FrEn

E-mail Print

free virus removal tool for FlashGuard.exe's fix (Autorun.tz)
Written by Administrator  |  Thursday, 17 September 2009 19:21
AddThis Social Bookmark Button
Information

This virus tries to impersonate a friendly application one that wants to protect your removable drives from other pieces of malware.

This application detects if any of the following processes are running
  • alg.exe
  • csrss.exe
  • cssrs.exe
  • cssrss.exe
  • explore.exe
  • expIorer.exe
  • iexplorer.exe
  • iexplore.exe
  • lexplore.exe
  • lsass.exe
  • lssas.exe
  • lssass.exe
  • scshost.exe
  • scvhost.exe
  • scvhsot.exe
  • smss.exe
  • smsss.exe
  • spoolss.exe
  • spoolsv.exe
  • spoolvs.exe
  • ssms.exe
  • sssms.exe
  • ssvhost.exe
  • svchost.exe
  • svchsot.exe
  • serivces.exe
  • taskmgr.exe
  • wilnogon.exe
  • winl0g0n.exe
  • winlgoon.exe
  • winlogno.exe
  • winlogon.exe
  • wlnlogon.exe

Kill them if not one of :

  • <Program Files>\Internet Explorer\iexplore.exe
  • <system>\svchost.exe
  • <system>\lsass.exe
  • <system>\csrss.exe
  • <system>\alg.exe
  • <system>\winlogon.exe
  • <system>\smss.exe
  • <system>\spoolsv.exe
  • <system>\taskmgr.exe

File Puts two files in all removable drives inserted :
  • System\Security\DriveGuard.exe
  • autorun.inf
The autorun.inf file contains the text :
[autorun]
open=System\Security\DriveGuard.exe -run
shell\Open=&Open
shell\Open\Command=System\Security\DriveGuard.exe -run
shell\Explore=&Explore
shell\Explore\Command=System\Security\DriveGuard.exe -run

Creates a folder named FlashGuard in Program Files directory and copy there FlashGuard.exe

Creates another folder "FlashGuard" in the system's root and puts there two files

  • FlashGuard.exe
  • ReadMe.txt , that contains : "This tiny software is used to protect removable storage devices from
    worms that are spread from one PC to another. "

Registry Registry keys created :

  • HKCU\Software\Microsoft\Windows\CurrentVersion\Run
    • FlashGuard : "%windrive%\FlashGuard\FlashGuard.exe" -run
  • HKLM\Software\Microsoft\Windows\CurrentVersion\Run
    • FlashGuard : "%windrive%\FlashGuard\FlashGuard.exe" -run


To be launched automatically on Windows start up

ATTENTION This virus runs automatically each time you open or explore a partition, it is preferable to download the patch and unpack it on the desktop, reboot your machine in Safe Mode and run the patch, always in safe mode.
Note however that the restarting in safe mode is not an obligation.
 

Add comment


Security code
Refresh

Related articles
Latest posts

  • Free malware removal tool for Guard Online

    Written by %s admin 10/10/2011
    Guard Online is a another rogue Antispyware from the OpenCloud and AV Guard Online familly, it's a malware that pretends to be an Antivirus. Guard Online conducts a fake scan of your system; you are…
    Read more...

  • Free malware removal tool to remove AV Guard Online

    Written by %s admin 05/10/2011
    AV Guard Online is a another rogue Antispyware from the OpenCloud familly, it's a malware that pretends to be an Antivirus. AV Guard Online conducts a fake scan of your system; you are warned by a…
    Read more...

  • Free removal tool to remove Security Guard 2012

    Written by %s admin 05/10/2011
    Security Guard 2012 is a another rogue Antispyware from the OpenCloud familly, it's a malware that pretends to be an Antivirus. Security Guard 2012 conducts a fake scan of your system; you are warned…
    Read more...

  • Free removal tool for Advanced PC Shield 2012

    Written by %s admin 01/10/2011
    Advanced PC Shield 2012 is a another rogue Antispyware, it's a malware that pretends to be an Antivirus. Advanced PC Shield 2012 conducts a fake scan of your system; you are warned by a fake alarm…
    Read more...

  • Security Sphere 2012 Free Removal Tool

    Written by %s admin 01/10/2011
    Security Sphere 2012 is another spyware from the Security Tool family. Security Sphere 2012 is not a legit program; it's a fake, a counterfeit. Security Sphere 2012 claims to fix your system, but…
    Read more...
.
Information | Contact

© All Rights Reserved. net-studio.org 2009