|
PSGuard removal
| Spyware PSGuard Information |
Name: PSGuard
Category: Trojan
Date: 2005-10-17
Dangerous: Yes
|
PSGuard is a malicious anti-spyware software that performs those actions usually done by trojan horses. It uses a root-kit to keep registry key HKEY_LOCAL_MACHINE\SOFTWARE\ShudderLTD (with its child keys and values) protected. PSGuard is able to do this by using a well known exploit [difference between Win32 and Native APIs]. Having this nasty corrupt anti-spyware program on your computer makes it insecure, you should deal with it as soon as possible.
This Trojan is also known as:
ps guard
>> Delete PSGuard automatically - Download SpyHunter
| PSGuard Removal Instructions |
|
Kill the following processes
psguardinstall.exe, uninstall.exe, psguard.exe, psguardinstall[1].exe
|
|
Unregister the following DLLs and reboot
core.dll, localization.dll, wndsystem.dll in Program Files\psguard\
|
|
Delete these registry entries
HKEY_LOCAL_MACHINE\software\shudderltd\psguard\psguard installationid
HKEY_LOCAL_MACHINE\software\shudderltd\psguard versioninfo
HKEY_LOCAL_MACHINE\software\shudderltd\psguard updateinterval
HKEY_LOCAL_MACHINE\software\shudderltd\psguard startatwinstartup
HKEY_LOCAL_MACHINE\software\shudderltd\psguard scanonstartup
HKEY_LOCAL_MACHINE\software\shudderltd\psguard scan_priority
HKEY_LOCAL_MACHINE\software\shudderltd\psguard scan_depth
HKEY_LOCAL_MACHINE\software\shudderltd\psguard resourcedll
HKEY_LOCAL_MACHINE\software\shudderltd\psguard registrationurl
HKEY_LOCAL_MACHINE\software\shudderltd\psguard quarantinelocation
HKEY_LOCAL_MACHINE\software\shudderltd\psguard performupdate
HKEY_LOCAL_MACHINE\software\shudderltd\psguard minonstartup
HKEY_LOCAL_MACHINE\software\shudderltd\psguard mguid
HKEY_LOCAL_MACHINE\software\shudderltd\psguard installdir
HKEY_LOCAL_MACHINE\software\shudderltd\psguard enablertmonitoring
HKEY_LOCAL_MACHINE\software\shudderltd\psguard databasefile
HKEY_LOCAL_MACHINE\software\shudderltd\psguard alwaysblockwhennoav
HKEY_LOCAL_MACHINE\software\shudderltd\psguard alwaysblockchanges
HKEY_CLASSES_ROOT\typelib\{f61d1ce1-5199-4b57-b59e-c6819ea92f3b}
HKEY_CLASSES_ROOT\typelib\{982392f9-9c65-48b4-b667-3459c46630d1}
HKEY_CLASSES_ROOT\interface\{f4364eec-31f5-4b8b-a7e0-3b6394c9d23f}
HKEY_CLASSES_ROOT\interface\{f100a342-3ac5-47ff-b5b3-fcdb6fc9f016}
HKEY_CLASSES_ROOT\interface\{e0d6c30a-b9a3-4181-8099-3b0d5a2b98af}
HKEY_CLASSES_ROOT\interface\{d6a7d177-0b2f-4283-b2e8-b6310a45e606}
HKEY_CLASSES_ROOT\interface\{d5d6e9b5-30d5-4457-ac8b-399205f50411}
HKEY_CLASSES_ROOT\interface\{cf1674cc-ec9a-4aee-996e-65a8f7c0b0e4}
HKEY_CLASSES_ROOT\interface\{cb9385ab-8541-4b2f-a363-48f64c612993}
HKEY_CLASSES_ROOT\interface\{c6e2a22c-b3a8-43a4-b5ec-a5bb671ab3f7}
HKEY_CLASSES_ROOT\interface\{b803d266-a08d-4a4c-9604-6d35689abe09}
HKEY_CLASSES_ROOT\interface\{b26b5883-f15f-4283-b3d5-a1728077de47}
HKEY_CLASSES_ROOT\interface\{a917b2f3-a9bf-477c-a0e3-0382d0376159}
HKEY_CLASSES_ROOT\interface\{a20f5672-7486-4d27-bd2b-e555e4692c5f}
HKEY_CLASSES_ROOT\interface\{a00e2305-7001-4200-ba00-5779f9a3e7d3}
HKEY_CLASSES_ROOT\interface\{8ec33b7d-9953-4edb-ace2-d4c105968601}
HKEY_CLASSES_ROOT\interface\{8b6c0168-baac-4c7c-911e-0132590f5661}
HKEY_CLASSES_ROOT\interface\{7b6a3434-8625-4abf-b79d-09d98c2498c4}
HKEY_CLASSES_ROOT\interface\{4723879b-8f52-4be7-9994-626afa539366}
HKEY_CLASSES_ROOT\interface\{3a350193-c7f7-4e10-b347-02ff4c3cc4e9}
