Friday, July 3, 2009

HOW TO REMOVE Drivegaurd.exe or flashgaurd.exe VIRUS

Drivegaurd.exe or flashgaurd.exe

“this worm will remove all files from C:\heap41a that are related  
to other malicious programs it enables TaskManager if is disabled”  
- BitDefender

it also download some other malicious files to your computer

You can locate the virus files at c:\Program  
Files\FlashGuard\FlashGuard.exe
Or you may have to change the attributes of this folder.For that  
you can refer this guide
c:\Program Files\FlashGuard\FlashGuard.exe
c:\Program Files\FlashGuard\ReadMe.txt
c:\DocumentsandSettings\**UserProfile\LocalSettings\Temp\DriveGuar 
d.tmp.exe
c:\DocumentsandSettings\**UserProfile\LocalSettings\Temp\gHmpg.tmp 
.exe
It creates folders in your pendrive & copy itself to :
f:\System\Security\DriveGuard.exe *
f:\autorun.inf *
f: is your pen drive so change it according to your pendrive  
drive.
Will add itself to startup:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\F 
lashGuard
To see these virus you must set Windows to show hidden files -
HOW TO REMOVE IT :
Press Ctrl+Alt+Del to open ‘Task Manager’, select FlashGuard.exe &  
click ‘End Process’
You can browse to the folder mentioned above or you can find it  
quickly by using ‘Search’ feature(Start Menu>>Search). In the  
search box type, flashguard.exe or flashguard. Don’t hit the  
search button ..

Scroll down & expand ‘More Advanced Options’.Check the all the box  
as you see in the screenshot below & hit ‘Search’ button..
Delete all the files found..
Also serch for .tmp.exe, delete DriveGuard.tmp.exe & gHmpg.tmp.exe  
files…
The virus files can easily be recognized with pendrive icon and  
delete those files.
Congrats, the virus is removed from your computer. But still some  
entries made by the virus files exists in registry.
Go to start->run and type msconfig and hit enter
Select ‘Startup’ tab, select & uncheck FlashGuard. Click ‘Apply’.

Delete Registry Entry : Go to Start Menu>>Run, type regedit &  
click ‘Ok’
Browse to :
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\F 
lashGuard
Select FlashGuard, right-click on it & delete
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)