Virus Dr Guard on my PC

Solved
Mike -  
 Mike -
Hello,

I have this Dr Guard virus on my PC, what should I do? Thanks everyone for your help.

Mike
Configuration: Windows Vista / Firefox 3.5.8

30 answers

  • 1
  • 2
  1. sKe69 Posted messages 21955 Status Security Contributor 463
     
    well ...

    do as follows in order:

    1- protocol to follow for Windows Vista:

    *Disable User Account Control or UAC (reactivate it only at the end of the cleanup):

    Go to “start” then “control panel”:
    --->On the right side of the window, click on “classic view”
    --->Double-click on the “User Accounts” icon
    --->Then click on “Turn User Account Control on or off.”
    --->Uncheck the box “use User Account Control...” and click OK.
    --->Restart the PC!

    Tutorials:
    http://pagesperso-orange.fr/NosTools/uac_vista.html
    https://forum.malekal.com/viewtopic.php?f=59&t=6517

    * Important:
    To install or launch the tools you will use during the cleanup, always do this: right-click (on the installer setup or the tool) -> choose “Run as administrator.”
    Do this systematically!...

    once this is done and taken into account, continue:

    ========================

    2- Properly uninstall Spybot S&D from the control panel / “programs and features.”

    It is useless, heavy for the system, and will greatly hinder us during the cleanup...

    Once uninstalled (and not before!), proceed...

    ========================

    3- Use the ZHPFix tool:

    > Launch ZHPFix from the desktop shortcut.

    * Once the ZHPFix tool is open, click on the [ H ] button (“paste helper lines”).

    * In the main box (which is blank), copy/paste all the text on this page (and nothing else!):

    > http://www.cijoint.fr/cj201003/cijqEDfVM6.txt

    Check:
    - that all the lines I asked you to copy (and only those) are in the window.
    - that the lines are arranged one below the other like on this page when you copy them into ZHPFix.

    * Then click the [ OK ] button.
    > at this point, a small empty box will appear at the beginning of each line. Don’t touch anything else!

    !! Log off, disable your defenses (anti-virus, anti-spyware) and close all other applications (including browsers) !!

    * Click the [ All ] button. Check that all the lines are checked.

    * Finally, click the [ Clean ] button.

    -> allow the tool to work and don’t touch anything...

    -> If you are asked to restart the PC to complete the cleaning, do it!

    Once finished, a new report will display: post the content of it in your next response...

    ( this report is also saved in this folder > C:\Program files\ZHPDiag\ZHPFixReport.txt )

    Remember to reactivate your defenses!...

    ============================

    4- Download Malwarebytes':
    here https://www.commentcamarche.net/telecharger/securite/14361-malwarebytes-anti-malware/
    or here: http://www.malwarebytes.org/mbam.php
    or here: http://www.malwarebytes.org/mbam/program/mbam-setup.exe

    * Install it (choose “French”; do not change the installation settings) and update it.

    (NB: If you lack “COMCTL32.OCX” during installation, then download it here: https://www.malekal.com/tutorial-aboutbuster/)

    * Study the tutorial to familiarize yourself with the program:
    https://forum.pcastuces.com/sujet.asp?f=31&s=3
    (that said, it is very user-friendly).

    ! Log off and close all running applications!

    * Launch Malwarebytes'.

    Perform a so-called “QUICK” scan.

    --> Let the program work (and do nothing else with the PC during the scan).
    --> at the end, click on “results.”
    --> Check that all infected items are validated, then click on “remove.”

    Note: if you need to restart your PC to finish the cleaning, do it!

    Post the saved report after removing infected items (in the “report/log” tab of Malwarebytes', the latest one) for analysis...

    ==============================

    5- Perform another ZHPDiag scan, check all options (except 045 and 061), post the new report obtained (via Cijoint) for analysis and wait for the next steps...

    --
    “Baby, I'm going on an airplane, And I don't know if I'll be back again”
    IMPORTANT: do not think you are out of trouble until we
    tell you so!
    1
    1. Mike
       
      I'm sorry, sKe69,
      I'm reporting back a part of your instructions because I'm not sure if I should check the empty boxes or not?


      > at that moment, a small empty box will appear at the beginning of each line. Don't touch anything else!

      !! Disconnect, disable your defenses (anti-virus, anti-spyware) and make sure to close all other applications (including browsers)!!


      * Click the [All] button. Check that all lines are checked.

      Thanks for letting me know.
      0
    2. Mike
       
      Hi sKe69,

      Now I understand!

      And here's the ZPHFix report
      ZHPFix v1.12.307 by Nicolas Coolman - Removal report from 03/05/2010 13:27:48
      Registry export file: C:\ZHPExportRegistry-03-05-2010-13.27.48.txt
      Web site: http://www.premiumorange.com/zeb-help-process/zhpfix.html


      Memory processes:
      C:\Users\michel\AppData\Local\Temp\asr64_ldm.exe => Removed and quarantined
      C:\Users\michel\AppData\Roaming\Dr. Guard\drguard.exe => Removed and quarantined

      Memory modules:
      (None)

      Registry keys:
      (None)

      Registry values:
      O4 - HKCU\..\Run: [asr64_ldm.exe] . (.Microsoft Corp. - Logical Disk Manager ASR Utility.) -- C:\Users\michel\AppData\Local\Temp\asr64_ldm.exe => Value successfully removed
      O4 - HKCU\..\Run: [Dr. Guard] . (.No owner - No description.) -- C:\Users\michel\AppData\Roaming\Dr. Guard\drguard.exe => Value successfully removed

      Registry data items:
      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.esnips.com => Data successfully removed

      Folders:
      (None)

      Files:
      c:\users\michel\appdata\local\temp\asr64_ldm.exe => File not found
      c:\users\michel\appdata\roaming\dr. guard\drguard.exe => File not found

      Software:
      (None)

      Registry scripts:
      (None)

      Other:
      (None)


      Summary:
      Memory processes: 2
      Memory modules: 0
      Registry keys: 0
      Registry values: 2
      Registry data items: 1
      Folders: 0
      Files: 2
      Software: 0
      Other: 0


      End of the scan


      It seems that Dr. Guard has disappeared!!!

      If I were you, I would have learned Chinese sooner than this gibberish. Well done! You're a champ against viruses! Please let me know after analyzing the report if there's anything else to do.
      Please, what would be the best defenses to protect the computer?
      I have Avast, Spybot, CCleaner, and Hijackthis. I have the latter, but I don't know how to make it work!!!
      What do you think? Should I add anything else?
      I await your response and thanks again, well done!!!
      1
  • 1
  • 2