I updated virus defs and ran a deep scan with BitDefender, and it
did not detect anything. Sometime while it was running, a big
black square appeared in the middle of the screen.
I checked Task manager and saw swp2009 demo.exe running, and
killed it, which removed the big black square.
Windows popped up a message saying
DLL C:\WINDOWS\system32\digeste.dll is not a valid Windows image.
Sure enough, it appeared on the computer at 6:33 PM tonight,
about the time I got the firewall message.
I can't find out much about this - googling turns up a few
instances of people who have been affected, but not much help. I
can't find it mentioned on McAfee or Symantec sites.
I run Windows Firewall, a BitDefender scan daily, and the system
sits behind a router. I suspect I inadvertently clicked on the a
hidden link around 6:33 tonight.
How do I get rid of this, or am I going to have to reformat and
reinstall windows? (I have a complete backup from last night.)
Thanks for your help!
Carol
--
Don't believe everything that you think.
To reply, unleash the dog.
You can try the normal malware removal routines described here:
http://www.elephantboycomputers.com/page2.html#Removing_Malware
If they don't work for you, get guided help at one of these specialty forums
below.
PLEASE DO NOT POST LOGS IN THE MS NEWSGROUPS.
http://aumha.org/downloads/hijackthis.zip
http://aumha.net/ - Click on the HijackThis forum. Read the announcement and
the stickies *first*.
http://www.atribune.org/forums/index.php?showforum=9
http://aumha.net/viewforum.php?f=30
http://www.bleepingcomputer.com/forums/forum22.html
http://www.dslreports.com/forum/cleanup
http://www.cybertechhelp.com/forums/forumdisplay.php?f=25
http://www.geekstogo.com/forum/Malware_Removal_HiJackThis_Logs_Go_Here-f37.html
http://www.malwarebytes.org/forums/index.php?showforum=7
http://gladiator-antivirus.com/forum/index.php?showforum=170
http://spywarewarrior.com/viewforum.php?f=5
http://forums.techguy.org/54-security/
http://forums.tomcoyote.org/
http://www.thespykiller.co.uk/index.php?board=3.0
http://forums.subratam.org/index.php?showforum=7
Only you can decide how much time you want to spend on this. If you don't
have much on the machine, doing a clean install might be the better choice.
Malke
--
MS-MVP
Elephant Boy Computers - Don't Panic!
http://www.elephantboycomputers.com/#FAQ
"FurPaw" <furrea...@gmail.com> wrote in message
news:gmm1dg$2ms$1...@reader.motzarella.org...
1) Stop the following service using Ctrl+Alt+Delete and Task Manager:
sysguard.exe. This will stop the popups and the fictious scanning of
the PC by the rouge antivirus.
2) Do a search for the sysguard.exe file on your PC (make sure you can
see hidden files) and delete any file with that name, including the
prefetch file. This will avoid it from reloading when you restart your
PC.
3) Control Panel-->Internet Option-->Advanced Tab-->Click on Reset
button to reset Internet Explorer to default settings. This will remove
any Plug Ins/Ad-Ons that the program loaded to Internet Explorer. Also,
it will default the home page to factory settings.
4) Control Panel-->Internet Option-->General Tab-->Delete all temporary
files, paswords, etc.
5) Microsoft� Windows� Malicious Software Removal Tool
(KB890830)http://www.microsoft.com/downloads/details.aspx?familyid=ad724ae0-e72d-4f54-9ab3-75b8eb148356&displaylang=en
6) Run the tool to scan and remove the spyware.
7) Control Panel-->Internet Option-->Advanced Tab-->Click on Restore
Advanced Settings. This will restore factory default security settings
for your Internet Explorer.
8) Restart your PC. At this point, when you log back in, you should no
longer have sysguard service that runs the SWP2009 virus will no longer
load. You should also be able to open internet explorer to factory
default page and be able to return your costumized home page as you want
under the Control Panel-->Internet Option-->General Tab and entering
the website of your choosing.
I hope this helps!!!
--
veruschkan
------------------------------------------------------------------------
veruschkan's Profile: http://forums.techarena.in/members/103690.htm
View this thread: http://forums.techarena.in/security-virus/1118668.htm
Yesterday my desktop was ferociously attacked by the "swp2009 demo"
malware. It was the worst thing I've ever seen, almost lost total
control of the computer. Veruschkan's advise saved me. His step "1"
didn't work for me. In order to access the computer I had to operate
in "Safe Mode". Microsoft® Windows® Malicious Software Removal Tool
worked, I used "Malwarebytes Anti-Malware", and I used "Super Anti
Spyware". Once I got back control I ran "McAfee" for a scan. MBAM
found 2300 infected files, McAfee found 230 Trojans.
Use the following
http://www.malwarebytes.org/mbam.php
and
http://www.superantispyware.com/superantispywarefreevspro.html
--
Peter
Please Reply to Newsgroup for the benefit of others
Requests for assistance by email can not and will not be acknowledged.
"Bongo" <Bo...@discussions.microsoft.com> wrote in message
news:24370788-EDA6-432C...@microsoft.com...
--
happyscientist
------------------------------------------------------------------------
happyscientist's Profile: http://forums.techarena.in/members/146099.htm
If you can access the files but not actually delete them
then they are usually locked by some process or in use
via some 'tether' like another file or a registry entry.
Registrar lite will help to collate/search for entries,
the MS regedit only picks one at a time.
http://www.resplendence.com/reglite
Enter name of the file in this and should delete on reboot.
http://killbox.net/
Click on the file with this tool and select unlock
(it will show you if it's being 'held') then delete file.
http://www.filehippo.com/download_unlocker/
Look to running this little browser if IE won't start..
http://offbyone.com/offbyone/
Or download it via another machine and copy
to yours..it's small and portable.
If you have a disk/i386 folder then expand the
iexplore.exe
'delete' the one in C:\Program Files\Internet Explorer
and place the new (clean) file in it's place, normally
that will re-enable the Internet for awhile.
Most of above could be sent as attachments via
your email program from a local machine or
nearby friend/family. if you needed that 'idea'. ;)
Other than that immediate help, the Norton forum
should be able to assist, it's iirc a paid program.
So make sure your updates are current.
Finally, even when/if IE is not operating the
OB1 browser usually is fine, and some download
manager like flashget (free) can download the
files if you have a direct link to paste into it.
http://www.flashget.com/en/download.htm
A good help forum (if needing direct help)
(forum link at top...right side)
http://www.malwareremoval.com/downloads.php
hth
'Seek and ye shall find'
NT Canuck
> .
>
SWP2009 is intercepting the call to task manager and causing the reported
message. The version that hit my computer did not cover all the bases,
though, and I could get to the process listing by using Ctrl+Shift+Esc. Once
you have shut down the offending task continue as in the previous post(s).
One other thing to note is that the version that hit me added entries into
the local hosts list that redirected internet access to additional malware
bearing pages. Be sure to remove these as well.
--
karinkitten
------------------------------------------------------------------------
karinkitten's Profile: http://forums.techarena.in/members/157017.htm
On Nov 22, 2:10 am, karinkitten <karinkitten.421...@DoNotSpam.com>
wrote:
Pretty certian I got this virus following a link to an article on Tiger
Woods - I only hope his behavior has given him a virus that is more touble
than this one was. (Thanks to your help)