How to remove AntiSpy Safeguard ?
What is AntiSpy Safeguard ?
AntiSpy Safeguard is a rogue antispyware program that is promoted by faked microsoft security essentials alert. The alert is shown only when your PC is infected by trojan. The window will look similar to Microsoft Security Essentials design and will show a single infection : an unknown Win32/Trojan with severe alert level. The alert will claim that it can not be removed with current version of Microsoft Security Essentials and you need to download a good Antivirus. You get to choose from 35 programs, but only 5 of them will detect the infection : Red Cross Antivirus, Peak Protection 2010, Pest Detector 4.1, Major Defense Kit and AntiSpySafeguard , as other program are legitimate.
Once installed, AntiSpy Safeguard will reboot the PC and start its dirty work. First thing after reboot it will show scan results: some viruses are detected and cleaned, however some files (e.g. iexplore.exe ) require “full” version of AntiSpy Safeguard, which has to be purchased. The rogue will start to block legitimate programs showing alerts like this :
The application taskmgr.exe was launched successfully but it was forced to shut down due to security reasons.
This happened because the application was infected by a malicious program which might pose a threat for the OS.
It is highly recommended to install the necessary heuristic module and perform a full scan of your computer to exterminate malicious programs from it.
Also, you get security alerts:
Warning! Database updated failed!
Database update failed!
Outdated viruses database are not effective can’t guarantee adequate protection and security for your PC! Click here to get the full version of the product and update the database!
Warning! Running trial version!
The security of your computer has been compromised! Now running trial version of the software! Click here to purchase the full version of the software and get full protection for your PC!
You should not purchase a full version of AntiSpySafeguard, as it is a phishing scam. Contact your bank if your credit card details got disclosed to makers of this software. It is better to remove this scamware and rely of reputable antiviruses, anti-spyware and internet security applications.
AntiSpy Safeguard can be removed by rebooting into safe mode with networking, stopping its processes and startup entries. It is highly recommended to do a full system scan with good anti-malware programs like Spyware Doctor.
Update
At the moment, Antispy Safeguard is replaced by much more aggressive parasite: ThinkPoint. Although similar to its predecessors, it is a bit more difficult to remove.
AntiSpy Safeguard is Extremely dangerous
AntiSpy Safeguard is a corrupt Anti-Spyware program AntiSpy Safeguard may spread via Trojans AntiSpy Safeguard may display fake security messages AntiSpy Safeguard may install additional spyware to your computer AntiSpy Safeguard may repair its files, spread or update by itself AntiSpy Safeguard violates your privacy and compromises your security
for AntiSpy Safeguard detection
Note: Spyware Doctor trial provides detection of parasite like AntiSpy Safeguard and assists in its removal for free. You can remove detected files, processes and registry entries yourself or purchase a full version.
AntiSpy Safeguard screenshots
Manual AntiSpy Safeguard removal
Important Note: Although it is possible to manually remove AntiSpy Safeguard , such activity can permanently damage your system if any mistakes are made in the process, as advanced spyware parasites are able to automatically repair themselves if not completely removed. Thus, manual spyware removal is recommended for experienced users only, such as IT specialists or highly qualified system administrators. For other users, we recommend using Spyware Doctor or other malware and spyware removal applications found on 2-viruses.com.
Stop these AntiSpy Safeguard processes:
Remove these AntiSpy Safeguard Registry Entries:
Remove these AntiSpy Safeguard files:
It is impossible to list all file names and locations of modern parasites. You can identify remaining parasites, other AntiSpy Safeguard infected files and get help in AntiSpy Safeguard removal by using free Spyware Doctor scanner. It comes with free real-time protection module that helps preventing AntiSpy Safeguard and similar threats.
AntiSpy Safeguard is classified as Rogue Anti-Spyware. After infecting a user’s system, it proceeds to scare its victim into buying the “product” by displaying fake security messages, stating that your computer is infected with spyware and only AntiSpy Safeguard can help you to remove it after you download the trial version. As soon as the victim downloads AntiSpy Safeguard trial version, it pretends to scan your computer and shows a grossly exaggerated amount of non-existent errors. Then, AntiSpy Safeguard offers to buy the full version to fix these false errors. If the user agrees, AntiSpy Safeguard does not only fix the errors, but it also takes the user’s money and may even install additional spyware into the victim’s computer.
Some Rogue Anti-Spyware, such as AntiSpy Safeguard , may offer users to buy it after the victim clicks on a banner or a pop-up while surfing the internet. Usually, a Trojan is installed to a victim’s computer after clicking on the advertisement. It then proceeds to download or even install AntiSpy Safeguard , which is another way for Rogue Anti-Spyware to spread itself.
Most of rogue Anti-Spyware, such as AntiSpy Safeguard , is nearly impossible to remove manually.
so what can I do to get a desktop screen and internet access to use these tools on my computer? It took away any and all controlls to my PC
Jared: reboot, press F8. Choose safe mode with networking. Then disable proxy server in your browser. Thats a first thing to try.
I can’t get into safe mode – when I press F8 while booting, safe mode does not some up on my list anymore in boot manager, what can I do? Thanks
Admin: I am like Jared but I am unable to choose safe mode? F8 is not working for me.
Tony: perform innstructions in regular mode. Disable proxy server.
If you can’t do anything on PC, there is a chance to fix problem with rescue disk, or you will need tech support. Comodo LifePCsupport would be a choice.
hi
i have purchased the full version of Antispy safeguard.I cannot see the desktop screen.Can you plz help me…
thanks
Kalpana:
1. Contact your bank and tell them to reverse the charges for Antispy Safeguard.
2. Reboot into safe mode, follow our guide. Disable startup entries, delete malicious files, perform a scan for bad files and remove them.
hi…
i called the bank..they told to call the antispy safeguard to reverse the charges..what should i do now..
You have to convince the bank that you got scammed into buying a spyware. Most of banks already know that scareware is a serious problem, as your CC details are known to their owners now.
They got me to, I couldn’t do anything until I gave them a credit card, but call immediately to credit card company, I have to wait to decline charge until it posts.
Hello – I got suckered too. I have Spyware Doctor and have ran a scan and it is not finding the AnitSpy Safegaurd – any suggestions? Also, it will not let me get on the internet, will the “safe mode” options help with that?
Thanks a lot – appreciate the help!!!
Tech Challengent : Update SD. Then run a scan again. Try launching MSConfig, and then disable startup entries that start from your home folder (or locations similar to ones listed in files box). Reboot, Then submit these files to PCTools.
