System Guard 2009 is a rogue antispyware program. The fake antispyware is a new clone of Spyware Guard 2009. System Guard 2009 uses fake alerts and false positives to trick you into buying the fake software. The program is distributed through the use trojans and pop-ups found on fake anti-spyware online scanners. During installation, System Guard 2009 is set to start automatically when your computer starts. In addition the program creates a few files:
c:\WINDOWS\reged.exe
c:\WINDOWS\spoolsystem.exe
c:\WINDOWS\sys.com
c:\WINDOWS\syscert.exe
c:\WINDOWS\sysexplorer.exe
c:\WINDOWS\vmreg.dll
c:\WINDOWS\system32\winscenter.exe
These files during the scan will determine as trojans and spyware.
Immediately after launch, System Guard 2009 starts scanning the computer and found a lot of trojans and spyware that cannot be removed unless you first purchase the software. System Guard 2009 may drastically slow the performance of your computer. The program can be safely removed from your computer along with any other trojan infections if the proper steps are taken. If you are a non-techie computer user then this method of removing spyware is for you.
Symptoms in a HijackThis Log.
O4 – HKLM\..\Run: [systemguard] C:\Program Files\System Guard 2009\systemguard.exe
O21 – SSODL: ieModule – {77C96E10-FDA7-4AA7-B318-0631C0D27DBB} – C:\Documents and Settings\All Users\Application Data\Microsoft\Network\DLLs\ieModule.dll
O21 – SSODL: InternetConnection – {AB6DAA8C-F726-4FDD-8B06-9537C5878612} – C:\Documents and Settings\All Users\Application Data\Microsoft\Network\DLLs\eewhptdpyl.dll
Use the following instructions to remove System Guard 2009 (Uninstall instructions).
- Download MalwareBytes Anti-malware (MBAM). Close all programs and Windows on your computer.
- Double Click mbam-setup.exe to install the application. When the installation begins, keep following the prompts in order to continue with the installation process. Do not make any changes to default settings and when the program has finished installing, make sure a checkmark is placed next to Update Malwarebytes’ Anti-Malware and Launch Malwarebytes’ Anti-Malware, then click Finish.
- If an update is found, it will download and install the latest version.
- Once the program has loaded, select “Perform Quick Scan”, then click Scan.
- The scan may take some time to finish,so please be patient.
- When the scan is complete, click OK, then Show Results to view the results.
- Make sure that everything is checked, and click Remove Selected.
- When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.
Note: If cannot run or download Malwarebytes Anti-malware, then probably your computer infected with TDSSserv trojan. Read the article How to remove TDSSserv trojan.
If you need help with the instructions, then post your questions in our Spyware Removal forum.
System Guard 2009 creates the following files and folders.
%PROGRAMFILES%\System Guard 2009
%PROGRAMFILES%\System Guard 2009\conf.cfg
%PROGRAMFILES%\System Guard 2009\mbase.vdb
%PROGRAMFILES%\System Guard 2009\quarantine.vdb
%PROGRAMFILES%\System Guard 2009\queue.vdb
%PROGRAMFILES%\System Guard 2009\systemguard.exe
%PROGRAMFILES%\System Guard 2009\uninstall.exe
%PROGRAMFILES%\System Guard 2009\vbase.vdb
%PROGRAMFILES%\System Guard 2009\quarantine
%UserProfile%\Desktop\System Guard 2009.lnk
%UserProfile%\Start Menu\Programs\System Guard 2009
%UserProfile%\Start Menu\Programs\System Guard 2009\System Guard 2009.lnk
%UserProfile%\Start Menu\Programs\System Guard 2009\Uninstall.lnk
c:\WINDOWS\reged.exe
c:\WINDOWS\spoolsystem.exe
c:\WINDOWS\sys.com
c:\WINDOWS\syscert.exe
c:\WINDOWS\sysexplorer.exe
c:\WINDOWS\vmreg.dll
c:\WINDOWS\system32\winscenter.exe
c:\Documents and Settings\All Users\Application Data\winlogon.exe
c:\Documents and Settings\All Users\Application Data\Microsoft\Network\svchost.exe
c:\Documents and Settings\All Users\Application Data\Microsoft\Network\track.sys
c:\Documents and Settings\All Users\Application Data\Microsoft\Network\DLLs
c:\Documents and Settings\All Users\Application Data\Microsoft\Network\DLLs\c.cgm
c:\Documents and Settings\All Users\Application Data\Microsoft\Network\DLLs\eewhptdpyl.dll
c:\Documents and Settings\All Users\Application Data\Microsoft\Network\DLLs\ieModule.dll
c:\Documents and Settings\All Users\Application Data\Microsoft\Network\DLLs\moduleie.dll
