Sunday, March 7, 2010

ONE OF OUR READERS WANTED TO KNOW THE METHOD TO REMOVE DRIVEGUARD.EXE VIRUS WHICH IS ALSO KNOWN BY THE NAMES FLASHGUARD.EXE AND DRIVEMONITOR.EXE. SO HERE GOES THE SOLUTION THAT IS BIT DIFFERENT FROM THE OTHER VIRUS REMOVAL METHODS.


WHAT DRIVEGUARD.EXE DOES?

• ADDS ITSELF TO STARTUP AND THE TASK MANAGER.

• ADDS A REGISTRY KEY FOR MAKING CHANGES IN THE REGISTRY EDITOR.

• ADDS AUTORUN.INF FILE IN THE PEN DRIVE

• ADDS SOME MALICIOUS TEMPORARY FILES IN THE SYSTEM.

SOLUTION:

1. BOOT THE COMPUTER IN THE SAFE MODE.

2. OPEN THE TASK MANAGER AND KILL THE PROCESSES WITH NAMES DRIVEGUARD.EXE/FLASHGUARD.EXE/DRIVEMONITOR.EXE

3. OPEN MY COMPUTER AND SEARCH FOR THE SAME VIRUS NAMES BUT DON’T FORGET TO CHECK ALL THE BOXES IN THE ‘MORE ADVANCED OPTIONS’ OF SEARCH. DELETE ALL THE FILES.

4. NOW SEARCH FOR .TMP.EXE AND DELETE DRIVEGUARD.TMP.EXE AND GHMPG.TMP.EXE FILES, IF ANY.

5. OPEN THE MSCONFIG, NOW GO TO STARTUP PROCESSES AND UNCHECK THE FLASHGUARD PROCESS TO REMOVE IT FROM THE STARTUP LIST.

6. OPEN REGEDIT AND NAVIGATE TO HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\FLASHGUARD.

7. CLICK ON FLASHGUARD AND DELETE THE KEY.

THE VIRUS WOULD HAVE BEEN REMOVED.

0 comments:

Post a Comment