@admin Thank you for getting back with me. The problem is, everytime I reboot the AntiSpy starts first and then won’t let me access the internet – if no suggestions, I can call Spy Doctor/PCTools. But THANK YOU for at least getting back with me. Again, Technically challenged here and any help/ideas/suggestions would be GREATLY aprreciated.
Disable proxy server in your browser – thats first thing to try. Here a more detailed guide : http://www.2-viruses.com/how-to-fix-google-results-hijacker-google-redirect-virus-problem
I feel like I cant trust ANYONE online that claims to be able to provide free virus removal service. Even THIS one, I’m just paranoid now that all people who know about computers want to do is fuck up everyone’s world
SinnSensei : Manual instructions are free, I can not imagine a way someone would charge for them
Detection of infected files is free, and it helps a lot.
for anyone who cant see their desktop after a startup, just hit “ctrl+alt+del”
and open task manager, go to process tab , then close the antispy safeguard process… then clic file tab, then clic ‘new task’ finally type: explorer.exe
..then your desktop should reapear
really this should help you… http://www.malwarebytes.org u must download- take a free version
@john
Thanks, John! That worked for me!!!!
I have removed thid antispy safeguard by booting normally, but when asked to use safe mode by the antispy safeguard I jusr hit CTRL-ALT-DEL and kill antispy.exe from the running processes. Then run explorer.exe and the computer bootup with access to internet and task manager
After that do your homework to get rid of other stuff by booting to safe mode.
i have the spy doctor already will this fix the anti spy safe gruad thingy and get rid of it
Mildred: Update Spyware Doctor, and do a full system scan. It should fix it, or you are entitled for support at their website.
Justyna,
that was a perfect tip. Worked for me
Thanks
hey, i followed your instructions and used safe mode with networking, and its still thereD: it starts up first and forces me to open it, what do i do?
Cameron : Disable proxy server and try running TDSS killer. If you need, move it using flash drive.
am trying to start in SafeMode & SafeMode w/Networking. two screens flash w/
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS\System32\Drivers\_ _ _ _ _ .sys
then it stops.
I shut it back down & tried again, same thing.
what now?
Sandy: Use normal mode. Try getting TDSS Killer using usb drive, then proceed with other tools to remove the advertisements. Your system is infected with rootkit that replaced some drivers needed for PC operation in safe mode.
Manual instructions worked perfectly. I didn’t have all the files listed here in reg nor processes but the ones that were there seemed to be the only ones responsible. Thanks a ton!
Hola tengo un problema, descarge el software y lo ejecute, ahora cada k inicia la computadora solo inicia el antispy safeguard, sino lo quiero adquirir como le ago para que se desactive? De ante mano muchas gracias espero sus respuestas…
John and Justyna, thank you so much! I followed each of your suggestions and they worked perfectly!
@john
Merci, merci, merci, j’ai fait les démarches et j’ai retrouvé mon ordinateur.
MERCI
the only way i could get rid of antispysafeguard was to do a system restore to 5 days prior to the infection..do this by hitting f11 when computer is turned on and follow directions..
no probs kris
@Kris
Someone should hunt these ******ds and hurt them financially or nuke and destroy there computers
I couldn’t understand most of what was said here but I restarted my computer pressed f8 while it was restarting and went to repair my computer. I then clicked on 5 days prior and my system repaired itself. Thanks for all the advice guys.
I did this backwards. I couldn’t get into anything in Windows so I booted into Ubuntu since I have a wubi install of it. I navigated to the files and deleted them, then I rebooted into Windows and edited the registry. You could do the same with an Ubuntu or Knoppix CD. Just boot from the CD and navigate to the files and delete them. Since the system is running from a CD, the virus files won’t be “in use” and you can delete them. It’s good to have an alternate system for times like this.
After i reboot and choose safe mode while networking the antispy safeguard still comes up, what do i do?How do you disable proxy server in your browser
This is an awful, awful thing I have done to my computer. I was duped by this bogus spyware protection company into thinking I would benefit from their “free” assistance. I should have known better. They are holding my computer hostage. I have tried everything that has been suggested, and it hasn’t worked. Every time I restart my computer and the Anti-Spy Safeguard runs it’s diagnostic test, it sees what I have done and blocks it. Meaning, I cannot restore my computer to a previous point. I cannot Task Manager my way out of it. I cannot F2, F10, F8, nothing. It has blocked every browser I have. So, what I did was created another User on my computer and that has allowed me internet access. I named my new User “Bad Ass Bitch” because that’s what these criminals have turned me into!! Anyway, I gave my new User the Administrative rights to my system, and although it’s not convenient, I have the ability to access all my documents, photos, etc., without returning to my original, primary User where the bad guys are. This seems to work fine (for now) until I can take my computer into a professional for help. I’m not even sure I can restore my dear old laptop to factory settings (but I may be wrong). I don’t know if this helps anyone out there, but I feel all your pain! I too feel violated by this malicious company that is trying to extort money from me. Folks, whatever you do, don’t pay them a dime. Try my suggestion and see if you can work around their malware.
Maggie: Try doing full scan from your fresh user account. If you wish, with couple antivirus / antimalware programs. It is critical to do FULL scan, as antiviruses rarely check other user accounts in quick scan.
If this fails, try opening your old use folder, and look for subfolder called App Data (Application Data), depends from your OS version. Look for exacutables under that folder, and delete.
To enabling task manager read this guide : http://www.2-viruses.com/how-to-enable-task-manager-and-registry-editor-after-malware-attack
hi, i think the only thing that will work for me is restoreing my computer to 5 days ago like some other people on here did…how do i go about doing that? and i dont have my files backed up becasue i have tried in the past and it has always failed. can i still restore to 5 days ago without backed-up files?
@Maggie Maggie, when I first saw your entry, I thought is was going to be from some long winded, know-it-all. I was totally wrong and wanted to give you a personal thank you for posting. I too am now a Bad Ass Bitch and working in my fresh new account. I will also work to eliminate the bad guys off of my computer and out of my life. Again, thank you so much for your post.
Hi, antispy safeguard has gotten me too
I’ve gotten as far as rebooting in safe mode with networking and opening task manager, but – well, two things… First, I don’t see the processes you’ve listed at all – it’s listed as hotfix.exe on my list of processes…? Also, where exactly do I go to delete the files and Registry entries? I don know where to find them – sorry if that’s a really stupid question! Any help would be greatly appreciated – I’m freaking out a bit here. Thanks!
