Dezinstaleaza Dr. Guard – Ghid pentru Devirusare Completa

Dr. Guard este un program anti-spyware de tip rogue. Este promovat prin intermediul unor Troieni care pretind sa fie codec-uri video sau actualizari flash absolut necesare pentru a urmari continutul online. Este o noua varianta a Paladin Antivirus.
Programul va afisa numeroase alerte false si va efectua scanari ale PC-ului detectand in mod eronat sute de infectii.

Toate acestea au scopul de a induce in eroare utilizatorul, cu scopul de a achizitiona acest program. Fisierele detectate sunt fie inexistente, fie curate, iar alertele nu trebuie luate in considerare.

Dr. Guard


Programul afiseaza si urmatoarele alerte:

ANTIVIRUS IS RUN IN DEMO MODE. ACTIVATE YOUR ANTIVIRUS OTHERWISE ALL THE DATA WILL BE LOST OR DAMAGED!

DANGEROUS! ANTIVIRUS DETECTED SOME HARMFUL PROGRAMS ON YOUR PC! THEY MAY CORRUPT YOUR INFORMATION OR SEND IT TO HACKERS.
PLEASE, OPTIMIZE YOUR PC. IT RUN ONLY 10%.
NEED HELP? PLEASE, CONTACT DR. GUARD CUSTOMER SUPPORT SERVICE.

Windows Firewall has detected unauthorized activity, but unfortunately it cannot help
you to remove viruses, keyloggers and other spyware threats that steal your personal
information from your computer

System files of your computer are damaged. Please, restart your system ASAP.
There are some serious security threats detected on your computer. Please, remove them ASAP.

There are some serious security threats detected on your computer: viruses, trojans, keyloggers, exploits etc.
Your computer and all your personal data are in serious danger.
Protection: Click the balloon to install antivirus software.

Defenseless OS: Windows 2000/XP/Vista
Description: Spyware. Blocks access to computer. Attacks porn sites visitors.
Protection: Click the balloon to install antivirus software.

De asemenea dezinstaleaza automat o buna parte din programele de securitate ce pot exista in PC, printre care: Malwarebytes Anti-Malware, Avira AntiVir, F-Secure, etc.

Pentru a scapa de acest nepoftit cititi detaliile de mai jos:

Programul creeaza urmatoarele fisiere\foldere:

  • c:\Documents and Settings\Bleeping\Desktop\Dr. Guard Support.lnk
  • c:\Documents and Settings\Bleeping\Desktop\Dr. Guard.lnk
  • c:\Documents and Settings\Bleeping\Start Menu\Programs\Dr. Guard
  • c:\Documents and Settings\Bleeping\Start Menu\Programs\Dr. Guard\About.lnk
  • c:\Documents and Settings\Bleeping\Start Menu\Programs\Dr. Guard\Activate.lnk
  • c:\Documents and Settings\Bleeping\Start Menu\Programs\Dr. Guard\Buy.lnk
  • c:\Documents and Settings\Bleeping\Start Menu\Programs\Dr. Guard\Dr. Guard Support.lnk
  • c:\Documents and Settings\Bleeping\Start Menu\Programs\Dr. Guard\Dr. Guard.lnk
  • c:\Documents and Settings\Bleeping\Start Menu\Programs\Dr. Guard\Scan.lnk
  • c:\Documents and Settings\Bleeping\Start Menu\Programs\Dr. Guard\Settings.lnk
  • c:\Documents and Settings\Bleeping\Start Menu\Programs\Dr. Guard\Update.lnk
  • c:\Documents and Settings\Bleeping\Application Data\Microsoft\Internet Explorer\Quick Launch\Dr. Guard.lnk
  • c:\Program Files\Dr. Guard
  • c:\Program Files\Dr. Guard\about.ico
  • c:\Program Files\Dr. Guard\activate.ico
  • c:\Program Files\Dr. Guard\buy.ico
  • c:\Program Files\Dr. Guard\drg.db
  • c:\Program Files\Dr. Guard\drgext.dll
  • c:\Program Files\Dr. Guard\drghook.dll
  • c:\Program Files\Dr. Guard\drguard.exe
  • c:\Program Files\Dr. Guard\help.ico
  • c:\Program Files\Dr. Guard\scan.ico
  • c:\Program Files\Dr. Guard\settings.ico
  • c:\Program Files\Dr. Guard\splash.mp3
  • c:\Program Files\Dr. Guard\uninstall.exe
  • c:\Program Files\Dr. Guard\update.ico
  • c:\Program Files\Dr. Guard\virus.mp3
  • %Temp%\asr64_ldm.exe



