System Guard 2009 issues...

By mdfreeman ·
I'm working on two machine that have System Guard 2009/vundo infections on them, both systems have been cleaned off with MalwareBytes but they still cannot get updates for any AV software unless you boot into safe mode with networking. I've scanned repeatedly with MBAM, I've also removed the hard drives and attached them to another machine and scanned with AVG, both are coming up clean. The machines access the Internet fine, I can get to some security sites (, but not others ( I cannot update MalwareBytes or Vipre in normal mode, neither can I access shares on the local network. I have reset all the zones to default level in Internet Connections, reset TCP/IP using netsh, and reset the local security policy using secedit. I have also performed a repair install on one of the machines...all to no avail. I'm really stumped on this one.

This conversation is currently closed to new comments.

Thread display: Collapse - | Expand +

All Answers

Collapse -

Clock settings......

by Peconet Tietokoneet In reply to System Guard 2009 issues. ...

I had a similar issue to some updates and found out that my clock was out of sync.
Look at your computer clock and make sure that the settings are correct. Make sure that the (clock) settings are set to the (correct) month, zone and the correct time.
Hope this helps you.

Collapse -

Clocks settings are correct.

by mdfreeman In reply to Clock settings......

The clock settings are correct. I'm in the process of trying some of the other suggestions posted to this thread. Thanks for the tip, though. I had not checked the clock settings until you mentioned it.

Collapse -


by Snuffy09 In reply to System Guard 2009 issues. ...

giving supersntispyware a run for its money (free)

If that not it, try hijack this if you havnt already

Collapse -

It's working...

by mdfreeman In reply to try...

SAS found 46 tracking cookies, It prompted me to reboot and now everything is working fine. Our Senior Engineer recently installed a Kerio Winroute firewall on our server, we have 40 licenses for it and we were dangerously close to our limit yesterday. I'm wondering if that may have been the problem, we've had difficulties with this system previously, but not like this. Either way, I greatly appreciate your help...thanks a LOT. I'm adding SAS to my toolkit.

Collapse -

Good deal

by Snuffy09 In reply to It's working...

Glad it worked for you!

Collapse -

See if this is of any help

by Jacky Howe In reply to System Guard 2009 issues. ...

From another PC download and install Spybot, update it and copy the the installed folders to a USB Stick.

Restart the PC in Safe Mode, navigate to the USB stick and run Spybot.

Download Spybot - Search & Destroy and install it. Update it.
<a href= target="_blank"><u>Spybot</u></a>

Also run this Rootkit Revealer GMer

Click this <a href="" target="_blank"><u>gmer</u></a>


Click this <a href="" target="_blank"><u>link</u></a>

How to check the Host file

Step 1: Click the Start button and select Run. Now type the following text in that Run box and press Enter:

notepad c:\WINDOWS\system32\drivers\etc\hosts

Step 2: You will see a new notepad window on your screen containing some information. You should have a single entry of localhost. If there are any other entries in there it means that those sites are being blocked and it is probably due to an infection.

If it is the DNS changer fixwareout will remove this.

<a href="" target="_blank"><u>Fixwareout</u></a>

The DNSChanger trojan is usually a small file (about 1.5 kilobytes) that is designed to change the 'NameServer' Registry key value to a custom IP address. This IP address is usually encrypted in the body of a trojan. As a result of this change a victim's computer will contact the newly assigned DNS server to resolve names of different webservers. And some of the resolved names will not point to legitimate websites - they will point to fake websites that look like real ones, but are created to steal sensitive information (like credit card numbers, logins and passwords).

If TaskManager has been disabled this will enable TaskManager to allow access to the Registry.

Command line removal
Click Start Run and type cmd and then press Enter.

Execute the following commands in the command line in order to activate the registry editor and Task Manager: answer ?y? and press Enter.

reg delete HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr

reg delete HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableRegistryTools

Collapse -


by mdfreeman In reply to See if this is of any hel ...

The situation was resolved before I got the chance to try out any of your suggestions; however, you gave me some more resources to look over for my tool kit. Many thanks.

Collapse -

No Probs {NT}

by Jacky Howe In reply to Thanks...

Related Discussions

Related Forums