September 18, 2012

Steps for Removing Sysguard Virus

Chances are-like other people-your PC might also be infected with Sysguard virus. Sysguard is another fake virus removal software that when enters your computer hijacks your browser and stops Task Manager or other applications from running. The program prevents its detection and removal and makes things difficult for you as much as it can. Considering this, I have compiled the below mentioned steps to remove the dangerous software from your computer just in some time. (See Also Virus Removal Support)
Step1: If you are able to access Task Manager, open it and click the Processes tab. Locate any process with the name sysguard.exe or random characters such as 12345.exe or 11.exe etc., select it click End Process. Carefully scan rest of the processes. If there are more such processes, kill them also.
Step2: If you are not able to kill such processes, connect to the Internet and download a process killer like RKill, explorer.exe, or PsKill. Save the file and unzip its contents to another file. Open it and install the tool. Run the tool afterwards, select the suspicious processes, and kill them.  
Step3: If you are unable to access Task Manager or go online for that matter, shut down your computer. Restart it in Safe Mode with Networking. To do so, while the computer is restarting, start tapping the F8 key on the keyboard to get into the boot menu. Use the Down arrow key to reach Safe Mode with Networking and then hit Enter.
Step4: Exit all the windows including Task Manager. Click the Start menu> go to My Computer> C:\ drive> Program Files> and Temp. Look for sysguard.exe or random character file in the Temp folder, right click on it and click Delete to delete it. Repeat the procedure for other such files. Exit the Temp folder window.
Step5: Click the Start button> My Computer> C:\ drive> Documents and Settings> your user profile> Local Settings> and Temp. Locate the Sysguard and other random character files such as 172.exe, balloon.exe, vru.exe, install.exe, and not_detect-200812\sysguarad.exe and remove them. If you don’t see Local Settings in your user profile, click the Tools tab> select Folder Options.
Step6: Click the View tab> select the Show hidden files and folders option.  It will now display all the folders in your user profile. Navigate to the Temp folder and do the needful. When done, go to the Application Data folder and repeat the procedure.
Step7: Close all the windows and click the Start menu> Run. Type ‘regedit’ in the Open box and click OK. On Windows Registry Editor, take a registry backup before modifying the registry. It is a must-to-do procedure as it will save your data from being lost due to wrong modifications that can lead to system crash or other severe problems. 

 Step8: You can use the built-in Export option in the File menu in Registry Editor to back up your registry. This will launch the Import Export Wizard which will help you export your registry and restore it later on or when needed. Another option to back up your registry is to create a system restore point. It will help you restore your computer to an earlier time or date when things were fine.
Step9: Once you are done with registry backup, open Registry Editor and navigate to HKEY_LOCAL_MACHINESoftware> Sysguard. Remove the Sysguard folder and confirm its deletion. Now navigate to HKEY_LOCAL_MACHINE> Software> FolderA> Keyname. Delete this key in the FolderA. Similarly go to FolderB and FolderC under Software to delete other such keys.
Step10: When done, navigate to HKEY_CURRENT_USER> Software> Microsoft> Windows NT> CurrentVersion> Winlogon> Shell [%Windows%]> sysguard> sysguard.exe. Remove the last two entries from the branch. Similarly remove sysguard> sysguard.exe from the Shell [%PROGRAM_FILES%] branch. Exit Registry Editor and other windows.
Step11: Connect to the Internet and download free versions of Spybot Search and Destroy and Hijackthis programs from their respective websites. Save the files and unzip their contents into other files. Open them one by one and install both the programs. Open the first program and update it. Now run a full system scan and wait until it completes. When finished, prompt the tool to delete all the infected files that were found in scanning.
Step12: Repeat this procedure with the other tool also. Once you have run scans from both the tools, close them. Open your security program (antivirus or anti-spyware whichever you have on your computer) and update it. Wait until all the updates are duly downloaded and installed. When done, run a full system scan. Prompt your security software to delete any infection that were found during the scan. (If you don't have an antivirus, you can buy McAfee here)
Step13: Close all the windows and reboot your computer. Windows will load up normwally now. Do not press any key during the reboot process. In future, never download free utilities from torrent websites as they may contain such malicious viruses or Trojans etc. 
***You must be logged in as an administrator to make some of the above mentioned changes. Your user profile is the account that you have created to log in to your computer. Admin is the master account from which all the accounts including yours can be managed.
***If you do not want to carry out this procedure on your own as it may prove difficult, take help of an expert online virus removal support service.

 Feel free to get online technical support to fix your computer problems. Just Call on Toll-Free number(1-866-541-1792) & get 24*7 expert help for online diagnostic and troubleshooting.

No comments:

Post a Comment

Share Your Thoughts