FrEn

E-mail Print PDF

free virus removal tool for FlashGuard.exe's fix (Autorun.tz)
Written by Administrator  |  Thursday, 17 September 2009 19:21
AddThis Social Bookmark Button
Information

This virus tries to impersonate a friendly application one that wants to protect your removable drives from other pieces of malware.

This application detects if any of the following processes are running
  • alg.exe
  • csrss.exe
  • cssrs.exe
  • cssrss.exe
  • explore.exe
  • expIorer.exe
  • iexplorer.exe
  • iexplore.exe
  • lexplore.exe
  • lsass.exe
  • lssas.exe
  • lssass.exe
  • scshost.exe
  • scvhost.exe
  • scvhsot.exe
  • smss.exe
  • smsss.exe
  • spoolss.exe
  • spoolsv.exe
  • spoolvs.exe
  • ssms.exe
  • sssms.exe
  • ssvhost.exe
  • svchost.exe
  • svchsot.exe
  • serivces.exe
  • taskmgr.exe
  • wilnogon.exe
  • winl0g0n.exe
  • winlgoon.exe
  • winlogno.exe
  • winlogon.exe
  • wlnlogon.exe

Kill them if not one of :

  • <Program Files>\Internet Explorer\iexplore.exe
  • <system>\svchost.exe
  • <system>\lsass.exe
  • <system>\csrss.exe
  • <system>\alg.exe
  • <system>\winlogon.exe
  • <system>\smss.exe
  • <system>\spoolsv.exe
  • <system>\taskmgr.exe

File Puts two files in all removable drives inserted :
  • System\Security\DriveGuard.exe
  • autorun.inf
The autorun.inf file contains the text :
[autorun]
open=System\Security\DriveGuard.exe -run
shell\Open=&Open
shell\Open\Command=System\Security\DriveGuard.exe -run
shell\Explore=&Explore
shell\Explore\Command=System\Security\DriveGuard.exe -run

Creates a folder named FlashGuard in Program Files directory and copy there FlashGuard.exe

Creates another folder "FlashGuard" in the system's root and puts there two files

  • FlashGuard.exe
  • ReadMe.txt , that contains : "This tiny software is used to protect removable storage devices from
    worms that are spread from one PC to another. "

Registry Registry keys created :

  • HKCU\Software\Microsoft\Windows\CurrentVersion\Run
    • FlashGuard : "%windrive%\FlashGuard\FlashGuard.exe" -run
  • HKLM\Software\Microsoft\Windows\CurrentVersion\Run
    • FlashGuard : "%windrive%\FlashGuard\FlashGuard.exe" -run


To be launched automatically on Windows start up

ATTENTION This virus runs automatically each time you open or explore a partition, it is preferable to download the patch and unpack it on the desktop, reboot your machine in Safe Mode and run the patch, always in safe mode.
Note however that the restarting in safe mode is not an obligation.
 

Add comment


Security code
Refresh

Related articles
Latest posts
Free malware removal tool to remove Antivir Solution Pro
_WRITTEN_BY Administrator 15/07/2010

Antivir Solution Pro is another rogue Antispyware from the Antispyware Soft and Antivirus Suite, that tries to get money from users by prompting them to register and buy their Fake products. Some…Read more...

Free virus removal tool to remove RVHOST.exe
_WRITTEN_BY Administrator 17/06/2010
  • RVHOST.exe is a trojan that may reprensent security risk for your system, it runs in the background, this application allows remote access to the compromised system.
  • Downloads…
Read more...
Free virus removal tool to remove WinDefender.exe
_WRITTEN_BY Administrator 17/06/2010
WinDefender.exe is a trojan that may reprensent security risk for your system, it runs in the background, this application creates startup registry keys. Read more...
Free malware removal tool to get rid of Defense Center
_WRITTEN_BY Administrator 12/06/2010
Defense Center is another rogue Antispyware from the Digital Protection family, it's a malware that pretends to be an Antivirus. It is a wolf in sheep's clothing. It conducts a fake scan of your…Read more...
Free virus removal tool to remove Xss.exe
_WRITTEN_BY Administrator 10/06/2010

Xss.exe is a trojan that may reprensent security risk for your system, it runs in the background, this application allows remote access to the compromised system.

Xss.exe downloads files…Read more...

.
Information | Contact

© All Rights Reserved. net-studio.org 2009