Yes, I've got it on one of my computers too. I can't use it at all now.
McAfee failed completely....I need help!!! This is #*%%$^(&
Please try the steps below:
Download ALL of the tools below on a friend or family member's, CLEAN computer and copy them to a CD or flash drive, then transfer them to the problem machine.
First, please download and run the following tool to help allow the removal programs below to run. (courtesy of Grinler at BleepingComputer.com)
There are 4 different versions. If one of them won't run then try to run the other one. Try running them in Safe Mode if "normal" Windows doesn't get it done..
Vista and Win7 users need to right click and choose Run as Admin
You only need to get one of them to run, not all of them.
IMMEDIATELY after running the "Rkill" tool above, run/install the Malwarebytes and SuperAntispyware installer and update files from the links below which you've also copied to a CD or flash drive, and transfered to the problem machine. Do NOT restart the computer after running Rkill.
Once downloaded and before transferring Malwarebytes and SuperAntispyware to the problem machine, rename the program installer "mbam-setup.exe" file to something else like "Gogetum.exe", then copy the installer file and the update file to a CD or flash drive.. Transfer the file to the problem machine, then install the "Gogetum.exe" file, then run the update to get the program current.. After that, run a full system scan and delete anything it finds.
Malwarebytes Installer Download Link (Clicking on the links below will immediately start the download dialogue window.)
Malwarebytes Manual Updater link
Next, install and run a full system scan with the SuperAntispyware program and the manual updater from the links below. As before, you may need to rename the installer file to get the program to install.:
SuperAntispyware Manual Updater
In a few situations, in order for the program to run, it was also necessary to rename the main "mbam.exe" file also after installing it.. It resides in the C:\Programs Files\Malwarebytes Antimalware folder....
And because this particular variant tends to tinker with your internet settings, open "Control Panel/Internet Options", then click on the "Connections tab/LAN Settings button and UNCHECK the box next to "Use proxy server for your LAN". Perform this step in Safe Mode.
Hope this helps.
In the spirit of not recreating the wheel, here is one of a hundred write ups on removing it. Perhaps it will help. If not, please write back, and we'll take a closer look at your system.
After using the rkill file and malware mbam-rules and superantispyware as suggested by Grif I've stopped having the problem. Now my mcafee icon is black and so are many icons on my programs list.
Any suggestions as to what I should do about this? PErhaps I should post this as a new topic?
Look for these locations :
%UserProfile%\Local Settings\Application Data\[RANDOM]
%UserProfile%\Local Settings\Application Data\[RANDOM]\[RANDOM]sysguard.exe
Try to rename and restart the computer
Then Delete the same file,,,
Got mine fixed, thanks to all who replied.
Heres my major problem, is that if I didnt have firefox on my laptop I wouldnt be able to get to this website, my IE is toast, the malware wont let me open tools then internet options to repair the broken parts or askew parts to get the downloads working.What to do now? Thanks
The easiest solution I have found is the following:
Immidiately after booting up open a search window. If you do not do it immidiately the infection will take over and not allow it.
Once the search window is open the search will work even though you might be prompted to access AntiVirus Live (do not select to access AntiVirus Live).
Do the search with the advanced option of 'searching hidden files and folders' checked.
Search for 'SysGuard.' I received a file that contained 'SysGuard' in the name of the file and not as noted below.
There were two files in two different locations. On was under application data and the other was under windows/prefetch with a pf extension.
Rename those files and reboot the machine.
The problem should be fixed.
I also recommend making a copy of your RegEdit file and then doing a search for 'SysGuard' in the RegEdit file and delete what you find. Again, the keys I found included the name variation of SysGuard.
@Grif, none of that stuff is working for me, rkill is blcoked, hijackthis is being blocked, everything is block, any suggestions??