Your computer is infected with malicious software? Do you have pop-ups on your PC?
If so, search this blog for removal instructions or browse computer threats by category.

Sunday, February 28, 2010

Remove Dr. Guard fake antivirus program (Free removal)

Tell your friends:
Dr. Guard is a fake antivirus program. It reports false system security threats to scare you into thinking that your computer is infected with various malicious software. It also displays fake warnings to make you think that your computer is under attack from a remote computer and that your personal information, passwords can be stolen. Furthermore, it will even create porn icons on your desktop. How rude! Finally, as a typical rogue program it will ask you to pay for a full version of the program to remove the infections and to ensure full system protection against new threats. Sounds great, but unfortunately this is nothing more but a scam. Please don't purchase it! Otherwise you will simply lose your money. Instead, follow the Dr. Guard removal instructions below and remove this virus from your computer ass soon as possible.



Dr Guard is a clone of Paladin Antivirus. This one is also a rogue security application. Both programs look the same (use the same graphical user interface). Most of the time, DrGuard is promoted and installed through the use of trojan viruses and other malicious software. However, please note that it can come bundled with other malware too, mostly with widely spread TDSS rootkit. The bad news is that if you got Dr. Guard with this rootkit then MalwareBytes' Anti-malware won't help you, because it can't remove that rootkit at the moment. On the other hand there is a free tool for TDSS removal from Kaspersky lab. More details on this can be found in the removal guide below.

Once running, Dr. Guard performs fake system scan and displays a list of infections that can't be removed unless you buy the program. The rogue program attempts to uninstall legitimate anti-virus software if it founds one on the compromised computer. It tries to uninstall MalwareBytes anti-malware, NOD32 Antivirus, AVG, Avast!, Avira and other better known security programs. This is kind of self-protection method. What is more, it may block security related websites too. And finally, Dr. Guard displays a bunch of fake security alerts and notification from Task Manager. It even impersonates Windows Security Center and suggests you to buy the rogue program. You should ignore them just like the false scan results. You can see some of the fake Dr Guard alerts in the images below.







There shouldn't be any doubts. Dr. Guard is absolutely needless and even dangerous program. Please remove from your computer upon detection. Full details on how to remove Dr. Guard from your computer for free cab be found below. Also note, if you already purchased this fake program then you should contact your credit card company as soon as possible and dispute the charges. If you have any questions don't hesitate and leave a comment. Good luck!


Dr. Guard removal instructions:

1. Download the file TDSSKiller.zip and extract it into a folder
2. Execute the file TDSSKiller.exe (NOTE: you may have to rename TDSSKiller.exe to explorer.com yourself or download already renamed explorer.com file in order to run it)
3. Follow the prompts and wait for the scan and disinfection process to be over. Close all programs and press “Y” key to restart your computer.
More detail TDSSKiller tutorial: http://support.kaspersky.com/viruses/solutions?qid=208280684
4. Download one of the following anti-malware software and run a full system scan:
5. New threats appear every day. In order to protect your PC from such (new) infections we strongly recommend you to use ESET Smart Security.

Dr. Guard associated files and registry values:

Files:
  • C:\Documents and Settings\[User]\Start Menu\Programs\Dr. Guard
  • C:\Program Files\Dr. Guard
  • C:\Program Files\Dr. Guard\drg.db
  • C:\Program Files\Dr. Guard\drgext.dll
  • C:\Program Files\Dr. Guard\drghook.dll
  • C:\Program Files\Dr. Guard\drguard.exe
  • C:\Program Files\Dr. Guard\splash.mp3
  • C:\Program Files\Dr. Guard\uninstall.exe
  • C:\Program Files\Dr. Guard\virus.mp3
  • %Temp%\asr64_ldm.exe
  • C:\WINDOWS\system32\spoolsv.exe
  • C:\WINDOWS\system32\drivers\_VOIDd.sys
Registry:
  • HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\SimpleShlExt
  • HKEY_CLASSES_ROOT\CLSID\{5E2121EE-0300-11D4-8D3B-444553540000}
  • HKEY_CLASSES_ROOT\Folder\shellex\ContextMenuHandlers\SimpleShlExt
  • HKEY_LOCAL_MACHINE\SOFTWARE\Dr. Guard
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Dr. Guard
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableTaskMgr"
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "Dr. Guard"
  • HKEY_CLASSES_ROOT\CLSID\{5E2121EE-0300-11D4-8D3B-444553540000}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{5E2121EE-0300-11D4-8D3B-444553540000}"
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableTaskMgr" = "1"

Please share this information with other people:

11 comments:

Anonymous said...

My computer got infected with this %^&^&))%%&*^&@@! virus yesterday and I had to manually remove it. Tip: one of the FIRST things you should remove is the executable file: %Temp%\asr64_ldm.exe . This shows up in your task manager. You can kill it and restart your computer all you want, but since the file hides in the system, it will restart the malware every time you restart your computer. So go into search, find "%Temp%\asr64_ldm.exe " and remove it! You'll also have to run regedit and remove the Dr. Guard directory and other registry keys....what a job. I spent three hours trying to get rid of this thing yesterday and FINALLY succeeded.

Anonymous said...

Ironically enough, I've had to deal with this problem on two machines. These instructions worked for removal on the first machine, but failed on the second. All the registry entries are gone, all the files are gone, but when I try to install AVG free it tells me that Dr. Guard is installed on that computer. This one is nasty.

Anonymous said...

i cant find any of those files it says up there... what do i do????

Anonymous said...

those bastards ...
had to reset my computer

Anonymous said...

I got infected on two machines four days ago with this scamming soft-Antimalware Defender&Dr.Guard through updating from Microsoft!I was healing my computers in three steps:first-healing with Avira Rescue System CD;second-installing Panda Antivirus Pro 2010 and third-healing the systems with Hitman Pro 3.5!Now the machines are clean from viruses!

Anonymous said...

im working on removing it as we speak on my other computer any final tips? so i get this god damned virus of my comp
thnks, dan

Anonymous said...

seems like my removal is working! (crossing my fingers i hope i dont jinx it ) but very good advise from above remove the file: %Temp%\asr64_ldm.exe it worked and it stoped dr guard from working i believe. its a must! before i had deleted it the update on the malware wasnt working and after it didnt as dr guard wasnt able to stop it. thank you so much the guy who wrote that first.

Anonymous said...

MY DR.GUARD KEEPS POPPIN UP!
HOW DO I STOP IT?

Anonymous said...

Does not work on WIN7 x64 :-(

Anonymous said...

where can i find that file?

Gustavo La Rosa said...

I was find the following folder :
%SystemRoot%\_VOIDsmccpxxnoi
containing the _VOIDd.sys file.

And, in the services listed in the registry, I was find :
LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\_VOIDsmccpxxnoi

LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\_VOIDd.sys

With this elements the equipment was infected in the boot process. The file asr64_ldm.exe never appeared