avguard.exe - Dangerous
%windir%\avguard.exe
Manual removal instructions:
Antivirus Report of %windir%\avguard.exe:
%windir%\avguard.exe
W32.Netsky.G@mm
It copies itself to %Windir%\Avguard.exe.
Deletes the values: Taskmon, Explorer, Windows Services Host, KasperskyAV, from the registry keys:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Some of these registry key values are typically associated with the worms W32.Mydoom.A@mm and W32.Mydoom.B@mm.
The W32.Mimail.T@mm worm may add the registry key value "KasperskyAV."
Deletes some values from the registry key
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices
Such as: System, msgsvr32, DELETE ME, service, Sentry, d3dupdate.exe, au.exe, OLE, gouday.exe etc.
Deletes the registry keys:
HKEY_CLASSES_ROOT\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\InProcServer32
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\PINF
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\WksPatch
Scans the predefined file types on drives C through Z for email addresses:
Uses its own SMTP engine to send itself to the email addresses it found above, sending to each address once.
The email has the following characteristics:
Subject: One of the predefined list.
For ex: Re: Your website
Body: (One of the following)
Your file is attached.
Please read the attached file.
Please have a look at the attached file.
See the attached file for details.
Here is the file.
Your document is attached.
Attachment: One of the predefined list.
For ex: Re: mp3music.pif
Manual removal:
Navigate to the key:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
and delete the value: "Special Firewall Service" = %WinDir%\avguard.exe -av service
| %windir%\avguard.exe | Malware |
| %windir%\avguard.exe | Dangerous |
| %windir%\avguard.exe | High Risk |
It copies itself to %Windir%\Avguard.exe.
Deletes the values: Taskmon, Explorer, Windows Services Host, KasperskyAV, from the registry keys:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Some of these registry key values are typically associated with the worms W32.Mydoom.A@mm and W32.Mydoom.B@mm.
The W32.Mimail.T@mm worm may add the registry key value "KasperskyAV."
Deletes some values from the registry key
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices
Such as: System, msgsvr32, DELETE ME, service, Sentry, d3dupdate.exe, au.exe, OLE, gouday.exe etc.
Deletes the registry keys:
HKEY_CLASSES_ROOT\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\InProcServer32
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\PINF
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\WksPatch
Scans the predefined file types on drives C through Z for email addresses:
Uses its own SMTP engine to send itself to the email addresses it found above, sending to each address once.
The email has the following characteristics:
Subject: One of the predefined list.
For ex: Re: Your website
Body: (One of the following)
Your file is attached.
Please read the attached file.
Please have a look at the attached file.
See the attached file for details.
Here is the file.
Your document is attached.
Attachment: One of the predefined list.
For ex: Re: mp3music.pif
Manual removal:
Navigate to the key:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
and delete the value: "Special Firewall Service" = %WinDir%\avguard.exe -av service
Dmitry Sokolov:
I created UnHackMe in 2006 to fix the problem that antivioruses did not fix: detecting rootkits.
Since that time I work every day to fix the issues that antiviruses cannot.
If your antivirus have not helped you solve the problem, you should try UnHackMe.
We are a small company and you can ask me directly, if you have any questions.