saying basically that the Administrator for the PC has configured it to disallow “installations of this type.” Spybot Search & Destroy did work, but did not remove the two nasties I was dealing with. SpyGuarder similarly prevents the task manager from launching, claiming that “Task Manager has been disbled by your Administrator.”
- The presence of either of these programs indicates that you may have the zlob or other dangerous trojans.
No doubt some of you would have advised me to run various legitimate anti-malware applications like SpyHunter, which can apparently automate the removal of SpyGuarder and Vista AntiVirus 2008. Pride and miserliness made me opt to do it by hand, which I did with the help of instructions found here and here.
Vista AntiVirus 2008 has several other identities, all which do the same bad things to your system, such as Windows Antivirus 2008, Windows AntiVirus Pro, etc. These, as well as SpyGuarder, are advertised on professional-looking web sites, and give the appearance of being the most advanced anti-malware products on the market. Do not be fooled, do not install either of these products - the commercial or the free versions - on your computer under any circumstances. If you find you have been infected with either of these anyway (it’s possible to pick them up via “drive-by” infection), take steps to remove them immediately.
Added 7/1/2008: I had to go back and remove yet another fake security program. His commercial virus protection had long since expired, so I installed AVG Free, which found and removed about a dozen viruses and trojans, but then his desktop and taskbar disappeared. After searching around on the internet, I found that Malwarebyte’s RogueRemover Free is a great free tool which completely fixed the desktop problems and removed some additional adware / spyware. It will definitely be joining Adaware and Spybot Search & Destroy in my arsenal.
