Security Guard Removal

Related to Cleanup Antivirus, Security Guard is a rogue antivirus program that manifests itself on user systems and tries to trick users into purchasing its license using various security warnings. Security Guard gets installed on a user’s computer via Trojans that get downloaded from malicious websites. Once installed, Security Guard creates a large number of fake files on the hard disk of the computer. It will also perform endless fake virus scans on the system and generate reports that state that the system is under heavy threat from a large number of virus infections, flagging the previously created harmless files as those belonging to dangerous malware applications. Security Guard also displays a large number of fake pop-ups from the Windows taskbar, warning of non-existent virus threats. This malicious program also hijacks your browser and gives false warnings of online security threats. Meanwhile, Security Guard constantly urges the user to purchase a license to the ‘full’ version of the software, claiming that the currently installed ‘trial’ version cannot properly clean the detected ‘threats’. However, it is important to remember that Security Guard is a fake program and therefore none of its versions can scan or clean any computer system.

Security Guard

As soon as you find a copy of this malicious software on your computer, you should take steps to remove Security Guard. Security Guard removal is a process which involves the stopping of processes, the unregistering of DLLs, deletion of files and folders and the removal of registry entries.

File Removal Procedures

The first step you need to take in order to delete Security Guard is to stop the following processes:

  • SG345d.exe
  • cb.exe
  • energy.exe
  • exec.exe
  • grid.exe
  • kernel32.exe
  • SICKBOY.exe

The next step in Security Guard removal is to unregister the following DLL files:

  • mozcrt19.dll
  • sqlite3.dll
  • cid.dll
  • eb.dll

Next, it is necessary to remove the following files and folders:

  • c:\Documents and Settings\All Users\Application Data\345d567
  • c:\Documents and Settings\All Users\Application Data\345d567\24.mof
  • c:\Documents and Settings\All Users\Application Data\345d567\mozcrt19.dll
  • c:\Documents and Settings\All Users\Application Data\345d567\SG345d.exe
  • c:\Documents and Settings\All Users\Application Data\345d567\SGD.ico
  • c:\Documents and Settings\All Users\Application Data\345d567\sqlite3.dll
  • c:\Documents and Settings\All Users\Application Data\345d567\BackUp\
  • c:\Documents and Settings\All Users\Application Data\345d567\Quarantine Items\
  • c:\Documents and Settings\All Users\Application Data\345d567\SGDSys\
  • c:\Documents and Settings\All Users\Application Data\345d567\SGDSys\vd952342.bd
  • c:\Documents and Settings\All Users\Application Data\SGZIQYEXRD
  • c:\Documents and Settings\All Users\Application Data\SGZIQYEXRD\SGWNLED.cfg
  • %UserProfile%\Application Data\Security Guard
  • %UserProfile%\Application Data\Security Guard\cookies.sqlite
  • %UserProfile%\Application Data\Security Guard\Instructions.ini
  • %UserProfile%\Desktop\Security Guard.lnk
  • %UserProfile%\Recent\ANTIGEN.sys
  • %UserProfile%\Recent\ANTIGEN.tmp
  • %UserProfile%\Recent\cb.exe
  • %UserProfile%\Recent\cid.dll
  • %UserProfile%\Recent\ddv.sys
  • %UserProfile%\Recent\eb.dll
  • %UserProfile%\Recent\eb.drv
  • %UserProfile%\Recent\energy.exe
  • %UserProfile%\Recent\exec.exe
  • %UserProfile%\Recent\exec.tmp
  • %UserProfile%\Recent\fan.drv
  • %UserProfile%\Recent\fix.tmp
  • %UserProfile%\Recent\grid.exe
  • %UserProfile%\Recent\kernel32.exe
  • %UserProfile%\Recent\runddlkey.drv
  • %UserProfile%\Recent\SICKBOY.exe
  • %UserProfile%\Recent\tempdoc.tmp
  • %UserProfile%\Start Menu\Security Guard.lnk
  • %UserProfile%\Start Menu\Programs\Security Guard.lnk
  • c:\Program Files\Mozilla Firefox\searchplugins\search.xml

Once the above files have been deleted, Security Guard no longer resides on your hard disk.

Registry Removal Procedures

Removing files and folders alone is not sufficient to completely remove Security Guard. The following keys and settings should also be removed from the Windows registry to complete Security Guard removal:

  • HKEY_CURRENT_USER\Software\3
  • HKEY_CLASSES_ROOT\SG345d.DocHostUIHandler
  • HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes “URL” = “http://findgala.com/?&uid=1002&q={searchTerms}”
  • HKEY_CURRENT_USER\Software\Classes\Software\Microsoft\Internet Explorer\SearchScopes “URL” = “http://findgala.com/?&uid=1002&q={searchTerms}”
  • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer “PRS” = “http://127.0.0.1:27777/?inj=%ORIGINAL%”
  • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download “RunInvalidSignatures” = “1″
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform “layout/2.01002″
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “Security Guard”
  • HKEY_CLASSES_ROOT\Software\Microsoft\Internet Explorer\SearchScopes “URL” = “http://findgala.com/?&uid=1002&q={searchTerms}”

Once you have cleaned the registry, your computer is safe from Security Guard. Additionally, a full system scan using Spyware Doctor with Antivirus genuine security product may proof extremely useful as additional malicious components may still be present in the operating system’s file structure.

Conclusion

It is not recommended for inexperienced users to attempt to delete Security Guard manually, as any mistake made during removal could result in your system getting damaged. Therefore, inexperienced users are advised to use a web-based repair service such as www.onlinecomputerrepair.org or even legitimate antivirus software such as Spyware Doctor with Antivirus in order to properly and safely remove Security Guard.