@Sophie: Try running msconfig and see what startup entries you got. Malware processes will be listed as ones starting from C:\Documents and settings or C:\Users . Kill those.
Also, it is a chance that Malware is not launched in safe mode with networking, so it is normal that you do not see it under processes in safe mode . Thus it is best idea just to delete the files, and scan your PC for additional infections.
@admin
Before I got your reply I actually read Maggie’s comment above and created another user account, then deleted my old user account from my new one. Internet Explorer is running properly and seems to be in working order again – do you think I’m safe now? Thanks for your help.
I don’t get a desktop screen when I boot up. What I do is, during the blank screen after the Windows 7 logo starts then goes to a screen for AntiSpy Safeguard, I press Ctrl-Alt-Del. This stops the continuation of the phony scan screen and takes you to the Main Windows 7 screen, which displays your choices of switching users,etc. with that bottom choice being “Task Manager”. Click on Task Manager. It will give you the task manager screen. Under File, click Open File. In the blank, type in iexplore.exe and that will launch Internet Explorer. You can now surf. That is how I reached THIS site I am telling you this about. You can also access the rest of your computer from the Menu’s on your browser.
I have some questions: I had just did an update on Avast! and did the restart when all of this Antispy Safeguard stuff started. I lost my Desktop and was staring at a black screen. Is Avast! infected too? Also, is there a software or website that will walk me through removing this? My dilemma is, I’ve found many websites stating they can remove this, BUT! they want money! Since my system is infected, how can I pay for the software w/o the sleezebags (who put out this spyware) getting my credit card info during the time I am paying for it? Please help!
I also forgot to mention, I was using Mozilla Firefox when this happened. Everytime I tried to do ANYTHING while using Firefox, I would get the Phont Microsoft Essentials Alert screen. BUT! I would switch on Internet Explorer and voila! All is right with the world UNTIL I did the restart from Avast! What else could be happening here?
It’s screwed up my Avast too. Gonna try to reinstall. I had to reinstall Malware Bytes as well, but it doesn’t find anything. The Problem I’ve had is that None of the processes, registry entries, or files show up as on the list above, so I can’t really go for the manual removal completely, but what I did discover while searching for hidden files by date is that it now seems to be calling itself hotfix.exe with a windows icon. Windows wouldn’t let me delete this file though. I downloaded a program called spy hunter (trial version)which is the only software that’s worked for me so far and this too identified the hotfix.exe file a source of the problem and disabled it. I’m hoping the problem doesn’t come back once the week long trial expires. Thanks people, this is the only site I’ve found with any discussion about this annoying software. Hope this helps someone.
@Gail
Gail! That’s awesome! Glad I could help. It’s been a trying experience, but definitely one I’ve learned from. Take care!
To clarify; None of the Files/processes/registry entries have the same names on my computer as listed above. There are registry entries with the same paths though, it’s just that I’d rather leave it until I can verify they are the right ones but with different names. Is this because of my OS (vista 32), or has this virus/spyware mutated? Maybe there are different versions of it?
Most of malware changes names randomly. I suggest uploading these files to virustotal.com to confirm.
It is virus processes if they reside in %UserProfile%\Application Data\ . No normal programs install in that place. However, do not forget to fix registry, or you might have problems into logging to your PC after removing these files
I strongly recommend using automated anti-malware tools when unsure if you do removal procedure properly. Less chances to brick your PC.
will norton 360 get rid of the antispyware stuff?
Hello Admin or anyone else that can help me.
I did not purchase antispy safeguard but whenever I restart my pc, an antispy safeguard pops up and doesn’t allow any of my desktop icons to load until I use control, alt, delete and then stop safeguard from running. How do I remove it so it does not run everytime I restart my pc?
Christopher Stadulis : You have to launch msconfig and disable malicious startup items. You might have to run anti-malware tool as well.
Hi,
Long story short, i had antispy dl onto my comp and it did its crazy scans. I wasn’t aware and it asked me to purchase its software, i tried but the credit transaction said it failed.. Does that mean even if the transaction failed they have my cc details? I have checked and i dont have any deductions in my funds atm..
Thanks
To John,
You saved me…thank you soo much. God bless you! @john
@Unknown Guru
hi,
i did the first part of what you said (to click, alt, delete) and ended the process. i thought that would be fine because i a able to open internet explorer now. but once i shut down and restart the antispy thing is still there therefore i have to do the process all over.
Is there a pernament way to delete it from your files?
You might have explained it in your statement, but could you go into further details for me??
Help? please and thank you
I dl antispy whatever, and it said to purchase something for it to fully work, so i tried obviously not knowing that it was a hoax! anyways, it said the transactino failed but does that still mean they have my cc details? no funds have been taken from my account and I am constantly checking.
when you start your computer, don’t click the continue button when the antispy safeguard pops up, pres ctl+alt+del and click applications, right click the only process that should be running called hotfix.exe, go to process and end process tree. you can also click start bar, search, click all files and folders option, and type in hotfix.exe. delete the file. make sure its not finding the .exe in the windows.net folder though
I uploaded that hotfix.exe file to virustotal.com and a few AV programs say its fake antivirus, trojan,..etc.
also, couldn’t find the program in the add/remove program in the control panel. I deleted the hotfix.exe, and haven’t had any problems thus far upon starting the computer. I also went into the registry though (start bar, run, type in regedit) searched for antispy.exe. in the subfolder it was found was also the defender.exe listed above. I just deleted those registry entries as well.
@admin
Thanks admin. I appreciate your help. That worked but I didnt run malware. I did run norton 360 and spy sweeper. Would either of those programs remove anything that shouldnt be on my pc from antispy safeguard?
Christopher: It is good idea to run anti-rootkit tools after any of fresh rogues. TDSS family rootkits are often installed together with rogues that lead to browser redirections or other ways that allow easier reinfection.
Personally, I am bigger fan of Malwarebytes or Spyware Doctor than SpySweeper. But it is good program as well.
how can i removed the antispy safeguard on my PC???anyone can help me???
@john
Thank You so much for your Help, it worked like a charm! Do I need to do anything else or is it off my computer now. I have searched for it and it wasn’t detected. Thanks again.
I didn’t fully read the comments, but if you’re having issues with a blank desktop you can C+A+D to get to task manager, kill antispy.exe or any others. With task manager open I was able to start a new task and launch explorer.exe. You may also use cmd then type explorer.exe…enter, etc. This is just the method which worked for me on an Dell, XP HomeEd machine, to get the desktop visible.
It won’t allow me to open my Task Manager to stop the process..
