Removal Guide
Kill Process
(How to kill a process effectively?)
SG345d.exe
%UserProfile%\Recent\cb.exe
%UserProfile%\Recent\energy.exe
%UserProfile%\Recent\exec.exe
%UserProfile%\Recent\kernel32.exe
%UserProfile%\Recent\SICKBOY.exe
Unregister DLL files
mozcrt19.dll
sqlite3.dll
Delete Registry
HKEY_CURRENT_USER\Software\3
HKEY_CLASSES_ROOT\SG345d.DocHostUIHandler
HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes "URL" = "http://findgala.com/?&uid=1002&q={searchTerms}"
HKEY_CURRENT_USER\Software\Classes\Software\Microsoft\Internet Explorer\SearchScopes "URL" = "http://findgala.com/?&uid=1002&q={searchTerms}"
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer "PRS" = "http://127.0.0.1:27777/?inj=%ORIGINAL%"
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download "RunInvalidSignatures" = "1"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform "layout/2.01002"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "Security Guard"
HKEY_CLASSES_ROOT\Software\Microsoft\Internet Explorer\SearchScopes "URL" = "http://findgala.com/?&uid=1002&q={searchTerms}"
Remove Folders and Files
%UserProfile%\Application Data\Security Guard
%UserProfile%\Desktop\Security Guard.lnk
%UserProfile%\Desktop\Security Guard.lnk
%UserProfile%\Recent\ANTIGEN.sys
%UserProfile%\Recent\ANTIGEN.tmp
%UserProfile%\Recent\cb.exe
%UserProfile%\Recent\cid.dll
%UserProfile%\Recent\ddv.sys
%UserProfile%\Recent\eb.dll
%UserProfile%\Recent\eb.drv
%UserProfile%\Recent\energy.exe
%UserProfile%\Recent\exec.exe
%UserProfile%\Recent\exec.tmp
%UserProfile%\Recent\fan.drv
%UserProfile%\Recent\fix.tmp
%UserProfile%\Recent\grid.exe
%UserProfile%\Recent\kernel32.exe
%UserProfile%\Recent\runddlkey.drv
%UserProfile%\Recent\SICKBOY.exe
%UserProfile%\Recent\tempdoc.tmp
%UserProfile%\Start Menu\Security Guard.lnk
%UserProfile%\Start Menu\Programs\Security Guard.lnk
Kill Process
(How to kill a process effectively?)
SG345d.exe
%UserProfile%\Recent\cb.exe
%UserProfile%\Recent\energy.exe
%UserProfile%\Recent\exec.exe
%UserProfile%\Recent\kernel32.exe
%UserProfile%\Recent\SICKBOY.exe
Unregister DLL files
mozcrt19.dll
sqlite3.dll
Delete Registry
HKEY_CURRENT_USER\Software\3
HKEY_CLASSES_ROOT\SG345d.DocHostUIHandler
HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes "URL" = "http://findgala.com/?&uid=1002&q={searchTerms}"
HKEY_CURRENT_USER\Software\Classes\Software\Microsoft\Internet Explorer\SearchScopes "URL" = "http://findgala.com/?&uid=1002&q={searchTerms}"
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer "PRS" = "http://127.0.0.1:27777/?inj=%ORIGINAL%"
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download "RunInvalidSignatures" = "1"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform "layout/2.01002"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "Security Guard"
HKEY_CLASSES_ROOT\Software\Microsoft\Internet Explorer\SearchScopes "URL" = "http://findgala.com/?&uid=1002&q={searchTerms}"
Remove Folders and Files
%UserProfile%\Application Data\Security Guard
%UserProfile%\Desktop\Security Guard.lnk
%UserProfile%\Desktop\Security Guard.lnk
%UserProfile%\Recent\ANTIGEN.sys
%UserProfile%\Recent\ANTIGEN.tmp
%UserProfile%\Recent\cb.exe
%UserProfile%\Recent\cid.dll
%UserProfile%\Recent\ddv.sys
%UserProfile%\Recent\eb.dll
%UserProfile%\Recent\eb.drv
%UserProfile%\Recent\energy.exe
%UserProfile%\Recent\exec.exe
%UserProfile%\Recent\exec.tmp
%UserProfile%\Recent\fan.drv
%UserProfile%\Recent\fix.tmp
%UserProfile%\Recent\grid.exe
%UserProfile%\Recent\kernel32.exe
%UserProfile%\Recent\runddlkey.drv
%UserProfile%\Recent\SICKBOY.exe
%UserProfile%\Recent\tempdoc.tmp
%UserProfile%\Start Menu\Security Guard.lnk
%UserProfile%\Start Menu\Programs\Security Guard.lnk
No comments:
Post a Comment