Tuesday, 4 October 2011

How to Remove Security Guard 2012 (Uninstall Guide)

Security Guard 2012 is a scareware that tries to defraud less savvy computer users by scaring them into paying for a fake security product. In our previous write-up, we analyzed pretty much the same malware. Both programs are categorized as rogue/fraud software. This time, cyber crooks decided to use even more generic name to confuse more users into thinking that it's a legitimate computer optimization and repair program by Microsoft. Unfortunately, it isn't. Do not pay for it. Security Guard 2012 and its scareware model closely reflects the affiliate marketing model. Although, the number of incidents have risen dramatically in the past few years, Security Guard 2012 and similar malware are preventable by users being internet savvy and keeping their computers protected. If your computer is infected with Security Guard 2012, please follow the general malware removal steps outlined below. Victims' complaints are usually ignored and if you have already purchased this rogue program you should at least contact your credit card company and dispute the charges. Some users do not even realise they have been victimised. You should always check twice before paying for software that claims to be from Microsoft of other well-known companies. Especially, if it pop-ups on your computer screen like from no where or you wasn't looking to install it in the first place. If you have any further information about Security Guard 2012, please leave a comment below. We are currently investigating this threat and will provide more information as it becomes available. The following information was submitted by our readers:
  • Windows was configured to use a proxy.
  • Blocks legitimate security products and system tools
  • Displays misleading security alerts
  • Asks to purchase the program
  • Runs on system start-up
  • Drops a rootkit
Associated Security Guard 2012 files and registry values:

  • %Userprofile%\Application Data\dwm.exe
  • %Userprofile%\Application Data\Microsoft\conhost.exe
  • %Temp%\csrss.exe
Registry values:
  • HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "[SET OF RANDOM CHARACTERS].exe"
Trojan downloader: http://vms.drweb.com/virus/?i=1477261

Quick tip: run Windows Configuration Utilities. Type MSCONFIG in the search box and press enter. Select Startup tab and unchecked any program that was just a bunch of characters, usually a bunch of random numbers. Then follow the removal instructions below.

Security Guard 2012 removal instructions:

1. Reboot your computer is "Safe Mode with Networking". As the computer is booting tap the "F8 key" continuously which should bring up the "Windows Advanced Options Menu" as shown below. Use your arrow keys to move to "Safe Mode with Networking" and press Enter key. Read more detailed instructions here: http://www.computerhope.com/issues/chsafe.htm

NOTE: Login as the same user you were previously logged in with in the normal Windows mode.

2. Launch Internet Explorer. In Internet Explorer go to: ToolsInternet OptionsConnections tab. Click Lan Settings button and uncheck the checkbox labeled Use a proxy server for your LAN. Click OK. You may have to repeat steps 1-2 if you will have problems downloading malware removal programs.

3. Download free anti-malware software from the list below and run a full system scan.
NOTE: in some cases the rogue program may block anti-malware software. Before saving the selected program onto your computer, you may have to rename the installer to iexplore.exe or winlogon.exe With all of these tools, if running Windows 7 or Vista they MUST be run as administrator. Launch the program and follow the prompts. Don't forget to update the installed program before scanning.

4. Go back to Normal Mode and follow the TDSS, Alureon, Tidserv, TDL3 removal instructions to remove the rootkit from your computer.

Share this information with your friends:

No comments:

Post a Comment