@Jack
It also says I can’t delete the hotfix file because I don’t have permission.
Our XP got hijacked by hotfix.exe (not to be confused with MS NET msddhotfix) after selecting AntiSpySafeguard on the fake alert. Had to take similar steps: removed 1) hotfix.exe in the Application Data directory, 2) registry entry, and 3) Windows Prefetch entry associated with the hotfix. Thanks, everyone, for all your helpful posts.
P.S. We have st up two users on our PC; both have admin rights. So I signed on as the UNINFECTED user to delete the hotfix.exe. Took care of the registry entry and the Windows Prefetch while signed in as the infected user. Thanks.
I got infected with Antispy Safeguard also. It basically shut down my computer. I never could figure out all the above manual removal instructions. It was not listed on the task manager. The way I got it to stop temporarily was to use ctrl-alt-del. when the antispy box came on the screen. Then I was able to access the internet. I downloaded spyware doctor, pc tools. It made a phony 1 minute search and came up with 11 infections, all phony. I had a hard time uninstalling the program. It just seemed to jam up the computer. It acted like a virus itself. Spyware doctor is a piece of junk. Next I tryied xoftspy. I downloaded it and it ran a phony 10 second search. Came up with 8 infections, all phony. Like the other one they wanted $99 to remove the infections. At least it was easy to uninstall. Next I tried Malwarebytes. Free download and they found it, and removed it. It was a trojan horse fake alert. I was impressed. They have much better software than Norton for removing malware. Norton found nothing. I have Norton Internet Security and it failed. I turned back on the Windows firewall too.
Carl Hakeman : Malwarebytes target specific set of parasites only – Rogues, some trojans. It is not ant antivirus – antivirus fixes good files, that were modified. Anti-malware tools usually delete files only, also their DB is smaller, more targeted one.
For me, Spyware Doctor installs/uninstalls normally and I do it quite often for testing purposes. The problem is it requires reboot after uninstall, and might be affected by rogue. It requires definition update to remove some of the parasites.
I would stay away from xsoftspy – they are known to provide faked results.
Instead of Norton, I would recommend ESET smart security or Avast /Avira. These 2 have free versions that are quite good.
I have a machine that got infected with antispy safegaurd. and it’s very annoying. I have a dell laptop running windows xp, once booted it pops up and wants to scan. if you run task manager, under run, type explorer.exe so you can bring up your desktop. I also used process explorer to locate the location of antispy safegaurd. location: c:\documents and settings\profile name\application data\hotfix
delete that file and reboot your system, this is how I removed it. worked for me.
system restore to earlier time worked for me.
Hey. Antispy got me too. I ran Spyware Dr and AVG anti-virus and fixed or deleted infected files. When I reboot, though, I still get antispy running at the beginning. If I do ctl+alt+dlt and stop antispy from running through task manager, I am fine. I ran more scans and am finding nothing. So why is antispy still running? (Am I making any sense???)
After the removal, run MSConfig and check if there are strange startup entries (hotfix.exe, antispy.exe or others from your user folder ). Remove these. Also, try scanning with MBAM as well.
Hi, Im in the process of running the scan from Trojan Killer. I can’t remember who said it in this thread but I too feel as though every form of “help” is just another scam. I hope this one isn’t. But so far in the scan it has found “218 Detected Items”! Thanks to John for the Ctrl+Alt+Del tip. that worked and it’s the only way I have been able to get onto the Internet. Keeping fingers crossed it works. Thank you to everyone for the tips some have gone completely over my head – but hopefully this one works.
sorry posted the wrong thing on here/ I was on another site that had instructions on how to get rid of this software and guess what? Its ANOTHER spyware! I ran it and theres a ton of viruses but I can only get rid of it by buying their license. ARGH!!!!!!!!!!!!!!!!!! this is horrible its a vicious cycle!!!
trying a system restore
how doi get rid of antispy safeguard
system restore worked. I did the msconfig all is well! THANKS!
@spoon
Hi!
I tried your advice but as soon as I clicked “end process tree” the screen just went black all over.
What should I do? I can’t do a thing at all… I SERIOUSLY NEED HELP!!!!!!!!!!!!!!!!!!!!!!!!!!
I will admit up front that I am probably the dumbest computer person. I have been able to use the C+A+D action and end the hotfix.exe process as discused earlier. The suggestion to delete the .exe file in the registry and all the other places is a bit too advanced. How do I find the registry? How do you “run” MSconfig?
antispy safeguard has blocked IE FROM OPENING
thx man!!! u really helped me now!!! fucking trojan shit!! i bought my laptop yesterday and this happend now!!!
I have a question for admin or anyone knowledgeable… I have previously removed a spyware program much like the antispy safeguard (AVDefender), but it has left me not able to access many of my control panel options. It tells me that the files have been moved and I can no longer find them to add/remove or access the system etc… I can’t even access the task manager at the present to end processes… I’ve since contracted the antispy safeguard virus. I am good as far as deleting the registry entries, but will the fix work if I can’t end the processes??? Also is there any way I can manually access the task manager to end the processes and maybe some way to find my control panel options???? Please Help!!!
tommy2tech : You can reenable task manager if you need, or use process explorer.
However, if the virus messed too much with your PC, system restore might be a better option.
this worked great!!! i had tried all that other stuff but the fake spyware wouldn’t let me get to anything…..thnks!!!!
Thanks.
I was tricked into installing antispy by the fake microsoft essentials window. I found I could skip the scan by C+A+D at startup. I scanned with microsoft essentials (the real one), which removed two trojans, but the antispy safeguard was still installed. Thanks to the information here, I found the hotfix.exe file, located in myUserName/appData/Roaming folder (on Vista), and it’s registry. Once removed, my sytem acts normal again. I didn’t find any of the other mentioned files or registries. Do I still need to do something else?
@shon
Hold the windows button and press r. Or press the start-button and then choose ‘run’. Type ‘msconfig’ and press enter. This opens the system configuration. On the last tab (in dutch called Hulpprogramma’s, not sure about english name) you find the registry editor. Select it and run. I think you could also run it by running C:\Windows\System32\regedt32.exe
I found the hotfix registry at HKEY_CURRENT_USER > Software > Microsoft > Windows NT > CurrentVersion > Winlogon
Right-click on it, and choose remove. I hope this helps.
I figured out how to get the crap off……
(1) Do a search for the file name “hotfix.exe” and when you find it…it will not let you delete it…so just rename it to anything…example change “hotfix.exe” to fuckfix” and save the file….reboot and your system will run normal. Please let me know how this works for you….!!!
