Dr Guard, which is related to Paladin Antivirus, is a rogue security software application that tries to trick users into purchasing its license by using techniques similar to its relative. This virus gets installed on a user’s system via Trojan viruses that get downloaded through bogus websites which claim to have security scanners and along with fake video codec packs. Once installed, the virus disables all security software present on the system, and proceeds to load at startup. It then performs fake security scans on the system, returning false results that claim that the computer is severely infected with malicious software. It also displays a large number of fake pop-ups from the Windows taskbar, which warn the user of potential ‘threats’ to the computer. Meanwhile, Dr Guard constantly request the user to purchase the ‘full’ version of the software, claiming that the currently installed ‘trial’ version of Dr Guard is insufficient to completely clean the system. However, it is important to note that this is a fake application and therefore its so-called ‘full’ version is just as incapable of scanning or cleaning any system as the ‘trial’ version.
Dr Guard
» Download Dr Guard Removal Software
As soon as you find a copy of this malicious program on your system, you should take steps to immediately remove Dr Guard. For Dr Guard removal, it is necessary to stop processes, unregister DLLs, delete files and folders and remove registry entries.
Dr Guard Manual Removal Procedures
The first step you need to take in order to delete this is to stop the following processes:
- drguard.exe
- uninstall.exe
- asr64_ldm.exe
The next step in removal is to unregister the following DLL files:
- drgext.dll
- drghook.dll
Finally, to complete file removal, delete the following files and folders:
- c:\Documents and Settings\[User]\Desktop\Dr Guard Support.lnk
- c:\Documents and Settings\[User]\Desktop\Dr Guard.lnk
- c:\Documents and Settings\[User]\Start Menu\Programs\Dr Guard
- c:\Documents and Settings\[User]\Start Menu\Programs\Dr Guard\About.lnk
- c:\Documents and Settings\[User]\Start Menu\Programs\Dr Guard\Activate.lnk
- c:\Documents and Settings\[User]\Start Menu\Programs\Dr Guard\Buy.lnk
- c:\Documents and Settings\[User]\Start Menu\Programs\Dr Guard\Dr Guard Support.lnk
- c:\Documents and Settings\[User]\Start Menu\Programs\Dr Guard\Dr Guard.lnk
- c:\Documents and Settings\[User]\Start Menu\Programs\Dr Guard\Scan.lnk
- c:\Documents and Settings\[User]\Start Menu\Programs\Dr Guard\Settings.lnk
- c:\Documents and Settings\[User]\Start Menu\Programs\Dr Guard\Update.lnk
- c:\Documents and Settings\[User]\Application Data\Microsoft\Internet Explorer\Quick Launch\Dr Guard.lnk
- c:\Program Files\Dr Guard
- c:\Program Files\Dr Guard\about.ico
- c:\Program Files\Dr Guard\activate.ico
- c:\Program Files\Dr Guard\buy.ico
- c:\Program Files\Dr Guard\drg.db
- c:\Program Files\Dr Guard\drgext.dll
- c:\Program Files\Dr Guard\drghook.dll
- c:\Program Files\Dr Guard\drguard.exe
- c:\Program Files\Dr Guard\help.ico
- c:\Program Files\Dr Guard\scan.ico
- c:\Program Files\Dr Guard\settings.ico
- c:\Program Files\Dr Guard\splash.mp3
- c:\Program Files\Dr Guard\uninstall.exe
- c:\Program Files\Dr Guard\update.ico
- c:\Program Files\Dr Guard\virus.mp3
- %Temp%\asr64_ldm.exe
Vista and Windows 7 Users: Please note that you will not have a documents and settings. The file path for you will be C:\Users\Account NAME
Dr Guard Registry Removal Procedures
Removing files and folders is not enough to ensure complete Dr Guard removal. To completely remove Dr Guard, you need to delete the following keys and settings from the Windows Registry:
- HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\SimpleShlExt
- HKEY_CLASSES_ROOT\CLSID\{5E2121EE-0300-11D4-8D3B-444553540000}
- HKEY_CLASSES_ROOT\Folder\shellex\ContextMenuHandlers\SimpleShlExt
- HKEY_LOCAL_MACHINE\SOFTWARE\Dr Guard
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Dr Guard
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableTaskMgr"
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "Dr Guard"
- HKEY_CLASSES_ROOT\CLSID\{5E2121EE-0300-11D4-8D3B-444553540000}
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{5E2121EE-0300-11D4-8D3B-444553540000}"
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableTaskMgr" = "1"
Now it is safe to say that Dr Guard has been completely removed from your system. However, due to the fact that in most cases additional malware infections may be present on the system it is recommended to conduct a complete system scan using Spyware Doctor with Antivirus in order to properly identify any such threats.
Delete Dr Guard Directories:
- c:\Program Files\Dr Guard\
Conclusion
It is not recommended for inexperienced users to attempt to remove Dr Guard, as any mistake on your part could cause damage to the operating system. You should consider using antivirus software.
Outside Resources:
http://www.bleepingcomputer.com/virus-removal/remove-dr-guard
http://deletemalware.blogspot.com/2010/02/remove-dr-guard-fake-antivirus-program.html
Speak Your Mind