I've spent a fair bit of today on the phone to a friend, whose XP Home computer has been invaded by Spyware Guard 2009. In case you don't know this nasty, it's one of those phoney antispyware packages that puts several false malware files on your computer, then scans the computer and reports that it's found them. It then offers to remove them if you buy its full version. If you don't do so, then its scan function keeps restarting every few minutes.
I'm afraid my friend allowed this thing to install itself (but he hasn't yet bought the full version, thank goodness).
I've used msconfig to disable Spyware Guard in his startup folder, but this doesn't seem to made any difference at all.
Using Add/Remove programs and running the Spyware Guard uninstaller does nothing. We did this once, and now it's simply disappeared from the Add/Remove Programs list of installed software - but it hasn't uninstalled.
Bleeping Computer says it can be removed with Malwarebyte's Anti-Malware, so I suggested that he download that and run it. He's downloaded it, but he can't get the installer to run (maybe blocked by Spyware Guard?). When he double-clicks the exceutable, he just gets the hourglass for a few seconds, then nothing.
So I talked him through running System Restore, back to a date before this nasty appeared. SR goes through its restore point selection wizard OK, until you tell it to proceed - then nothing happens. We also tried SR in Safe Mode - same result.
I've thought of using Last Known Good Configuration, but I'm not sure that Windows will recognise its current condition as a bad configuration.
Does anyone have any ideas for removing this flippin' thing, please?
Download this to your desktop. Restart in safe mode and run it. Press "2" on the screen that appears. When asked to clean the registry select "yes". After this go to windows\system32 and delete explore.exe if it still exists. **NOTE explore.exe and NOT explorer.exe **. It works for me fixing many infected computers.