Neo
I AM TRYING TO STOP ITS PROCESSES RIGHT NOW IN THE TASK MANAGER BUT I DON’T RECOGNIZE ANY OF THE ONES THAT YOU LISTED…HELP
Same problem on my wife’s Windows 7 laptop. I used control alt delete and then opened explorer.exe as described above. That worked to get to the desktop. Then I purchased Norton anti virus for $40 – totally worthless waste of money! Then I downloaded malwarebytes – free version and now everthing seems to work fine except, firefox will not open. I’m going to try reinstalling it later today. Internet explorer works fine. Anyway, I’m very relieved, thanks again for the advice.
@john
thnk u so much…it did work
it reali helped me out
i was freaked out for an hour i could not do anythn only my computer was working rest was blank
well do u think this well appear again by any chance…..coz im shit scared when it happens again…
nd thank u so much
Can’t get rid of this thing. I installed Norton 360 and Malwarebytes and ran full scans and nothing. I got rid of hotfix.exe. I went back into old restore points and still it pops up at restart. I C+A+D and kill it in the taskmanager and can move around but this thing is relentless. It continues to pop up in the restart. Help in killing this for good.
antispy safeguard has prevented me from accessing the internet, e-mail with Clear.net and stops my orginal start up. how can i remove this program.
Mike : Try rebooting into safe mode with networking and disabling proxy server in your IE. Then do a scan with one of the recommended programs. Also, try looking and deleting file hotfix.exe . Stop it from execution using msconfig
@admin
It seems to have corrected itself with the registry deletion…
I still can’t access the task manager though… how do I reenable it? Alt/Ctl/Del isn’t working either…
Tommu2tech : http://www.2-viruses.com/how-to-enable-task-manager-and-registry-editor-after-malware-attack this is one answer,
Another possible cause would be a rootkit or undetected trojan. It is critical to scam the PC afterwards, and it is possible you will have to run TDSS Killer to check for some of the rootkits.
thats sucks ,u got infected twice , just fallow what ppl say here nd it will work.
I have been infected. I can sign on as a guest user however, I do not see the ani*.exe file in the start up. How can I find the files that I need to remove. Thank you
I too was almost sucked in by Antispy Safeguard. Red flag went up when they wanted money. Go to Malwarebytes.com. Download free version, it does work if you can get to the internet. See previous posts on how to get around this to the internet. Run a full scan (might take hours) but it does remove the nasty little thing. Hope whoever wrote this program rots in hell!
Norma: Malwarebytes is great program, though I recommend to keep full version, as it would reduce possibility of similar problems in the future. Many fresh malwares try to prohibit execution of antivirus and antimalware programs, so you might get stuck if you have not a program that actively protects your PC.
Reply to all…antispy safeguard is linked to Microsoft Seciurity Essentials…its all bogus. System would not allow Spyware Doctor to run but Malwarebytes removed 803 infected files, including a ton of registry files. Highly recommend to anyone out of money on this one should contact their bank, especially if you used a visa credit or debit card…visa protects consumers against losses with this kind of crap…you may be likely to get your money back. Would also recomend changing passwords, etc. on any online accounts you may have. Theres a time delay between the time Microsoft Security Essentials/antispy safeguard is installed and the time when it starts screwing up your computer, giving these people an opportunity to not only scan your entire computer, but potentially track key strokes when you are online. Just a small word of advice to avoid further harm besides just your computer.
I to was scammed (although I did not pay)I was able to reboot in safemode, a window opened for ANTISPY SAFE, only option was to run. I was then able to open task Manager (would not open in normal win XP) and shut it down. ran quick scan w/Malaware Bytes found 3 trojans deleted, rebooted in normal mode and running a full scan as I write this.
this all started when I was searching for different scans to rid of REDIRECT issues, and to get my system to run faster.
After reading the entire thread here I can honestly say that AntiSpy Safeguard messed my system up worse than any post I have seen.The file name I had was hotfix.exe and has been deleted. the “ASS” program effectly deleted my Security protocols on AVG and Avast. It appears that it removed critical Windows files. While I can still navigate a very little bit with Firefox, I have no IE, nor do I have system restore as an option. My system also doesn’t recognize my secondary hard drive. I can not install any maleware or antivirus programs. They fail just short of installation. It would appear that my only option at this point is to save what data I can to a thumb drive, and do a completely new install of Windows. This is by far the nastiest piece of work I have seen.
I rebooted into safe mode with networking and restored the system some days before my computer got infected. It worked perfect to get rid of the antispy safeguard screen. However, I wonder if I still need to look for the virus in the registry?
JupMol: Try doing full system scans with antivirus and anti-malware programs. It is likely that you still have some trojan downloader hidden, maybe inactive. So it is good idea to be sure.
I accidentally got the TRIAL VERSION ONLY and it has been a nightmare getting it off. Thanks SOOOO much for this site!
I hate being the only computer literate one in the house. I’ve now been on my brothers computer for 2+ hours trying to get rid of this bastard virus. Spyware Doctor didn’t find it and then had the audacity to ask me for money so don’t waste your time on that one folks.
I was able to find two of the reg keys listed but it still starts up and I can’t find where it’s loading from.
It has totally moved all essential windows files from their location. System restore, msconfig, etc. They are nowhere to be found. Looks like there’s nothing left to do but a full factory reset.
@tony
There is a little white lock in your system tray left click that then it opens the virus’s “purcase” window then you can alt f4 it and it closes the program completely allowing you to end its startups and access IE
@john
John, I really appreciate your posting a solution. I didn’t think I’d be able to finally get back into Windows, ever, and your solution worked.
Thanks for taking the time to answer people’s questions on a random internet thread–y’all are saving people’s days!
Thank you!
will restoring the system to its original factory conditions get rid of this virus?
System restore might stop virus, but it might resurface after a while. It is good idea to scan your PC after successful restore anyways.
Used free version Malwarebytes.com. Took about 1 1/2 hrs to run full scan but did the job. If you don’t have Malware, set up new user & download
Thank you for helping people. I fell for the scam and now my machine is infected. I’ve tried Malwarebytes and it didn’t work for me. I’ve tried TaskManager and the particular processes aren’t listed there. I have updated and used SD but it asks me to register and requires that I pay to register, but it doesn’t list AntispySafegaurd anyway. I can boot up in safe mode, but I don’t understand how to stop the proxy server. Any help is appreciated.
@Unknown Guru
You saved me ! i did what u said and it worked . I got back in downloaded a malicious software removal tool and it got rid of it ! Thanks !