Ii sunt asociate cheile registry:

HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\SimpleShlExt
HKEY_CLASSES_ROOT\CLSID\{5E2121EE-0300-11D4-8D3B-444553540000}
HKEY_CLASSES_ROOT\Folder\shellex\ContextMenuHandlers\SimpleShlExt
HKEY_LOCAL_MACHINE\SOFTWARE\Dr. Guard
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Dr. Guard
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System “DisableTaskMgr”
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “Dr. Guard”
HKEY_CLASSES_ROOT\CLSID\{5E2121EE-0300-11D4-8D3B-444553540000}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved “{5E2121EE-0300-11D4-8D3B-444553540000}”
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System “DisableTaskMgr” = “1”

In log-ul HijackThis apar urmatoarele intrari:

O4 – HKCU\..\Run: [asr64_ldm.exe] %Temp%\asr64_ldm.exe
O4 – HKCU\..\Run: [Dr. Guard] “C:\Program Files\Dr. Guard\drguard.exe” -noscan



DEVIRUSARE:

1.Descarcati si rulati rkill.com. Acest lucru este ncesar pentru a opri procesul activ folosit de virus. Veti primi probabil o atentionare ca rkill.com este infectat. Ignorati-l, este doar o alarma falsa generata de Paladin Antivirus.
Rulati rkill.com din nou, pana cand virusul nu mai este activ. Alternativ puteti incerca eXplorer.exe sau iExplore.exe

2. Descarcati Malwarebytes Anti-Malware. Redenumiti-l in Explorer.exe. Apoi rulati-l, dar nu modificati nici o setare in timpul procesului de instalare, iar la final nu restartati PC-ul daca vi se va solicita acest lucru.

3. Virusul va incerca sa modifice executabilul principal MBAM, de aceea veti primi la final o eroare (CreateProcess failes; code: 2 – Unable to execute C:\Program Files\Malwarebytes’ Anti-Malware\mbam.exe)
Apasati butonul OK.


4. Descarcati executabilul Malwarebytes Anti-Malware de la urmatoarea locatie.
Se va genera un fisier de tip .exe, cu denumiri diferite.
Salvati-l in folder-ul C:\program files\Malwarebytes’ Anti-Malware\
Retineti denumirea fisierului.

5. Rulati fisierul descarcat in folder-ul: C:\program files\Malwarebytes’ Anti-Malware\ Malwarebytes’ Anti-Malware va porni. Scanati PC-ul complet si stergeti la final infectiile gasite apasand Remove selected.

6. Descarcati la final Dr. Web CureIT si scanati complet PC-ul indepartand infectiile aditionale gasite.

Daca ai reusit sa cureti aceasta infectie, iti recomand sa cumperi versiunea PRO a Malwarebytes Anti-Malware pentru a te proteja si pe viitor de astfel de amenintari, avand in vedere ca nu au fost detectate\eliminate de antivirusul tau actual.

Administrator FaraVirusi.com
voluntar al Comodo Malware Research Team, expert Malwarebytes Anti-Malware

3 responses to “Dezinstaleaza Dr. Guard – Ghid pentru Devirusare Completa”

  1. Nick

    De asemenea,mai exista un utilitar care se ocupa de rogue-ul asta:
    http://www.softpedia.com/get/Antivirus/ScareAware.shtml ­čśÉ

  2. bcman

    Acest rouge dezinstalează și winpatrol plus?

  3. antivirusi

    Multumim, foarte important trebuie stiut asta .. cine s-ar fi gandit ­čÖü

Leave a Reply