Spyware Protect 2009 is a rogue antispyware program that uses fake alerts and false positives to trick you into buying the fake antispyware. Spyware Protect 2009 uses Conficker worm and trojans (trojan Vundo for example) to install itself in your computer.
Once infected, your computer will display numerous fake system alerts or security alerts notifying you about supposed spyware infections. When installing, Spyware Protect 2009 configures itself to run automatically every time, when you start Windows. In addition the fake antispyware creates a few files with random names. These files during the scan will determine as trojans and spyware. Spyware Protect 2009 may drastically slow the performance of your computer.
Immediately after launch, the program starts scanning the computer and found a lot of trojans and spyware.
Then, it said that you should purchase Spyware Protect 2009 in order to remove them and protect your PC. While the fake antispyware software is running your computer will display fake alerts.
Windows Security alert
Windows reports that computer is infected. Antivirus software
helps to protect your computer against viruses and other
security threats. Click here for the scan your computer. Your
system might be at risk now.
INFILTRATION ALERT
Your computer is being attacked by an Internet
Virus. It could be a password-stealing attack, a
trojan – dropper or simular.DETAILS
Attack from: 100.53.148.153, port 42733
Attacked port: 14750
Threat: Win32/Nuqel.EDo you want block this attack?
Please ignore these alerts. Use the free instructions below to remove the rogue antispyware and any associated malware from your computer.
Symptoms in a HijackThis Log.
O2 – BHO: BHO – {ABD42510-9B22-41cd-9DCD-8182A2D07C63} – C:\WINDOWS\system32\iehelper.dll
O4 – HKCU\..\Run: [system tool] C:\WINDOWS\sysguard.exe
Use the following instructions to remove Spyware Protect 2009 (Uninstall instructions).
Remove trojan TDSServ (Tidserv)
Some variants of Spyware Protect 2009 uses the trojan for infecting your computer and blocking access to security sites (For example, you can`t to download Malwarebytes Anti-malware).
Download Avenger from here and unzip to your desktop.
Run Avenger, copy,then paste the following text in Input script Box:
Drivers to delete:
TDSSserv.sys
msqpdxserv.sys
gaopdxserv.sys
gxvxcserv.sys
seneka
seneka.sys
ndisprot.sys
UACd.sys
You will see window similar to the one below.
Avenger
Click on ‘Execute’. You will be asked Are you sure you want to execute the current script?. Click Yes.
You will now be asked First step completed — The Avenger has been successfully set up to run on next boot. Reboot now?. Click Yes.
Your PC will now be rebooted.
Remove Spyware Protect 2009 and associated malware
Download MalwareBytes Anti-malware (MBAM). Close all programs and Windows on your computer.
Double Click mbam-setup.exe to install the application. When the installation begins, keep following the prompts in order to continue with the installation process. Do not make any changes to default settings and when the program has finished installing, make sure a checkmark is placed next to Update Malwarebytes’ Anti-Malware and Launch Malwarebytes’ Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded you will see window similar to the one below.
Malwarebytes Anti-Malware Window
Select “Perform Quick Scan”, then click Scan. The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results. You will see a list of infected items similar as shown below. Note: list of infected items may be different than what is shown in the image below.
Malwarebytes Anti-malware, list of infected items
Make sure that everything is checked, and click Remove Selected. When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.
Note: if you need help with the instructions, then post your questions in our Spyware Removal forum.
Spyware Protect 2009 creates the following files and folders
C:\WINDOWS\system32\iehelper.dll
C:\WINDOWS\sysguard.exe
Spyware Protect 2009 creates the following registry keys and values
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{bbd4551a-9b23-41cd-9bcd-818aa2da7b63}
HKEY_CLASSES_ROOT\CLSID\{bbd4551a-9b23-41cd-9bcd-818aa2da7b63}
HKEY_CURRENT_USER\SOFTWARE\AvScan
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\system tool
I tried to find the trogan for Spyware Protect 2009 under the file names listed by following the directions here, but I found no hardware under any of the names listed below.
TDSSserv.sys
clbdriver.sys
seneka.sys
seneka
So what other names should I be looking under to remove this nasty thing from my computer?
Michelle, please follow these steps.
I have followed the steps that you just told to do above. I just ran an hour ago the MalwareBytes Anti-malware software and it worked perfectly. The stupid spyware it is now gone. Thanks God and to you.
Amazing free software also.
Thank you for these wonderful instructions and the anti-malware software! So far, so good (knock on wood)! It’s finally gone and I hope it never comes back!
Thank you so much. The instructions and software helped me to remove this spyware.
Thank you very much for helping me solve this annoying problem! I hated seeing the pop-up that would come up every 30 seconds. Thanks again!