Yep. Totally worked for me. That’s hilarious. I cant believe that worked! Well done. @Neo The Matrixxx…Guru
Following the tips given in these comments, I’ve been able to navigate back to my desktop. But I restarted my computer, just to be safe, and when I did, the Antispy Safegaurd is still there. Where would I remove it? Or do I need software to do it for me?
same problem as Brian, i will try to work registry.
maybe ask someone in the real world, if they laugh @ me. I may be going to jail.
For me, ending the spyware process via task manager was crucial to getting rid of this program. The process was named “hotfix” and was in %UserProfile%\Application Data\ . Like others, “antispy” wouldn’t let me start task manager via Control-Alt-Delete, or by running C:\WINDOWS\system32\taskmgr.exe . I’m reluctant to explicitly write down the way I thought of to run this program, since the spyware programmers may also read this, but I’ll just state that you should try to run Task Manager, but perhaps not the program named taskmgr.exe ! Afterwards, I was allowed to delete hotfix.exe .
@Neo The Matrixxx…Guru
I just tried to search for the file hotfix.exe. Am I imputing the name wrong cuz when I search for it, the search engine says “no matches found”. Any help will be appreciated…..
did you type in hotfix.exe and change the name. Im just mad I cant even find the file. I am soooo lost and pissed…..If anyone can help I would really appreicate it.
Thought I got it with malwarebytes, but it’s still on my machine. I can’t find any of the Antispy Safeguard files or processes listed above. What else can I do?
Brian: Run TDSS Killer, then do a full system scan with Spyware Doctor. Delete the files it finds, Would be great if you post links to the files it found.
I have to get rid of this thing!! I deleted hotfix and it got me going but Google Chrome wouldn’t download and when I finally did get it to go it won’t run (it goes to “new tab” instead of where it’s supposed to). I’m skeptical of Malwarebytes since it went to a different site name. What do I need to do now? Can someone with the mind for this guide me through this nightmare??? I’m afraid of screwing with the registry but it seems I may have to do that.
Thanks for the C+A+D process…IT WORKS!!! Question I want to ask is how did this antispy safeguard ever got in?
Tomtom: Lack of system protection. Get a decent internet security suite. Also, I recommend full versions of Spyware Doctor or Malwarebytes as additional layer of protection.
I had a compaq laptop totally infected with this. I managed to remove it all using the following process.
1) when the initial screen opens up…ctrl alt del – processes – end antispy
2) Tasks tab – new explorer.exe – that should bring up your desktop
3) If your usual browser is unresponsive load up chrome or firefox.
4) Download and run malawarebytes
5 4 hrs later my laptop was back to normal! – Thanks malaware!
6 IMPORTANT – ignore any windows defender messages during this process
Help, just fallen prey also. I am a tech challenged senior citizen. Can someone talk me through the solution? Someone with patience, please. VR, Byron
Malwarebytes will NOT be able to identify AntiSpy Safeguard. Searched,found and deleted hotfix.exe twice. I’m not sure how it is able to resurface. I then used modified search to look for hotfix.exe changes performed within the last week and found hotfix.exe with that fake “Microsoft” looking logo before it,deleted that and now I don’t get the AntiSpy popup when logging on and am able to access the Internet normally. I’m still not sure that “something” is not embedded in my computer that may pop up later but all is good – for now.
rddck: Run TDSS Killer and Spyware Doctor afterwards. Delete what Spyware Doctor finds. No anti-malware tool is 100%, and there are always couple of different strains of rogues with the same name around.
Could I just erase my hardrive and start fresh. My laptop doesn’t even have that much stuff on it so I wont be missing anything. My windows was vista for God’s sake. If anyone can lemme know if that would make sure that the trojan wont come back Ill just back up my files and restore the laptop. And my hp laptop came with Vista already pre-installed but with no disk, just the recovery cd. Is that the on cd I need(recovery). Any help will be appreicated.
….oh and if I lose this recovery cd and I have another virus problem, can I just buy another recovery cd for vista or did I NEED that specific recovery cd for my hp laptop?
I downloaded the Spyware Doctor and ran the full scan but now it says I have to buy the program online to remove the viruses? Do I have to do that?
Jamie: expand each detection and delete the files manually. Though I recommend having full version to protect the PC from parasites like that.
Guys do the following depending on what infected your PC:
1) Go to safe mode
2) enable view of hidden files
3) search for file called hotfix.exe (enable search of hidden and system files)
and delete this hotfix.exe frikkin bastard file, its the virus.
Once you deleted it you’ll be fine.
Obi Wan: I would recommend follow up scan, though, to know how malware got in on the PC in first place.
Search for Falcon Four on google. It has a windows xp mini version on it. It is like using ERD Commander but much better. Once you load it up, you can access your files and delete the files mentioned. I found that there is an srsf.bat file that install the antispysafeguard. Look for it and destroy it.
. THen, you can download malwarebytes and avast and make a full scan.
Will McAfee be able to detect and get rid of Antispyware Safeguard?
@Lynette: Maybe, though anti-malware tools (Spyware Doctor, Malwarebytes, etc) are usually better in this.
Hi All – I have had the same problem on my computer. I did Ctrl Alt Delete -> Task Manager -> Applications and clicked End Task for the AntiSpy Safegaurd (the only one listed) when I started the computer and the AntiSpy Safegaurd was displayed. After that the computer started like normal. I then installed Microsoft’s Windows Defender (which is free) and updated it after it installed. I figured I didn’t want to run the risk of installing anything else I didn’t know what it was and knew Microsoft was a safe name (you can just Google Microsoft Windows Defender and then download). I did a full scan after installing the update (you have to select Full Scan as it defaults to the quick one). Once it finished the full scan (about 1 3/4 hours) it said it found one item. I clicked remove and have restarted since and all seems to be good now (fingers crossed). I just thought I would send this out there for everyone as an additional option. Hope everyone has sucess in getting this removed!
Jon: Ironically, this particular rogue is advertised as Microsoft recommended product. Once your PC is infected, good websites can be replaced by bad ones quite easily without user noticing it. I would recommend replacing Windows defender with real Microsoft Security Essentials – it is better.
Thank you OBI WAN.YOU’RE GREAT. I FOLLOWED YOUR INSTRUCTIONS AND GOT RID OF “AntiSpy Safeguard” SPAM.
Um Its Gone But I dont know if it will com back
some website gave me a trojan and told me to get this anti-spyware. Now i cant even load up my computer what should i do!! please help me!
