SoftwareTipsandTricks.com
Home Forums Windows 7 Security Tips
Forums

Windows 7
Windows Vista
Windows XP

Security Tips
Troubleshooting
Keyboard Shortcuts
Encyclopedia


Drivers

Internet Terms
Computer Terms

File Extensions (75)
File Extensions (15K+)

Startup Applications
Necessary Files
Useless Files
At Your Option Files
Dangerous Files
Browser Objects

DLL Files
SYS Files
INF Files
OCX Files
VXD Files

Virus Database
Virus Warnings

Easter Eggs
Tips and Tricks
Articles
Hot Downloads


Privacy Policy
Contact Us







  %WinDir%\avguard.exe

Name %WinDir%\avguard.exe

Description

W32.Netsky.G@mm
It copies itself to %Windir%\Avguard.exe.

Deletes the values: Taskmon, Explorer, Windows Services Host, KasperskyAV, from the registry keys:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Some of these registry key values are typically associated with the worms W32.Mydoom.A@mm and W32.Mydoom.B@mm.
The W32.Mimail.T@mm worm may add the registry key value "KasperskyAV."

Deletes some values from the registry key
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices
Such as: System, msgsvr32, DELETE ME, service, Sentry, d3dupdate.exe, au.exe, OLE, gouday.exe etc.

Deletes the registry keys:
HKEY_CLASSES_ROOT\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\InProcServer32
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\PINF
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\WksPatch

Scans the predefined file types on drives C through Z for email addresses:
Uses its own SMTP engine to send itself to the email addresses it found above, sending to each address once.
The email has the following characteristics:
Subject: One of the predefined list.
For ex: Re: Your website

Body: (One of the following)
Your file is attached.
Please read the attached file.
Please have a look at the attached file.
See the attached file for details.
Here is the file.
Your document is attached.

Attachment: One of the predefined list.
For ex: Re: mp3music.pif

Manual removal:
Navigate to the key:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
and delete the value: "Special Firewall Service" = %WinDir%\avguard.exe -av service


Still have a problem? Ask for help at our discussion forum.



Search Dangerous Files :
 

: : Recent posts at Forums : :

nshcqwegkl

dhrzgvopnr

fnkllcuucq

yqvlxufpih

Full-grown galleries

jdituajwwd

kixldzexui

bocomctskj

spqctplats

aerjerziuq

jqzqnrmcou

Cheap Stitched Soccer Jerseys

xtqwgagflv

Albert Ayler - Albert Smiles With Sunny

Grown up purlieus

ehlzbdbcmw

pcjelrgltj

quzzqjridp

My supplementary website

Free matured galleries

iyspkzumkb

Hardcore Gay photo blogging post

nlxrlqvdqt

uzpldnmlzq

nbsyvsviwm

iaxpeonmws

pdcnuisgxv

qmgbklukha

qbvggsasqo

kmlxlpdoqg




SoftwareTipsandTricks, All Rights Reserved.