Thanks to whomever is responsible for these instructions…It worked…..
Thank you very, very much! Your instructions were detailed and they worked! If anyone out there is skeptical about using the provided instructions don’t be. I am a computer dummy (when it comes to this type of stuff) and I was able to remove that annoying spyware protect 2009 crap with the help of this website. Good luck to all other who have been infected.
Last Thursday night(May 14th, 2009) I was downloading from the web and went to sleep while awaiting the downloading to complete. I woke Friday only to discover that my PC was infected with Spyware Protect 2009. I was infuriated with the popup windows alert that I almost went to activate the Spyware.
This Friday I searched the web on how to remove malware like the Spyware Protect 2009 and I was overwhelmed with many free sites instructions on how to do it but there was a “Catch”. They let you do the process but when its time to remove the infected files installed in your PC you have to register and purchase their software first.
I was now skeptical to use your Free Malware that I thought your site is just like the other Sites. I came across a site who claimede they are best Anti-virus and Spyware software like the “Paretologic Anti-virus plus. But as I mentioned you have to register and eventually purchase to complete the removal process.
But tonight Saturday(May16th)Los Angeles Time. I decided to give a shot and try again to your Malwarebytes. What can I say you “Guy” out there from ‘myantispyware.com rock. You delivered what you said and no hidden agenda. You really mean business. I exactly did your instructions step by step installing the avenger script and the MBAM program. I started at 8:15Pm and finished the entire deletion process at 8:35PMand have the Spyware Protect 2009 removed from my PC. I have my PC rebooted and “Holly Molly”. All those nagging Popup Windows are gone and my PC became healthy once again after that infection.
A bit of advice for poor guys out there who are skeptical. I gave my sincerest commendation and highly recommend “MalwareBytes Anti-malware”. They really rocked and delivered the goods as they say so. Thank you “guys”, you’ are heaven set. I will eventually purchase the full version.
God bless.
I feel bad for the people who did not know any better than to skip the first 10 or so search options looking for a solution to the steaming pile of garbage that is Spyware Protect 2009. Their problems have just begun because, chances are, those sights are either set-ups by the creators of Spyware Protect 2009 or paid contributors. Just use the Malwarebytes system that this guy is telling you to use and everything will be just fine IF your PC is not so far gone that you are not able to download Mawarebytes anti-malware. If you are NOT infected with tripe yet go ahead and either buy or get the free download and put it on your PC for a rainy day. Good luck!
Mr.Avenger/Malwarebytes, I can’t begin to thank you enough. I don’t usually leave comments about anything online, but this definitely required a testimonial. I was almost sucked in to buying The Spyware Doctor, but something told me to STOP, and just keep searching for a way to remove the monster Spyware 2009 that almost ate my computer. During my last ditch search, I found you. I decided to go with my gut feeling and give your software a chance, and man am I glad I did. These instructions that you gave worked miraculously, and I am so very pleased that Spyware Protect 2009 trash is gone from my laptop. Not only that, but my surfing speed has been restored to almost brand new. Again, I thank you and appreciate you Mr. Avenger. And anyone out there in cyberspace who has this virus, trust me, this software DOES work. No lies, no deception, no hassle, and most of all NO COST!!!! IT’S FANTASTICALLY AWESOME!!!!
i followed the instructions on how to remove spyware protect 2009 and rebooted my computer but now it is running really slow does anybody know what i did wrong….can someone please help?
Matt, probably you still having an infection. Make a new topic at our Spyware removal forum.
FYI, I just did the MalwareBytes Anti-malware (quick scan), it worked!!!!!!!!
Many thanks
I had to download Malwarebytes Anti-malware onto a thumb drive from another computer because the internet is blocked by this fake alert. After I installed it and tried to execute it, the infectious alert prevented it.
Then I came here and repeated the process with Avenger. I also had to copy your “drivers to delete” onto a word.doc to use on the infected computer. After loading and installing, it, too, was blocked.
The intruder seems to be able to disable anything I download to kill it.
Now what?
Never Mind….I solved it….I rebooted in Safe Mode and bypassed the dirty infection’s attempt to stop it, then scanned and got rid of the four bad items. I’m very impressed with your product!
Michael, try rename Avenger.exe to explorer.exe and run it once again.
Wow, I thought I would never get rid of this virus. Thank you so much! I followed your instructions and they worked! I tried several other programs before this one and they did nothing. This one scanned faster than the others as well. They took forever with no results or they wanted me to purchase a lisence before they would remove the infection. Thanks to this advice, I am finally virus free. I am going to purchase the full version just because it actually did what it said it would. Yay!
the report from malwarebytes said it was clean but i noticed that at the top it said that it checked internet explorer does this mean that it didnt check chrome?