HKEY_CLASSES_ROOT\interface\{2c462d06-3ba0-48bb-9282-bb6519fe86e9}
HKEY_CLASSES_ROOT\interface\{28fedb90-53c7-4928-994a-cee782606507}
HKEY_CLASSES_ROOT\interface\{20f8b70d-9f16-4dcb-8788-90a0498e46b9}
HKEY_CLASSES_ROOT\interface\{206538f7-f98c-4a46-a7d4-4a37fcdc932b}
HKEY_CLASSES_ROOT\interface\{1c08d3d0-1e04-4dde-ab0a-75355ea2585e}
HKEY_CLASSES_ROOT\interface\{1449f89c-ad28-427a-97ff-1d5bd812ea43}
HKEY_CLASSES_ROOT\interface\{09b90087-4ffa-4a44-be69-da117a710f07}
HKEY_CLASSES_ROOT\interface\{08101c3e-6c90-439e-9734-6e4dd1b53b69}
HKEY_CLASSES_ROOT\clsid\{f4b3e25a-33b4-4647-9a78-b627dde211a6}
HKEY_CLASSES_ROOT\clsid\{e5d78bd8-3874-4aa0-9d45-cfb79382c484}
HKEY_CLASSES_ROOT\clsid\{e0aa0493-c410-4cbd-b1db-1723374fa8e0}
HKEY_CLASSES_ROOT\clsid\{ceabf027-6cdc-4d47-adf6-ac5d065826a6}
HKEY_CLASSES_ROOT\clsid\{ca5e7959-60b5-47b7-80ac-1606309733f3}
HKEY_CLASSES_ROOT\clsid\{c7f22879-7151-4c71-8c50-9557afda66c6}
HKEY_CLASSES_ROOT\clsid\{c5a40fce-0a0f-40ca-985e-661c28b5b431}
HKEY_CLASSES_ROOT\clsid\{9746b450-6064-4ec8-9480-72a289aa2237}
HKEY_CLASSES_ROOT\clsid\{7d98221e-af8f-4d29-8bb1-1dfabc288173}
HKEY_CLASSES_ROOT\clsid\{7adda344-1d36-4446-9f4b-b2351fb19efd}
HKEY_CLASSES_ROOT\clsid\{7702c521-76ae-42c0-a181-3b5a96c2eef7}
HKEY_CLASSES_ROOT\clsid\{52034ad2-914c-4634-b375-9299631e5525}
HKEY_CLASSES_ROOT\clsid\{49443d6e-ce4e-47a9-8deb-f5774ce14984}
HKEY_CLASSES_ROOT\clsid\{3d74d140-f780-4ae3-8d6d-f8dc39107213}
HKEY_CLASSES_ROOT\clsid\{35ed274e-3f42-4a78-bbdc-3b7d73e85578}
HKEY_CLASSES_ROOT\clsid\{2f34e0e0-f0bb-477f-afb8-509262fa0ad1}
HKEY_CLASSES_ROOT\clsid\{2c59d5ec-6b91-4896-bd6f-5f121d87a7f8}
HKEY_CLASSES_ROOT\clsid\{23f7ad29-f51a-4ba1-be70-143b1cb25bd1}
HKEY_CLASSES_ROOT\clsid\{21e132c9-1f98-4151-bdad-7d9b49c60a8e}
HKEY_CLASSES_ROOT\clsid\{20d1af34-6e19-42d8-af9f-bdfbe45c2454}
HKEY_CLASSES_ROOT\clsid\{1c94ea51-3800-4f08-b5dc-a5b67823ffea}
HKEY_CLASSES_ROOT\clsid\{1bd98dfd-2da9-4c54-85d7-be03a0f9c487}
HKEY_CLASSES_ROOT\clsid\{17e02586-a91d-4a9d-a74e-187b05dffe6f}
HKEY_CLASSES_ROOT\clsid\{15dc7116-e58e-4395-a45a-a1c99b17c030}
|
|
Remove the following files
psguardinstall.exe, psguardinstall[1].exe.
psguard spyware remover.lnk in Desktop\
register psguard spyware remover.lnk, start psguard spyware remover.lnk, uninstall.lnk in Program Files\Common Files\psguard spyware remover\
core.dll, database.pkg, localization.dll, logfile.txt, psguard.exe, psguard.exe.local, uninstall.exe, wndsystem.dll in Program Files\psguard\
|
|
Remove the following directories
Program Files\psguard
Documents and Settings\UserName\application data\shudder global limited
Program Files\Common Files\start menu\programs\psguard spyware remover
|
Bookmark PSGuard page
| Visitor Comments on PSGuard |
2005-12-14 15:21:50, Ralph:
god, i hate psguard, although these instructions did a great part of the job removing it, automatic remover was needed as well.
2006-07-27 19:36:10, Guest:
cancel winantispyware2005 alert from my computer. I am tired of it popping up when I am doing a program. Cancel it or I will report it to the BBB on tomorrow.
2007-05-13 13:01:22, Guest:
ok can some one please help me find this stuff so i can delete it cause i cant find it.
2008-09-07 05:17:49, Guest:
Hi. This pest is still around, I picked it up last week. -Red desk top, shortcuts to porn sites, fake security warnings, etc. I used Noadware to remove it. It hasn't returned.
|
|