Your computer is infected with malicious software? Do you have pop-ups on your PC?
If so, search this blog for removal instructions or browse computer threats by category.

Wednesday, July 20, 2011

How to Remove Zentom System Guard (Uninstall Guide)

Tell your friends:
Zentom System Guard is a rogue anti-virus program that tries to trick users into paying for the program to remove fictitious virus threats. It's a re-branded version of Antimalware Doctor. The rogue application claims that it has detected viruses on your computer. It displays fake security warnings to scare you into thinking that your computer is infected with malicious software. Do not, under any circumstances, pay for such bogus software. This type of malicious software is very annoying and we totally understand how how frustrating it can be. However, it's worth mentioning that it can't delete your files so you shouldn't worry about that. If you think or confirm that your computer is infected with this fake anti-virus application, scan your computer with legitimate anti-malware software. To remove Zentom System Guard from your computer, please follow the steps in the removal guide below.



Zentom System Guard video:


There are a number of ways that Zentom System Guard gets on your computer, but usually users have no clue as to how they got it. The problem is that rogue security software can appear on your computer without a warning but most of the time cyber crooks use social engineering to trick you into installing their malicious software. For example, this time cyber crooks use fake pop-up window called "System Security Pack Upgrade" that looks just like the legitimate Automatic Windows update screen to trick you into installing Zentom System Guard.

System Security Pack 2010.78.932 (Zentom System Guard Upgrade; KB921472)


Cyber crooks cal also use fake online virus scanners, drive-by-downloads fake codecs and other social engineering tricks. Once installed, Zentom System Guard completes a fake system scan and reports numerous non-existent infections on your computer. Here are some of the fake security alerts you may see when your computer gets infected with Zentom System Guard.


Zentom System Guard - Hacker attack detected
Your computer is subjected to hacker attack. Zentom System Guard has detected that somebody is trying to transfer Your private data via internet. We strongly recommend you to block attack immediately.

Protection Center Alert
To help protect your computer, Zentom System Guard has blocked some features of this program Zentom System Guard has detected unauthorized activity, but unfortunately trial version cannot remove viruses, keyloggers and other treats. Your personal data under serious risk. It is strongly recommended to register Your copy of Zentom System Guard and prevent intrusion for future.
Do You want to block this suspicious software?
Name: Trojan.Win32.Autoit.agg
Alert level: High
Description: It is highly recommended to remove this threat from your PC
If you have accidentally purchased this rogue antivirus program, please contact your credit card company and dispute the charges. The please follow the removal instructions below to remove Zentom System Guard and associated malware from your computer. If you have any questions or need help removing this malware, please leave a comment below. Good luck and be safe online!

Additionally, you can activate the rogue program by entering this registration code MTk4-NzE1-NTYx-NTUw as shown in the image below.



Once this is done, you are free to install anti-malware software and remove the rogue anti-virus program from your computer properly.


Zentom System Guard removal instructions:

1. Download free anti-malware software from the list below and run a full system scan.
NOTE: in some cases the rogue program may block anti-malware software. Before saving the selected program onto your computer, you may have to rename the installer to iexplore.exe or winlogon.exe With all of these tools, if running Windows 7 or Vista they MUST be run as administrator. Launch the program and follow the prompts. Don't forget to update the installed program before scanning.

If you can't download it, please reboot your computer is "Safe Mode with Networking". As the computer is booting tap the "F8 key" continuously which should bring up the "Windows Advanced Options Menu" as shown below. Use your arrow keys to move to "Safe Mode with Networking" and press Enter key. Open Internet Explorer and download STOPzilla. Once finished, go back into Normal Mode and run it. That's It!

Read more detailed instructions here: http://www.computerhope.com/issues/chsafe.htm


NOTE: Login as the same user you were previously logged in with in the normal Windows mode.


