Thursday, April 15, 2010

Dr. Guard Removal GuideDr. Guard Removal Guide

Dr. Guard Removal Guide
Dr. Guard is a rogue antispyware program which is actually the updated version of Paladin Antivirus. The bogus program is installed by Trojans. When the Trojan is set up, it will download and install Dr. Guard onto a victim's computer without the user's authorization and awareness. Dr. Guard will set itself to run automatically when Windows loads and it will ask the targeted user to uninstall legitimate antispyware tools in order to protect itself from removal. Dr. Guard will start an imitation of a system scan and find a number of threats that cannot be fixed, unless the victim first purchases the full version of the software. However, Dr. Guard is not able to detect or remove any computer malware so do not purchase it.

Removal Tool: Remove Fake Antivirus. (Download it here.)

Removal Guide
Kill Process
(How to kill a process effectively?)
asr64_ldm.exe
uninstall.exe
drguard.exe

Unregister DLL files
%Program Files%\Dr. Guard\drghook.dll
%Program Files%\Dr. Guard\drgext.dll

Delete Registry
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Dr. Guard
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\asr64_ldm.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Dr. Guard
HKEY_LOCAL_MACHINE\SOFTWARE\Dr. Guard
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\SimpleShlExt
HKEY_CLASSES_ROOT\CLSID\{5E2121EE-0300-11D4-8D3B-444553540000}
HKEY_CLASSES_ROOT\Folder\shellex\ContextMenuHandlers\SimpleShlExt
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableTaskMgr"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{5E2121EE-0300-11D4-8D3B-444553540000}"

Remove Folders and Files
%UserProfile%\local settings\Temp\asr64_ldm.exe
%UserProfile%\Desktop\Dr. Guard.lnk
%UserProfile%\Desktop\Dr. Guard Support.lnk
%Program Files%\Dr. Guard
%UserProfile%\Start Menu\Programs\Dr. Guard

No comments:

Post a Comment