SysChat

SysChat (http://www.syschat.com/forum.php)
-   Security (http://www.syschat.com/tips-n-tricks/security/)
-   -   How to Remove Drivemonitor.exe flashguard.exe driveguard.exe (http://www.syschat.com/how-remove-drivemonitor-exe-flashguard-exe-5083.html)

dwarkarao 10-30-2009 06:46 AM
How to Remove Drivemonitor.exe flashguard.exe driveguard.exe
 
What is Drivegaurd.exe or flashgaurd.exe?

This is a kind of worm which takes away the center of control of your computer from you that is the TASKBAR. It starts with infecting and removing the files from C:\heap41a which is linked with other malicious programs on your computer.

Moreover, once it sits firmly in your computer, it allows so many other malicious files to hijack your computer. So it is necessary to remove this worm, as soon as possible.


You can locate the virus files at
c:\Program Files\FlashGuard\FlashGuard.exe

Or you may have to change the attributes of this folder. For that you can refer to this guide

c:\Program Files\FlashGuard\FlashGuard.exe

c:\Program Files\FlashGuard\ReadMe.txt

c:\DocumentsandSettings\**UserProfile\LocalSetting s\Temp\DriveGuard.tmp.exe

c:\DocumentsandSettings\**UserProfile\LocalSetting s\Temp\gHmpg.tmp.exe


It creates folders in your pendrive & copy itself to:

f:\System\Security\DriveGuard.exe *

f:\autorun.inf *

f: is your pen drive so change it according to your pendrive drive.


Will add itself to startup:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Run\FlashGuard

To see these virus you must set Windows to show hidden files -

How to remove flashgaurd.exe worm?

Press Ctrl+Alt+Del to open ‘Task Manager’, select FlashGuard.exe & click ‘End Process’

You can browse to the folder mentioned above or you can find it quickly by using ‘Search’ feature(Start Menu>>Search). In the search box type, flashguard.exe or flashguard. Don’t hit the search button.

Scroll down & expand ‘More Advanced Options’. Check the all the boxes below & hit ‘Search’ button.

Delete all the files found..

Also search for .tmp.exe, delete DriveGuard.tmp.exe & gHmpg.tmp.exe files…

The virus files can easily be recognized with pendrive icon and delete those files.

Congrats, the virus is removed from your computer. But still some entries made by the virus files exists in registry.

Go to start->run and type msconfig and hit enter

Select ‘Startup’ tab, select & uncheck FlashGuard. Click ‘Apply’.

Delete Registry Entry : Go to Start Menu>>Run, type regedit & click ‘Ok’

Browse to :

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Run\FlashGuard

Select FlashGuard, right-click on it & delete.


All times are GMT -4. The time now is 09:11 AM.


Copyright © 2005-2013 SysChat.com


1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54