Monday, November 3, 2008

DriveGuard.exe Virus removal

Symptoms:
DriveGuard is Microsoft tool for removal drive protection but if you not installed it and it shows in TaskManager as DriveGuard.exe it should be malware.

How to Remove:
1. Open Task Manager and End process DriveGuard.exe
2. Run regedit and search for "DriveGuard.exe"
3. Delete all entries with "DriveGuard.exe" (be careful while edit registry)
4. Also delete folder C:\Program Files\WinDriveGuard
5. Reboot the machine and check entry in task manager with DriveGurad.exe. It should not appear there.

firefox.exe malware removal

Symptoms:
If you find firefox.exe process in task manager with around 3100k size than it is malware.
If you run Ccleaner than it gives message of opened firefox although firefox is not running.

To remove from the system(Windows).
1. boot system in safe mode.
2. run regedit
3. search for the "Stubpath" enetry
4. Mostly It shows "SecSecurity.exe"
5. Delete all "Stubpath" entries from registry ( Be Careful while edit Registry)
6. also remove SecSecurity.exe from Windows\System32
7. Boot in Normal mode
8. check in task manager not entry of firefox.exe around 3100k ( real Firefox entry is more in size)