Security Guard

March 18th, 2010
Home » Rogue Antispyware » Security Guard
Repair and protect your computer easily. Download Security Guard removal tool  

Security Guard description

Security Guard is a rogue security tool which masquerades as a real one. Do not purchase it, because this is a scam. This malware seeks to trick you into thinking your computer has many threats. If you’ve noticed that your desktop is flooded with mass of pop-ups and warnings, you have to ignore it. Yes, these security alerts are harmless for your computer, unless you purchase an illegal anti-spyware program. We highly recommend you not to do it.

The parasite often spreads via trojan which enters system through its vulnerable spots. The one and only problem you have already is a parasite lying within your computer. Follow the removal guide and terminate malicious program for good.

Manual Security Guard Removal


Security Guard processes:

cb.exe
energy.exe
exec.exe
grid.exe
kernel32.exe
SICKBOY.exe
SG345d.exe
Help: A Guideline of Killing Malicious Processes


Security Guard registry values:

HKEY_CURRENT_USER\Software\64
HKEY_CLASSES_ROOT\SG345d.DocHostUIHandler
HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes “URL” = “ht tp://findgala.com/?&uid=1002&q={searchTerms}”
HKEY_CURRENT_USER\Software\Classes\Software\Microsoft\Internet Explorer\SearchScopes “URL” = “ht tp://findgala.com/?&uid=1002&q={searchTerms}”
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer “PRS” = “http://127.0.0.1:27777/?inj=%ORIGINAL%”
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download “RunInvalidSignatures” = “1″
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform “layout/2.01002″
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “Security Guard”
HKEY_CLASSES_ROOT\Software\Microsoft\Internet Explorer\SearchScopes “URL” = “ht tp://findgala.com/?&uid=1002&q={searchTerms}”
Help: How to edit windows registry entries


Other malicious Security Guard files:

%UserProfile%\Recent\ANTIGEN.sys
%UserProfile%\Recent\ANTIGEN.tmp
%UserProfile%\Recent\cb.exe
%UserProfile%\Recent\cid.dll
%UserProfile%\Recent\ddv.sys
%UserProfile%\Recent\eb.dll
%UserProfile%\Recent\eb.drv
%UserProfile%\Recent\energy.exe
%UserProfile%\Recent\exec.exe
%UserProfile%\Recent\exec.tmp
%UserProfile%\Recent\fan.drv
%UserProfile%\Recent\fix.tmp
%UserProfile%\Recent\grid.exe
%UserProfile%\Recent\kernel32.exe
%UserProfile%\Recent\runddlkey.drv
%UserProfile%\Recent\SICKBOY.exe
%UserProfile%\Recent\tempdoc.tmp
c:\Documents and Settings\All Users\Application Data\123f678
c:\Documents and Settings\All Users\Application Data\123f678\24.mof
c:\Documents and Settings\All Users\Application Data\123f678\mozcrt19.dll
c:\Documents and Settings\All Users\Application Data\123f678\SG345d.exe
c:\Documents and Settings\All Users\Application Data\123f678\SGD.ico
c:\Documents and Settings\All Users\Application Data\123f678\sqlite3.dll
c:\Documents and Settings\All Users\Application Data\123f678\BackUp\
c:\Documents and Settings\All Users\Application Data\123f678\Quarantine Items\
c:\Documents and Settings\All Users\Application Data\123f678\SGDSys\
c:\Documents and Settings\All Users\Application Data\123f678\SGDSys\vd952342.bd
c:\Documents and Settings\All Users\Application Data\SGZIQYEXRD
c:\Documents and Settings\All Users\Application Data\SGZIQYEXRD\SGWNLED.cfg

The manual removal of files and registries should be performed by experienced users. A system can be badly affected if any error is done during the manual removal. We recommend using automatic removal tools to delete Security Guard, if you are not familiar with deleting malware manually.

Tags:

Trackbacks /
Pingbacks

  1. Remove My Security Engine, My Security Engine removal guide
  2. Remove Security Master AV, Security Master AV removal help

Leave a Reply