Security Guard is a rogue spyware program that is related to the well known fake security software Cleanup Antivirus. Security Guard tries to trick users into purchasing its license. It enters a user’s computer via Trojans or other malicious software that download and install Security Guard. Once installed, this rogue software creates a number of harmless files on the hard disk. Then it will endlessly perform fake system scans and return results and flag the above created harmless files as security threats. This is an aggressive technique used to stop the user from trying to manually remove Security Guard. This rogue software then proceeds to insist that the user should buy a license to the ‘full’ version of Security Guard, claiming that the currently installed ‘trial’ version is inadequate to clean the system of the falsely generated ‘threats’. Whenever the program is run, it will enforce this request through its GUI and through various pop-ups. However, the so-called ‘full’ version has no capability whatsoever to scan or clean your computer, and you should never fall for this trick and buy the software.
Security Guard
» Download Security Guard Removal Software
As soon as you find a copy of this malicious software on your computer, you should take steps to remove Security Guard. Security Guard removal is a process which involves the stopping of processes, the unregistering of DLLs, deletion of files and folders and the removal of registry entries.
Security Guard Manual Removal Procedures
The first step you need to take in order to delete Security Guard is to stop the following processes:
- SG345d.exe
- cb.exe
- energy.exe
- exec.exe
- grid.exe
- kernel32.exe
- SICKBOY.exe
The next step in Security Guard removal is to unregister the following DLL files:
- mozcrt19.dll
- sqlite3.dll
- cid.dll
- eb.dll
Next, it is necessary to remove the following files and folders:
- c:\Documents and Settings\All Users\Application Data\345d567
- c:\Documents and Settings\All Users\Application Data\345d567\24.mof
- c:\Documents and Settings\All Users\Application Data\345d567\mozcrt19.dll
- c:\Documents and Settings\All Users\Application Data\345d567\SG345d.exe
- c:\Documents and Settings\All Users\Application Data\345d567\SGD.ico
- c:\Documents and Settings\All Users\Application Data\345d567\sqlite3.dll
- c:\Documents and Settings\All Users\Application Data\345d567\BackUp\
- c:\Documents and Settings\All Users\Application Data\345d567\Quarantine Items\
- c:\Documents and Settings\All Users\Application Data\345d567\SGDSys\
- c:\Documents and Settings\All Users\Application Data\345d567\SGDSys\vd952342.bd
- c:\Documents and Settings\All Users\Application Data\SGZIQYEXRD
- c:\Documents and Settings\All Users\Application Data\SGZIQYEXRD\SGWNLED.cfg
- %UserProfile%\Application Data\Security Guard
- %UserProfile%\Application Data\Security Guard\cookies.sqlite
- %UserProfile%\Application Data\Security Guard\Instructions.ini
- %UserProfile%\Desktop\Security Guard.lnk
- %UserProfile%\Recent\ANTIGEN.sys
- %UserProfile%\Recent\ANTIGEN.tmp
- %UserProfile%\Recent\cb.exe
- %UserProfile%\Recent\cid.dll
- %UserProfile%\Recent\ddv.sys
- %UserProfile%\Recent\eb.dll
- %UserProfile%\Recent\eb.drv
- %UserProfile%\Recent\energy.exe
- %UserProfile%\Recent\exec.exe
- %UserProfile%\Recent\exec.tmp
- %UserProfile%\Recent\fan.drv
- %UserProfile%\Recent\fix.tmp
- %UserProfile%\Recent\grid.exe
- %UserProfile%\Recent\kernel32.exe
- %UserProfile%\Recent\runddlkey.drv
- %UserProfile%\Recent\SICKBOY.exe
- %UserProfile%\Recent\tempdoc.tmp
- %UserProfile%\Start Menu\Security Guard.lnk
- %UserProfile%\Start Menu\Programs\Security Guard.lnk
- c:\Program Files\Mozilla Firefox\searchplugins\search.xml
Security Guard Registry Removal Proedures
Removing files and folders alone is not sufficient to completely remove Security Guard. The following keys and settings should also be removed from the Windows registry to complete Security Guard removal:
- HKEY_CURRENT_USER\Software\3
- HKEY_CLASSES_ROOT\SG345d.DocHostUIHandler
- HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes "URL" = "http://findgala.com/?&uid=1002&q={searchTerms}"
- HKEY_CURRENT_USER\Software\Classes\Software\Microsoft\Internet Explorer\SearchScopes "URL" = "http://findgala.com/?&uid=1002&q={searchTerms}"
- HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer "PRS" = "http://127.0.0.1:27777/?inj=%ORIGINAL%"
- HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download "RunInvalidSignatures" = "1"
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform "layout/2.01002"
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "Security Guard"
- HKEY_CLASSES_ROOT\Software\Microsoft\Internet Explorer\SearchScopes "URL" = "http://findgala.com/?&uid=1002&q={searchTerms}"
Once you have cleaned the registry, your computer is safe from Security Guard. In order to make sure of this fact it is recommended to scan the entire PC using legitimate security products such as Spyware Doctor with Antivirus for the reason that additional traces of Security Guard’s presence or even further malware infections may be present in the system.
Security Guard Directories:
- c:\Documents and Settings\All Users\Application Data\345d567
Vista and Windows 7 users will find the trace under the user account and App Data
Conclusion
It is not recommended for inexperienced users to attempt to delete Security Guard manually, as any mistake made during removal could result in your system getting damaged.
Outside Resources:
http://www.bleepingcomputer.com/virus-removal/remove-security-guard
Speak Your Mind