Thursday, 18 March 2010

How to remove Security Guard fake program (Free removal)

Security Guard is a fake antivirus program from the same family as CleanUP Antivirus. Basically, Security Guard is a rename of CleanUP Antivirus with several partial modifications. If you are reading this article then your computer is probably infected with Security Guard virus. Thankfully, you can use free anti-malware applications to remove this infection from your computer for free. Please note, this fake program may block anti-malware applications. That's why you may have to complete several additional steps before installing and running anti-malware software.



You probably already know what Security Guard and where it usually comes from? In short, it's fake antivirus program. Most of the time, it's promoted through the use of trojans or come bundled with other malicious software. Trojans enter a computer through software vulnerabilities without user's consent. That's why you may find comments from other people saying that this fake program just came up like from nowhere. Security Guard is also distributed via fake online scanners, malicious online video sites or even on Facebook, Twitter, MySpace and etc.

Once installed, the rogue program simulates a system scan and reports numerous false system security threats to make you think that your computer is infected when actually it's not. It also displays fake warnings about serious security and privacy problems. It may claim that your computer is under attack from a remote computer or that your data might be deleted. Furthermore, Security Guard hijacks Internet Explorer and displays fake warnings about insecure Internet connection. As you can see, it's nothing more but a scam. It goes without saying that you should remove Security Guard from your computer upon detection. Please follow the removal instructions bellow. If you have any questions just leave a comment. Good luck and be safe!


Security Guard removal instructions (method #1):

Download one of the following legitimate anti-malware applications and run a quick system scan. Don’t forget to update it first. All programs a free.
NOTE1: if you can't run any of the above programs you must rename the installer of selected program before saving it on your PC. For example: if you choose MalwareBytes then you have to rename mbam-setup.exe to iexplore.exe, explorer.exe or any random name like test123.exe before saving it.

NOTE2: if you still can't run the renamed file then you need to change file extension too not only the name.
1. Go to "My Computer".
2. Select "Tools" from menu and click "Folder Options".
3. Select "View" tab and uncheck the checkbox labeled "Hide file extensions for known file types". Click OK.
4. Rename mbam-setup.exe to either test123.com or test123.pif
5. Double-click to run renamed file.


Removing Security Guard in Safe Mode with Networking (method #2):

1. Reboot your computer is "Safe Mode with Networking". As the computer is booting tap the "F8 key" continuously which should bring up the "Windows Advanced Options Menu" as shown below. Use your arrow keys to move to "Safe Mode with Networking" and press Enter key. Read more detailed instructions here: http://www.computerhope.com/issues/chsafe.htm



NOTE: Login as the same user you were previously logged in with in the normal Windows mode.
If you can't reboot your PC in Safe Mode with Networking, download SafeBootKeyRepair and run it. If the rogue program blocks it then download and run this file RenamedSBKRepair. Follow the prompts. Then reboot your PC in Safe Mode with Networking.

2.Download one of the following legitimate anti-malware applications and run a quick system scan. Don’t forget to update it first. All programs a free.


CleanUp Antivirus files and registry values:

Folders and files:
  • C:\Documents and Settings\All Users\Application Data\345d567
  • C:\Documents and Settings\All Users\Application Data\345d567\24.mof
  • C:\Documents and Settings\All Users\Application Data\345d567\mozcrt19.dll
  • C:\Documents and Settings\All Users\Application Data\345d567\SG345d.exe
  • C:\Documents and Settings\All Users\Application Data\345d567\SGD.ico
  • C:\Documents and Settings\All Users\Application Data\SGZIQYEXRD
  • C:\Documents and Settings\All Users\Application Data\SGZIQYEXRD\SGWNLED.cfg
  • %UserProfile%\Application Data\Security Guard
  • C:\Program Files\Mozilla Firefox\searchplugins\search.xml
Registry values:
  • HKEY_CURRENT_USER\Software\3
  • HKEY_CLASSES_ROOT\SG345d.DocHostUIHandler
  • HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes "URL" = "http://findgala.com/?&uid=1002&q={searchTerms}"
  • HKEY_CURRENT_USER\Software\Classes\Software\Microsoft\Internet Explorer\SearchScopes "URL" = "http://findgala.com/?&uid=1002&q={searchTerms}"
  • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer "PRS" = "http://127.0.0.1:27777/?inj=%ORIGINAL%"
  • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download "RunInvalidSignatures" = "1"
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform "layout/2.01002"
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "Security Guard"
  • HKEY_CLASSES_ROOT\Software\Microsoft\Internet Explorer\SearchScopes "URL" = "http://findgala.com/?&uid=1002&q={searchTerms}"

Share this information with other people:

No comments:

Post a Comment