Bob:
Try rebooting into safe mode with networking and disable proxy server in browser. Then follow our walkthrough to either disable it manually or automatically.
anyone help me i try try figure how remove seem this anitspysafeguard is virus ? so how i can remove ? i not good at computer fix so anyone can explain to me i cnaunderstand easy thanks
@Unknown Guru hey i did what you said, and it worked. but does that mean antispy is removed from my computer completely? if not how do i get it off.
I am sooooo frustrated. I have been looking for the “hotfix.exe and can’t find it. can anyone help me. I have been trying to figure out how the reboot in “safe” mode and can’t figure that out either.
Dap: What windows version you use? There are couple file names used randomly. Typically, they reside on C:\Documents and Settings\[username]\Application Data or C:\Users\[username]\AppData subfolders (depends on windows version). Launch process explorer, and stop the startups running from there. Delete these files.
@Obi Wan THANK YOU! hotfix.exe is the bastard file. Deleted this and everything is back to normal.
In order to access your task manager, you need to start in Safe Mode. Press F8 while your computer is booting up, select Safe Mode from the list. Once running in Safe Mode, you can effectively run your task manager, search for “hotfix.exe” (enable search of hidden and system files) and delete this file. Restart your computer and everything is A-Ok. Obi Wan you are the man!
i need help. Even in safemode, the antispy safeguard comes up.. it’s annoying the crap outta me.. i downloaded spy doctor from this computer onto a USB 8GB drive, but it’s not like i can just plug it in and it makes the spyware go away, i can’t get to my freaking desktop! safemode dosn’t help at all..
Hi guys.I have antispy safeguard too, but i know exactly how to remove it.Listen closely first reboot then when the window asking you to scan pops up click ok and start the scan now be quick during the scan open task manager and go to process then find antispy.exe or hotfix.exe you will find one of those then end that process then open a new task called explorer to return your desktop.There but thats only one part of the problem.Now go to “run” and run regedit now folow this HKEY_CURRENT_USER_/software/microsoft/windows NT/current/winlogon then find a file named shell then double click on its url and first copy all of it except for the /hotfix.exe or /antispy.exe then rename the url to explorer and copy the url you copied earlier to run again and run it then simply delete the file hotfix.exe or antispy.exe.I know it is similar to the instruction posted by admin but it is much safer and guaranteed to work.Oh i almost forgot after you done this restart the computer and if all went well none of the scummy program will show.I hope i helped you to delete this scum from your computer.
I just got hit with this antispyware bullsh*t> the problem is I can go online to get rid of it. eVERYTIME i TRY TO OPEN AWEB BROWSER IT LOCKS UP AND i CAN GET ONLINE. please help! Thanks
Brian
Brian: try using safe mode with networking. Or try disabling AntiSpy Safeguard processes prior launching browser, and then disable proxy and browser add-ons
My pc is slower and i ca’t remove this program.I can get to the internet only if i wait 30 minutes or and more how can i remove this sit!?
can you translate this in greek?
Unknown Guru, thank you a lot…your advice is effective….
I enter the task manager and end the hotfix.exe process but when I try to run explorer.exe it says a problem has occurred and won’t let me run it. I am at my wits end. will the tdsskiller program work for this problem? And if I do download it on to a flash drive from another computer, how do I go about getting it onto my infected computer without being able to open up any programs other than the task manger?
Hey guys … followed the admins advice …..
YOU SHOULD TOO lol
I had the Microsoft Security Essentials Alert window pop up in the middle of a regular old google session.
I was tired and not paying attention and click a button within the window. it carried out its sinister actions outlined in several of the above posts …. then after its bogus “scanning” and finding “AntiSpy Safeguard” to “FIX” my non-existent problems, I thought the heck with it – we’ll walk through the steps ….. so I rebooted my PC and then on Start-up, the AntiSpy Safeguard window pops up, runs through its paces and says it wants to scan your PC, I clicked OK then clicked CTRL-ALT-DELETE ….. I couldn’t find the hotfix.exe file in the PROCESS tab of the task manager, so just decided to go to file and run, then typed in control … this brought my start bar and regular functions back with antispy running in the background.
I then followed a YOUTUBE link = http://www.youtube.com/watch?v=PpCdA9x2ATM
which shows you step – by – step how to enter into the registry files and locate the folder containing the start up directive … mine was located in:
HKEY_CURRENT_USER
- Microsoft
- – Windows NT
- – - Current Version
- – - – Winlogon
in the right hand pane, the SHELL address was: C:\Documents and Settings\(user identity here)\Application Data\hotfix.exe
I clicked on this information, highlighted it, then “typed over it” to insert a new start – up / access point command of: explorer.exe
I have run StopZilla and Malwarebytes and I have since rebooted my pc and it has started up “as normal” with no AntiSpy Safeguard prompts etc.
I will complete another scan of Stopzilla and Malwarebytes tonight, but it seems to have done the trick – I just hope there are no other files lurking in the background or should the steps I’ve taken have removed the problem ??
Sorry about layman terms – I’m not a techy – just someone who hates people invading my space (cyberspace too lol)
Good Luck all – and “ADMIN” …. does it seem as though I’ve completed the right steps ?? should I experience any more drama’s from this particular thing ??
Thanks =]
Bex: Unlikely but it might happen. Removal process does not harden or fix the security holes that allowed the infection in first place. I recomend getting some Internet protection suite and some anti-malware tool with real time protection (full versions of Spyware Doctor or malwarebytes for for many ).
Hi, I’ve read all this and there doesn’t seem to be anyone else with the same prob as me, maybe because I managed to delete reg entries then rebooted. I didn’t delete files or go to task mgr.
Now I do not have permission to get into the application data folder. Everyone I can find had been turned into a shortcut and says access denied…
If I search for the files I can find and delete hotfix.exe, but antispy.exe + others you mention are not there. Other ones are though, I can see from msconfig, so I’m deleting those.
Anyway, so how can I get back access to my folders? Cheers
Sam: First fix MSConfig and reboot. If the problem persist, try doing a scan with automatical removal tools, they will detect malicious registry entries (and that is likely the cause).
If it does not help, come back here, and we will see how to fix your problem
Hi, I tried to reboot in safe mode with networking, but antispy window opened on start-up and told me to do a safe start-up; naturally I refused. Also antispy won’t let me open task-manager. I’m no computer wiz, so can anyone tell me how screwed I am, and how in the Hell to fix this?
Thanks.
This site and the comments was very helpful. I rebooted, pressed F12 )and went back to a previous date. Worked fine.
