Drivegaurd.exe or flashgaurd.exe
“this worm will remove all files from C:\heap41a that are related to other malicious programs it enables TaskManager if is disabled” - BitDefender
it also download some other malicious files to your computer
You can locate the virus files at c:\Program Files\FlashGuard\FlashGuard.exe
Or you may have to change the attributes of this folder.For that you can refer this guide
c:\Program Files\FlashGuard\FlashGuard.exe
c:\Program Files\FlashGuard\ReadMe.txt
c:\DocumentsandSettings\**UserProfile\LocalSettings\Temp\DriveGuard.tmp.exe
c:\DocumentsandSettings\**UserProfile\LocalSettings\Temp\gHmpg.tmp.exe
It creates folders in your pendrive & copy itself to :
f:\System\Security\DriveGuard.exe *
f:\autorun.inf *
f: is your pen drive so change it according to your pendrive drive.
Will add itself to startup:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\FlashGuard
To see these virus you must set Windows to show hidden files -
HOW TO REMOVE IT :
Press Ctrl+Alt+Del to open ‘Task Manager’, select FlashGuard.exe & click ‘End Process’
You can browse to the folder mentioned above or you can find it quickly by using ‘Search’ feature(Start Menu>>Search). In the search box type, flashguard.exe or flashguard. Don’t hit the search button ..
Scroll down & expand ‘More Advanced Options’.Check the all the box as you see in the screenshot below & hit ‘Search’ button..
Delete all the files found..
Also serch for .tmp.exe, delete DriveGuard.tmp.exe & gHmpg.tmp.exe files…
The virus files can easily be recognized with pendrive icon and delete those files.
Congrats, the virus is removed from your computer. But still some entries made by the virus files exists in registry.
Go to start->run and type msconfig and hit enter
Select ‘Startup’ tab, select & uncheck FlashGuard. Click ‘Apply’.
Delete Registry Entry : Go to Start Menu>>Run, type regedit & click ‘Ok’
Browse to :
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\FlashGuard
Select FlashGuard, right-click on it & delete
No comments:
Post a Comment