Thursday, February 26, 2009

Remove System Guard 2009Remove System Guard 2009

System Guard 2009





License: Freeware
File size: 59 KB
System Guard 2009, or SystemGuard2009, is a rogue anti-spyware program that installs in your computer system with the help of Trojan Zlob or through security vulnerabilities in the Windows operating system or web browser. You may have also downloaded System Guard 2009 from a rogue website thinking it would remove your spyware threats.

Removal Tool:
Remove Fake Antivirus. (Download it here.)

Download Remove System Guard 2009 1.0 at Softpedia
Download Source code of System Guard 2009 1.0

System Guard 2009 Removal Guide
Kill Process
(How to kill a process effectively?)
"SystemGuard2009.exe"
"systemguard.exe"
"winscenter.exe"
"sysexplorer.exe"
"spoolsystem.exe"
"reged.exe"
"syscert.exe"

Delete Registry
HKLM "SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\System Guard 2009"
HKLM "SOFTWARE\System Guard 2009"
HKLM "SOFTWARE\Microsoft\Windows\CurrentVersion\Internet"
HKCR "CLSID\{AB6DAA8C-F726-4FDD-8B06-9537C5878612}"
HKCR "CLSID\{77C96E10-FDA7-4AA7-B318-0631C0D27DBB}"
HKLM "SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad" "ieModule"
HKLM "SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad" "InternetConnection"
HKLM "SOFTWARE\Microsoft\Windows\CurrentVersion\Run" "systemguard"

Unregister DLL
SetShellVarContext all
"$APPDATA\microsoft\network\dlls\udunjexmim.dll"
"$APPDATA\microsoft\network\dlls\czltvtkkox.dll"
"$APPDATA\microsoft\network\dlls\jykgxumxkk.dll"
"$APPDATA\microsoft\network\dlls\fejopjgulu.dll"
"$APPDATA\microsoft\network\dlls\qvovoghiyx.dll"
"$APPDATA\microsoft\network\dlls\fnypjxnzek.dll"
"$APPDATA\microsoft\network\dlls\qxpvjgihuv.dll"
"$APPDATA\microsoft\network\dlls\zhqbmeuqai.dll"
"$APPDATA\microsoft\network\dlls\jxwwldgtxf.dll"
"$APPDATA\microsoft\network\dlls\hafjrwkdjg.dll"
"$APPDATA\microsoft\network\dlls\pheauarqzb.dll"
"$APPDATA\microsoft\network\dlls\hditohpcyc.dll"
"$APPDATA\microsoft\network\dlls\ikpxrsbnnq.dll"
"$APPDATA\microsoft\network\dlls\ndamqohbzv.dll"
"$APPDATA\microsoft\network\dlls\zdbwchlcag.dll"
"$APPDATA\microsoft\internet explorer\dlls\moduleie.dll"
"$APPDATA\microsoft\internet explorer\dlls\undeiimrfx.dll"
"$APPDATA\microsoft\internet explorer\dlls\iemodule.dll"
"$APPDATA\microsoft\network\dlls\moduleie.dll"
"$APPDATA\microsoft\network\dlls\mqhkcnqxvg.dll"
"$APPDATA\microsoft\network\dlls\uqmgwcdcve.dll"
"$APPDATA\microsoft\network\dlls\iemodule.dll"
"$WINDIR\vmreg.dll"
"$APPDATA\Microsoft\Network\DLLs\ieModule.dll"
"$APPDATA\Microsoft\Network\DLLs\eewhptdpyl.dll"
"$APPDATA\Microsoft\Network\DLLs\moduleie.dll"

Remove folder
"$PROGRAMFILES\System Guard 2009"

Delete Files
(How to delete access denied file?)
SetShellVarContext current
"$SYSDIR\winscenter.exe"
"$WINDIR\sysexplorer.exe"
"$WINDIR\spoolsystem.exe"
"$WINDIR\reged.exe"
"$WINDIR\syscert.exe"
"$WINDIR\vmreg.dll"
"$WINDIR\sys.com"
"$SMPROGRAMS\System Guard 2009\Uninstall.lnk"
"$SMPROGRAMS\System Guard 2009\System Guard 2009.lnk"
"$SMPROGRAMS\System Guard 2009"
"$DESKTOP\System Guard 2009.lnk"

SetShellVarContext all
"$APPDATA\Microsoft\Network\svchost.exe"
"$APPDATA\winlogon.exe"
"$APPDATA\Microsoft\Network\DLLs\ieModule.dll"
"$APPDATA\Microsoft\Network\DLLs\eewhptdpyl.dll"
"$APPDATA\Microsoft\Network\DLLs\moduleie.dll "
"$APPDATA\Microsoft\Network\DLLs\c.cgm"
"$APPDATA\Microsoft\Network\DLLs"
"$APPDATA\Microsoft\Network\track.sys"
"$APPDATA\microsoft\network\dlls\udunjexmim.dll"
"$APPDATA\microsoft\network\dlls\czltvtkkox.dll"
"$APPDATA\microsoft\network\dlls\jykgxumxkk.dll"
"$APPDATA\microsoft\network\dlls\fejopjgulu.dll"
"$APPDATA\microsoft\network\dlls\qvovoghiyx.dll"
"$APPDATA\microsoft\network\dlls\fnypjxnzek.dll"
"$APPDATA\microsoft\network\dlls\qxpvjgihuv.dll"
"$APPDATA\microsoft\network\dlls\zhqbmeuqai.dll"
"$APPDATA\microsoft\network\dlls\jxwwldgtxf.dll"
"$APPDATA\microsoft\network\dlls\hafjrwkdjg.dll"
"$APPDATA\microsoft\network\dlls\pheauarqzb.dll"
"$APPDATA\microsoft\network\dlls\hditohpcyc.dll"
"$APPDATA\microsoft\network\dlls\ikpxrsbnnq.dll"
"$APPDATA\microsoft\network\dlls\ndamqohbzv.dll"
"$APPDATA\microsoft\network\dlls\zdbwchlcag.dll"
"$APPDATA\microsoft\internet explorer\dlls\moduleie.dll"
"$APPDATA\microsoft\internet explorer\dlls\undeiimrfx.dll"
"$APPDATA\microsoft\internet explorer\dlls\iemodule.dll"
"$APPDATA\microsoft\network\dlls\moduleie.dll"
"$APPDATA\microsoft\network\dlls\mqhkcnqxvg.dll"
"$APPDATA\microsoft\network\dlls\uqmgwcdcve.dll"
"$APPDATA\microsoft\network\dlls\iemodule.dll"

Read more:
Constants in manual removal guide
Posted by Olzen at 8:06 AM
Labels: , ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)