Wednesday, March 10, 2010

Manual removal of malwares [sftav, sysguard, aabxam, and avscan

Disable LAN

  1. If possible, kill the following processes in Task Manager:

a. [RANDOM CHARACTERS]sysguard.exe, for example ghrtsysguard.exe


  1. Remove These Registry entries:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "[random characters]"

HKCU\Software\Microsoft\Windows\CurrentVersion\Run "[random charaters]"

HKCU \Software\Microsoft\Windows\CurrentVersion\Policies\Attachments "SaveZoneInformation" = "1"

HKCU \Software\Microsoft\Windows\CurrentVersion\Internet Settings "ProxyServer" = "http="

HKCU \Software\Microsoft\Windows\CurrentVersion\Policies\Associations "LowRiskFileTypes" = ".exe"

HKCU\Software\Microsoft\Internet Explorer\Download "RunInvalidSignatures" = "1"

HKCU \Software\Microsoft\Windows\CurrentVersion\Internet Settings "ProxyOverride" = ""

HKCU \Software\AvScan

  1. Search and Remove These Files

%UserProfile%\Local Settings\Application Data\[random characters]\

%UserProfile%\Local Settings\Application Data\[random characters]\[random characters]sysguard.exe

%UserProfile%\Local Settings\Application Data\[random characters]\[random characters]sftav.exe

  1. Search registry for the following keywords (Note: You must use wildcards)
    1. *sftav*
    2. *sysguard*
    3. *aabxam*
    4. *avscan*
  2. Search computer for the following keywords
    1. *sftav*
    2. *sysguard*
    3. *aabxam*
    4. *avscan*
  3. Go to Internet Options à Connections tab à LAN Settings à Uncheck “Use proxy settings for your LAN…”

Thanks for the info RP!