Page 1 of 2 12 LastLast
Results 1 to 10 of 17
  1. #1
    Member Steph's Avatar
    Join Date
    Nov 2004
    Location
    London, UK
    Posts
    961
    Points
    60

    Default SpywareGuard and BHO warnings, high CPU usage

    Here we go - my usual Sunday morning complications

    Spywareguard has been difficult to open recently Ė it flashes up on the screen for a second then disappears. It can take up to 10 attempts to get it to open properly. Also, when I tried opening it earlier I got several browser protection alerts one after the other warning that IE search page had been changed from google to microsoft.com/sap/redir.dll?prd=Iegr=Iesearch and variations on that. One warning was that it was being changed from google to n/a

    I clicked on Restore old value and in a couple of instances just clicked on the red cross to close the warning because so many were coming up. Zone Alarm also popped up a browser change warning of some type (sorry, didn't make a note of exactly what it said) but I clicked on deny. Google hasnít been changed. Also, the task manager is showing CPU usage of about 50% right now and the only thing I can see using that amount is sgbhp.exe. Before that, System Idle Process was using the same amount and yesterday CPU usage was running at 100% when the machine was supposedly idle.

    I don't know if any of these things are connected - any idea as to whatís going on and what can I do about it please?

    Thank you.
    Steph
    Today is the dawn of another error ...



    Intel Core i3-3240 @ 3.4GHz;
    RAM 8.0 GB;
    Windows 7 Home Prem SP1 64 bit
    Firefox; IE11

  2. #2
    Member MrDarn's Avatar
    Join Date
    Jul 2007
    Location
    South East Northumberland
    Posts
    2,949
    Points
    557

    Default

    Well:
    Quote Originally Posted by ProcessLibrary
    sgbhp.exe is a part of the SpyWareGuard, Spyware Blaster Internet security tool which protects your surfing experience from personal intrusion, and in some cases, trojans.
    That high usage, along with the fact your getting browser homepage change attempts points me in the direction of one special forum on this website, and i think you know which!
    Always remember you're unique.


    ...Just like everyone else!
    If your problem is solved, here's how to say thanks!

    Windows XP
    Windows Vista
    Windows 7

  3. #3
    Moderator Forum Moderator arraknid's Avatar
    Join Date
    Dec 2006
    Location
    France
    Posts
    6,151
    Points
    1293
    Blog Entries
    4

    Default

    For the time being, disable SpywareGuard to see if it makes a difference. You can do that in msconfig or the Startup option of Ccleaner. If it does make a difference, you could try reinstalling it.

  4. #4
    Member Steph's Avatar
    Join Date
    Nov 2004
    Location
    London, UK
    Posts
    961
    Points
    60

    Default

    Hi Mr Darn, thanks for the reply. I'm pretty sure I'm clean - none of the scans have picked up anything, including Kaspersky. I suppose it's possible that SpywareGuard has become unstable for some reason. I'll try the other options first and see if that helps. If not, then you're right, I'll have to get it fully checked.

    @Arraknid I can't find SpywareGuard listed under Startup in either msconfig or CCleaner. I remember that you told me on a previous thread to disable either Adaware or SpywareGuard on startup and then run the disabled one manually from time to time and I chose to disable SpywareGuard on startup. I've since uninstalled Adaware though and now realise I didn't re-enable SpywareGuard on startup.

    Shall I uninstall SpywareGuard and then try reinstalling? And should I use Revo or Add/Remove?

    Thank you

    Steph
    Today is the dawn of another error ...



    Intel Core i3-3240 @ 3.4GHz;
    RAM 8.0 GB;
    Windows 7 Home Prem SP1 64 bit
    Firefox; IE11

  5. #5
    Moderator Forum Moderator arraknid's Avatar
    Join Date
    Dec 2006
    Location
    France
    Posts
    6,151
    Points
    1293
    Blog Entries
    4

    Default

    Shall I uninstall SpywareGuard and then try reinstalling? And should I use Revo or Add/Remove?
    That would be my choice, but if it is corrupted in some way, Revo may be the best option.

    As MrDarn suggests, there is still a possibility of malware - especially as the realtime protection offered by SpywareGuard wasn't running.

    The link microsoft.com/sap/redir.dll?prd=Iegr=Iesearch is a dead end, but resembles an IE browser update.

    Try the uninstall/reinstall first and if there are still problems, consider that HJT log - though not sure when Spyware will be reopening. EF seems to be around a bit more recently.

  6. #6
    Member Steph's Avatar
    Join Date
    Nov 2004
    Location
    London, UK
    Posts
    961
    Points
    60

    Default

    Hi Arraknid, thanks for replying.

    I think I jumped the gun a bit before in my reply to Mr Darn - Malwarebytes has just found 6 instances in the registry of Security.Hijack (I don't know how to copy the full path for each one here so I hope I've typed it out correctly :

    HKEY_LOCAL_MACHINE\SOFTWAREMicrosoft\WindowsNT\CurrentVersion\Image Image File Execution Options\rundll32.exe

    and also the same path ending in :

    regedit.exe
    ctfmon.exe
    rstrui.exe
    wscript.exe
    cscript.exe

    Are these legitimate entries to remove or could they be false positives?

    I'll leave it open and won't remove anything until I hear from you.

    Thank you
    Today is the dawn of another error ...



    Intel Core i3-3240 @ 3.4GHz;
    RAM 8.0 GB;
    Windows 7 Home Prem SP1 64 bit
    Firefox; IE11

  7. #7
    Moderator Forum Moderator arraknid's Avatar
    Join Date
    Dec 2006
    Location
    France
    Posts
    6,151
    Points
    1293
    Blog Entries
    4

    Default

    They certainly look suspicious, but I'm not qualified to advise you on malware issues. All I will say, is that those file paths aren't correct, and if MBAM has picked them up they've probably already been removed. Is it reporting it can't delete them?

  8. #8
    Member Steph's Avatar
    Join Date
    Nov 2004
    Location
    London, UK
    Posts
    961
    Points
    60

    Default

    No, I haven't tried deleting them yet - this is the result of the scan.
    Today is the dawn of another error ...



    Intel Core i3-3240 @ 3.4GHz;
    RAM 8.0 GB;
    Windows 7 Home Prem SP1 64 bit
    Firefox; IE11

  9. #9
    Moderator Forum Moderator arraknid's Avatar
    Join Date
    Dec 2006
    Location
    France
    Posts
    6,151
    Points
    1293
    Blog Entries
    4

    Default

    OK, gotcha. If it were my machine, I'd set a restore point and then delete the entries. MBAM doesn't usually pick up entries like that for no reason, and as I said, they look very suspicious. Your call.

  10. #10
    Member Steph's Avatar
    Join Date
    Nov 2004
    Location
    London, UK
    Posts
    961
    Points
    60

    Default

    OK, thanks, will do (what is it about my Sundays? )
    Today is the dawn of another error ...



    Intel Core i3-3240 @ 3.4GHz;
    RAM 8.0 GB;
    Windows 7 Home Prem SP1 64 bit
    Firefox; IE11

Page 1 of 2 12 LastLast