I started pressing F12 as soon as the system start to reboot. If you wait for the prompt directing you to Press F8 or F12, it may not get the command before the spy boots up. Pressing ahead of time puts you in the front row.
@Patrick
Never mind, I read more of the posts and figured it out. Thanks everybody, and Admin, “We are not worthy!”
FWIW I restarted in Safe Mode. It looked like Anti-Spy Safeguard had jacked this also, somehow, but when their screen pops up, you can ctrl-alt-dlt and get to task manager this time around. You can stop it from running there. The ONLY file I could find was:
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon “Shell” = “%UserProfile%\ (something about Hotfix was here)
Sorry I don’t remember the exact ending, but it definitely had Hotfix in it. I deleted this one file and seem to be back to normal.
**Meant “entry” not “file”.
nobody seems to have the same problem as me.. even when doing safemode with networking, the antispy safeguard comes up. i do cntrl+alt+delete, but i can NOT get to task manager.. i don’t know what to do… can someone please help me?
Eli: try disabling proxy and getting process explorer instead of task manager. It should not be blocked. Alternatively, you can try enabling task manager like this : http://www.2-viruses.com/how-to-enable-task-manager-and-registry-editor-after-malware-attack
I went through all the instructions to get rid of Antispy Safe Guard. Ran Spydoctor (that didn’t work – it told me to uninstall Norton 360 and I wasn’t sure I wanted to do that), but did get Malwarebytes to get rid of the thing. Problem is that my desktop still isn’t visible. I have gone to msconfig and all my startup programs are there and when I try to click on system restore from msconfig I get an error message saying “System restore has been turned off by group policy. To turn on system restore, contact your domain administrator” which I don’t – this is just my little ol’ home computer. Any ideas why my desktop is still hidden? I am running XP.
Heidi : The main download link will download version 7 of spyware Doctor. It should not ask to uninstall Norton 360, but after update it should detect malicious processes.
Got Spyware Doctor to download – now I have to wait for the registration code to be emailed to me so I can remove what it found. Hopefully that will do the trick…
Hmmm. All I get is OS not found and a black screen. Even if I try to restore or boot in safe mode. Any chance at saving my media or is a fresh OS install my only option? I have XP Media btw.
Ryan: try launching recovery cd. Try going into commend prompt and doing fdisk /mbr . Try boot then. If it fails, try restoring windows from recovery CD, or installing windows on top. That way media files should not be removed. Just create an user with DIFFERENT username than old one, as virus might have survived in your user folder.
So I have tried the safe mode route as well as the explorer route and its telling me explorer can’t be found. This is all after I stop the hotfix process in the task manager. Is there any other way. Can they prosecute these people?!?!?
I was able to access the registry through the task manager via regedit and remove the shell(hotfix.exe) from the registry. However I cannot go to the tasklist via cmd(where everyone else tries explorer). When I attempt to view the tasklist I get this error message
“the service cannot be started either because it is disabled or because it has no enabled devices associated with it.” How do I get to the task list to remove the hidden components so I can go to my compoter and view the hidden files and delete the rest? Thanks
I have tried safe mode, I have tried restoring to an old restore point, I have walked through the regestry, I have looked at every item in the Start up group but every time my machine starts up after I authenticate I have the AntiSpy Safeguard screen. I close it with cntr-alt-dele stop the Hotfix process which cleans my screen. I then run Rkill to stop anything else that is running. Scan with both MAB and Spyware Dr which of course find the trojan. I then delete it. I never have my normal desktop so I have to reboot which starts me all over again. I’m beginning to think this is unfixable. Any thoughts?
Joe: You have some other unknown trojan downloader. Try running TDSS killer. Try updating regular antivirus and doing a full system scan. Try disabling all strange stratup entries using msconfig.
my laptops ben infected with this stupid shit…..a friend helped me out by hiding it in a way. so now i can acesess my applications n all but were trying ot find a tool tht will compltly remove AntiSpy Safegaurd…weve tried a few but havnt had any luck….does anyone know of a program tht will remove this evil entity from windows 7??? thanks in advance…………..
on all this. sometimes i really think of taking out the goddies and reinstalling the bloody thing.
alot easyer/faster than moddling about with reg entries and all this….
anyway thanks for this page helped me alot understanding what was going on with this fake Antispy program.
What if I don’t know how to disable the proxy server
please help@admin
Read this guide, Emily : http://www.2-viruses.com/how-to-fix-google-results-hijacker-google-redirect-virus-problem
I have this antispy safeguard on my computer. My os is vista how can I find it. I can’t run my task manager to delete or stop it from running. Any ideas please. On how to find where its located in my computer. I also have the spydoctor tools. This antispy won’t allow me to run the program avg. Thanks Gelena
Gelena: stop hotfix.exe process and scan with spyware doctor then.
@admin
Ok thanks for that. But do I type that into control panel to find the program…Im trying to find the antispy guard…it won’t allow me to use ctrl+Alt=Del..to bring the task manager up to stop the program from running. Gelena
Does anybody know how to fix the performance center. Not sure how to fix it I’m using windows vista. Thanks Gelena
@admin
I am working on a friends HP Mini. At this point of spending about 10 hours messing with this spydoctor virus program with no luck, and this PC NOT having any CD player, I would like to just load XP from a flash drive, but the BIOS doesn’t look like it will see it. So back to the problem. I have read everyone’s comments and responses, and I have this: I cannot under any circumstances get the task mgr up. If I load NAV, or AVG, or Spyware doctor, most install but then die before the final install. Some say I don’t have “rights” after the installation (I am the admin of course). I have set up a separate userid and am trying to do all this from this extra userid. I have checked the config file, and unchecked most and then 1 at a time brought 1 back on line for the boot. I am not a novice, however, this is the worst virus/trojan I have ever run across. I have removed from the D&S, questionable files. I have run reg mechanic and fixed about 200+ entries, some pointing to hotfix.exe etc. Now I’m stumped. The system is still slow booting and shutting down and I still have no worthwhile AV running. Something is still hiding in this PC and I can’t find it. I would appreciate anyone’s help/suggestions. Thanks
Dan: my first check would be running TDSS killer. more often then not it finds TDSS rootkit nowdays. Secondly, if you CAN run programs, run Process explorer instead of Task manager. You will have to download it, but it is far better tool than Task manager and does not uses various group policies used by virus. Also, it shows file locations of each task (you have to enable it in setings i think). Double check programs installed in User folders and stop them. That should allow other programs to run.
Good news,Ccleaner can clean up 360safe guard.