Klawdek
2010-10-01, 22:34
Spybot found the following key and removed it:
Fraud.Sysguard: [SBI $F62BE2C3] Settings (Registry key, nothing done)
HKEY_USERS\S-1-5-21-1844237615-764733703-682003330-1003\Software\SolutionAV
Now it does not look like a system key i.e something that adjusts windows properties.
And no mention is made of needing to remove any accompanying software. So how could a simple key entry like this be harmful?
I have done some more research while typing this and the key is associated with antivir a malware fraud scam. I had this on my system a while back and resolved it by noticing that it took a few seconds after boot up for antivir to run and start blocking access to all programs. During this time I ran spybot and it cleared it up. I then DLed Avira (the legitimate one) and ran it as well. It found a number of things and quarantined them (it does not seem to be capable of removing anything it can only quarantine things)
Was Fraud.Sysguard completely removed?
I have looked up ways to remove all aspects of this program and it seems like the instructions were written by the same people who wrote the malware. All instructions I found just said remove the malicious exe, dll, and key entries with no explanation of what files these are, or where they are.
I just want to know did spybot remove everything. If not does anyone know of a site that does give detailed instructions for its removal?
I have seen some other posts here such as:
http://forums.spybot.info/showthread.php?t=58134&highlight=Fraud.Sysguard
Were Shelf Life gives tha advice to DL Malwarebytes and RootRepeal I will do this and run them to be safe. That post is quite old does spybot now do a complete removal?
Fraud.Sysguard: [SBI $F62BE2C3] Settings (Registry key, nothing done)
HKEY_USERS\S-1-5-21-1844237615-764733703-682003330-1003\Software\SolutionAV
Now it does not look like a system key i.e something that adjusts windows properties.
And no mention is made of needing to remove any accompanying software. So how could a simple key entry like this be harmful?
I have done some more research while typing this and the key is associated with antivir a malware fraud scam. I had this on my system a while back and resolved it by noticing that it took a few seconds after boot up for antivir to run and start blocking access to all programs. During this time I ran spybot and it cleared it up. I then DLed Avira (the legitimate one) and ran it as well. It found a number of things and quarantined them (it does not seem to be capable of removing anything it can only quarantine things)
Was Fraud.Sysguard completely removed?
I have looked up ways to remove all aspects of this program and it seems like the instructions were written by the same people who wrote the malware. All instructions I found just said remove the malicious exe, dll, and key entries with no explanation of what files these are, or where they are.
I just want to know did spybot remove everything. If not does anyone know of a site that does give detailed instructions for its removal?
I have seen some other posts here such as:
http://forums.spybot.info/showthread.php?t=58134&highlight=Fraud.Sysguard
Were Shelf Life gives tha advice to DL Malwarebytes and RootRepeal I will do this and run them to be safe. That post is quite old does spybot now do a complete removal?