Need Virus Removal Help?

Dr. Guard

March 4, 2010 webmaster Rogue, 0

Dr. Guard is another untrusted security program that was categorized as rogue because of its fraudulent activities being carried online. Dr. Guard will force itself to be installed on computers by means of a Trojan and computer virus. Infected websites can also be a carrier of this malware that can drop the threat on visitors computer without their knowledge. As of this writing, Dr. Guard and all of its associated Trojan remains undetected by antivirus programs. Once penetrated a computer it also has the ability to stop any installed security application by destroying files associated with it.

Since it is a rogue program, never expect that Dr. Guard will perform to protect a computer nor remove any infections. It was designed to steal money from its innocent victims by convincing them to acquire the Dr. Guard registration code. This was evidently indicated by its display of fake alerts and security warnings. Remove Dr. Guard immediately from your computer by using a trusted anti-malware program.

TypeRogue
Sub-TypeFakeAV
Aliases 
OS AffectedWindows
Detected ByMalwareBytes

What are the Symptoms of Dr. Guard Infection?

Dr. Guard Screen Shot Image

A fake virus scan will be executed to encourage its victims to purchase the Dr. Guard registration key or serial number.

It will modify Windows Registry and add the following entries:

  • HKEY_CURRENT_USER\Software\Microsoft\Windows\Current Version\Run “Dr. Guard”
  • HKEY_LOCAL_MACHINE\SOFTWARE\Dr. Guard
  • HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\SimpleShlExt
  • HKEY_CLASSES_ROOT\CLSID\{5E2121EE-0300-11D4-8D3B-444553540000}
  • HKEY_CLASSES_ROOT\Folder\shellex\ContextMenuHandlers\SimpleShlExt
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Current Version\Uninstall\Dr. Guard
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\Current Version\Policies\System “DisableTaskMgr”
  • HKEY_CLASSES_ROOT\CLSID\{5E2121EE-0300-11D4-8D3B-444553540000}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Current Version\Shell Extensions\Approved “{5E2121EE-0300-11D4-8D3B-444553540000}”
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\Current Version\Policies\System “DisableTaskMgr” = “1″

The threat will drop the following malicious files:

  • %Program Files%\Dr. Guard
  • %Program Files%\Dr. Guard\about.ico
  • %Program Files%\Dr. Guard\activate.ico
  • %Program Files%\Dr. Guard\buy.ico
  • %Program Files%\Dr. Guard\drg.db
  • %Program Files%\Dr. Guard\drgext.dll
  • %Program Files%\Dr. Guard\drghook.dll
  • %Program Files%\Dr. Guard\drguard.exe
  • %Program Files%\Dr. Guard\help.ico
  • %Program Files%\Dr. Guard\scan.ico
  • %Program Files%\Dr. Guard\settings.ico
  • %Program Files%\Dr. Guard\splash.mp3
  • %Program Files%\Dr. Guard\uninstall.exe
  • %Program Files%\Dr. Guard\update.ico
  • %Program Files%\Dr. Guard\virus.mp3
  • %Documents and Settings%\[UserName]\Desktop\Dr. Guard Support.lnk
  • %Documents and Settings%\[UserName]\Desktop\Dr. Guard.lnk
  • %Documents and Settings%\[UserName]\Start Menu\Programs\Dr. Guard
  • %Documents and Settings%\[UserName]\Start Menu\Programs\Dr. Guard\About.lnk
  • %Documents and Settings%\[UserName]\Start Menu\Programs\Dr. Guard\Activate.lnk
  • %Documents and Settings%\[UserName]\Start Menu\Programs\Dr. Guard\Buy.lnk
  • %Documents and Settings%\[UserName]\Start Menu\Programs\Dr. Guard\Dr. Guard Support.lnk
  • %Documents and Settings%\[UserName]\Start Menu\Programs\Dr. Guard\Dr. Guard.lnk
  • %Documents and Settings%\[UserName]\Start Menu\Programs\Dr. Guard\Scan.lnk
  • %Documents and Settings%\[UserName]\Start Menu\Programs\Dr. Guard\Settings.lnk
  • %Documents and Settings%\[UserName]\Start Menu\Programs\Dr. Guard\Update.lnk
  • %Documents and Settings%\[UserName]\Application Data\Microsoft\Internet Explorer\Quick Launch\Dr. Guard.lnk
  • %Temp%\asr64_ldm.exe

How to Remove Dr. Guard Manually

1. Restart your computer in SafeMode
- After Power-On the computer, just before Windows start, press F8
- From the selections, Select SafeMode

2. Remove Registry entries that the threat added. You MUST BACKUP YOUR REGISTRY FIRST.
- Click Start > Run
- Type in the field, regedit
- Navigate and look for the registry entries mentioned above and delete if necessary

3. Delete malicious files that the threat added:
- Base on the given location above, browse and delete the file
- If no location is given, click Start>Search> and search for the files.
- If cannot be deleted, press Ctrl+Alt+Del to access Task Manager, see if the file is running in the process. If it is, select the file and click End Process. Perform file delete again.

4. Scan computer with Antivirus Program
- Update antivirus program
- Scan computer and delete all detected threats.

How to Easily Remove Dr. Guard

1. Download and run Removal Tool to remove Dr. Guard

Leave a Reply

Your email address will not be published. Required fields are marked *

*

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

Recent Comments

Archives

Copyright © 2009-2012 Im-Infected.com | Virus Removal Guide.