Associated Zentom System Guard files and registry values:

Files:



Windows XP
  • C:\Documents and Settings\[UserName]\Application Data\[SET OF RANDOM CHARACTERS]
  • C:\Documents and Settings\[UserName]\Application Data\[SET OF RANDOM CHARACTERS]\[SET OF RANDOM CHARACTERS].exe
  • C:\Documents and Settings\[UserName]\Application Data\[SET OF RANDOM CHARACTERS]\lsrslt.ini
  • C:\Documents and Settings\[UserName]\Application Data\[SET OF RANDOM CHARACTERS]\local.ini
  • C:\Documents and Settings\[UserName]\Application Data\[SET OF RANDOM CHARACTERS]\hookdll.dll
  • C:\Documents and Settings\[UserName]\Application Data\[SET OF RANDOM CHARACTERS]\enemies-names.txt
  • C:\Documents and Settings\[UserName]\Start Menu\Programs\Zentom System Guard\
  • C:\Documents and Settings\[UserName]\Start Menu\Programs\Startup\Zentom System Guard.lnk
  • C:\Documents and Settings\[UserName]\Start Menu\Programs\Zentom System Guard\Uninstall.lnk
  • C:\Documents and Settings\[UserName]\Start Menu\Programs\Zentom System Guard\Zentom System Guard.lnk
  • C:\Documents and Settings\[UserName]\Desktop\Zentom System Guard.lnk
Windows Vista/7
  • C:\Users\[UserName]\AppData\Roaming\[SET OF RANDOM CHARACTERS]
  • C:\Users\[UserName]\AppData\Roaming\[SET OF RANDOM CHARACTERS]\[SET OF RANDOM CHARACTERS].exe
  • C:\Users\[UserName]\AppData\Roaming\[SET OF RANDOM CHARACTERS]\lsrslt.ini
  • C:\Users\[UserName]\AppData\Roaming\[SET OF RANDOM CHARACTERS]\local.ini
  • C:\Users\[UserName]\AppData\Roaming\[SET OF RANDOM CHARACTERS]\hookdll.dll
  • C:\Users\[UserName]\AppData\Roaming\[SET OF RANDOM CHARACTERS]\enemies-names.txt
  • C:\Users\[UserName]\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Zentom System Guard\
  • C:\Users\[UserName]\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Zentom System Guard.lnk
  • C:\Users\[UserName]\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Zentom System Guard\Uninstall.lnk
  • C:\Users\[UserName]\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Zentom System Guard\Zentom System Guard.lnk
  • C:\Users\[UserName]\Desktop\Zentom System Guard.lnk
Registry values:
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Zentom System Guard
  • HKEY_CURRENT_USER\Software\ZentomSystemGuard
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "[SET OF RANDOM CHARACTERS].exe"
Share this information with other people:

13 comments:

Anonymous said...

Woohoo! This works. I used MalwareBytes. The scan took forever, but did get it. I then did have to delete all the registry items. Hopefully it works going forward.

Anonymous said...

How do I remove as a non-administrator?

Anonymous said...

you cant, you have to be able to download things to get rid of it. thank you guy that made this web page.

Anonymous said...

We Love Admin! Thnx!

Anonymous said...

I works. Thank you very much

Anonymous said...

it worked thank you very much i called what so called a computer tech he said you will need to reformat the computer its easy for them to say

but i followed your instruction and it worked ?
from the comment it seems like its a new virus id love to know how i got it though
thanks

Anonymous said...

thank you so much! i was very worried and your instructions were very easy to follow! worked great, i used to malware bytes. thanks again!

Anonymous said...

do i have to pay for one of these programs that removes the zentom?

Anonymous said...

Wow, this was really helpful! I was worried when this popped up and it actually got to the point where it threatened to upload all my data to the internet. The whole thing froze and I shut it down manually. But, thank you!

Anonymous said...

Umm, my task manager automatically shuts off, and I cant even find zentom on there. Even after using anti malware, the program is gone but my task manager shuts off. Do you know how I fix it?

Anonymous said...

I downloaded malware-bytes and that soon got rid of this pesky problem for me.

As part of the process I had to reboot my computer, When I did my AVG and other anti-virus softwares kicked in and found threats that needed to be dealt with, Now my computer is running faster then ever.

The moral of my story is, Reboot your computer once a day even if you have it running 24/7 for downloading like me, Update your antivirus and run a scan once a week at the minimum.

YOW said...

Hi. I'm done installing the Stopzilla. Its also done scanning my laptop. Now, I'm trying to REMOVE what it detected but unfortunately, it says that I have to register to remove all the threats. The application is asking me a Registration key/code. Hope you could help me with this one. Thank you. :)

Admin said...

Well, you can always get your money back. But if you truly don't want to buy it then use Malwarebytes or SUPERAntispyware. These are free. Good luck!