Malware Removal Instructions

  • Subscribe to our RSS feed.
  • Twitter
  • StumbleUpon
  • Reddit
  • Facebook
  • Digg

Wednesday, 20 July 2011

How to Remove Zentom System Guard (Uninstall Guide)

Posted on 10:51 by Unknown
Zentom System Guard is a rogue anti-virus program that tries to trick users into paying for the program to remove fictitious virus threats. It's a re-branded version of Antimalware Doctor. The rogue application claims that it has detected viruses on your computer. It displays fake security warnings to scare you into thinking that your computer is infected with malicious software. Do not, under any circumstances, pay for such bogus software. This type of malicious software is very annoying and we totally understand how how frustrating it can be. However, it's worth mentioning that it can't delete your files so you shouldn't worry about that. If you think or confirm that your computer is infected with this fake anti-virus application, scan your computer with legitimate anti-malware software. To remove Zentom System Guard from your computer, please follow the steps in the removal guide below.



Zentom System Guard video:


There are a number of ways that Zentom System Guard gets on your computer, but usually users have no clue as to how they got it. The problem is that rogue security software can appear on your computer without a warning but most of the time cyber crooks use social engineering to trick you into installing their malicious software. For example, this time cyber crooks use fake pop-up window called "System Security Pack Upgrade" that looks just like the legitimate Automatic Windows update screen to trick you into installing Zentom System Guard.

System Security Pack 2010.78.932 (Zentom System Guard Upgrade; KB921472)


Cyber crooks cal also use fake online virus scanners, drive-by-downloads fake codecs and other social engineering tricks. Once installed, Zentom System Guard completes a fake system scan and reports numerous non-existent infections on your computer. Here are some of the fake security alerts you may see when your computer gets infected with Zentom System Guard.


Zentom System Guard - Hacker attack detected
Your computer is subjected to hacker attack. Zentom System Guard has detected that somebody is trying to transfer Your private data via internet. We strongly recommend you to block attack immediately.

Protection Center Alert
To help protect your computer, Zentom System Guard has blocked some features of this program Zentom System Guard has detected unauthorized activity, but unfortunately trial version cannot remove viruses, keyloggers and other treats. Your personal data under serious risk. It is strongly recommended to register Your copy of Zentom System Guard and prevent intrusion for future.
Do You want to block this suspicious software?
Name: Trojan.Win32.Autoit.agg
Alert level: High
Description: It is highly recommended to remove this threat from your PC
If you have accidentally purchased this rogue antivirus program, please contact your credit card company and dispute the charges. The please follow the removal instructions below to remove Zentom System Guard and associated malware from your computer. If you have any questions or need help removing this malware, please leave a comment below. Good luck and be safe online!

Additionally, you can activate the rogue program by entering this registration code MTk4-NzE1-NTYx-NTUw as shown in the image below.



Once this is done, you are free to install anti-malware software and remove the rogue anti-virus program from your computer properly.


Zentom System Guard removal instructions:

1. Download free anti-malware software from the list below and run a full system scan.
  • MalwareBytes Anti-malware
  • SUPERAntispyware
  • Spybot S&D
  • Hitman Pro 3.5
NOTE: in some cases the rogue program may block anti-malware software. Before saving the selected program onto your computer, you may have to rename the installer to iexplore.exe or winlogon.exe With all of these tools, if running Windows 7 or Vista they MUST be run as administrator. Launch the program and follow the prompts. Don't forget to update the installed program before scanning.

If you can't download it, please reboot your computer is "Safe Mode with Networking". As the computer is booting tap the "F8 key" continuously which should bring up the "Windows Advanced Options Menu" as shown below. Use your arrow keys to move to "Safe Mode with Networking" and press Enter key. Open Internet Explorer and download STOPzilla. Once finished, go back into Normal Mode and run it. That's It!

Read more detailed instructions here: http://www.computerhope.com/issues/chsafe.htm


NOTE: Login as the same user you were previously logged in with in the normal Windows mode.


Associated Zentom System Guard files and registry values:

Files:



Windows XP
  • C:\Documents and Settings\[UserName]\Application Data\[SET OF RANDOM CHARACTERS]
  • C:\Documents and Settings\[UserName]\Application Data\[SET OF RANDOM CHARACTERS]\[SET OF RANDOM CHARACTERS].exe
  • C:\Documents and Settings\[UserName]\Application Data\[SET OF RANDOM CHARACTERS]\lsrslt.ini
  • C:\Documents and Settings\[UserName]\Application Data\[SET OF RANDOM CHARACTERS]\local.ini
  • C:\Documents and Settings\[UserName]\Application Data\[SET OF RANDOM CHARACTERS]\hookdll.dll
  • C:\Documents and Settings\[UserName]\Application Data\[SET OF RANDOM CHARACTERS]\enemies-names.txt
  • C:\Documents and Settings\[UserName]\Start Menu\Programs\Zentom System Guard\
  • C:\Documents and Settings\[UserName]\Start Menu\Programs\Startup\Zentom System Guard.lnk
  • C:\Documents and Settings\[UserName]\Start Menu\Programs\Zentom System Guard\Uninstall.lnk
  • C:\Documents and Settings\[UserName]\Start Menu\Programs\Zentom System Guard\Zentom System Guard.lnk
  • C:\Documents and Settings\[UserName]\Desktop\Zentom System Guard.lnk
Windows Vista/7
  • C:\Users\[UserName]\AppData\Roaming\[SET OF RANDOM CHARACTERS]
  • C:\Users\[UserName]\AppData\Roaming\[SET OF RANDOM CHARACTERS]\[SET OF RANDOM CHARACTERS].exe
  • C:\Users\[UserName]\AppData\Roaming\[SET OF RANDOM CHARACTERS]\lsrslt.ini
  • C:\Users\[UserName]\AppData\Roaming\[SET OF RANDOM CHARACTERS]\local.ini
  • C:\Users\[UserName]\AppData\Roaming\[SET OF RANDOM CHARACTERS]\hookdll.dll
  • C:\Users\[UserName]\AppData\Roaming\[SET OF RANDOM CHARACTERS]\enemies-names.txt
  • C:\Users\[UserName]\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Zentom System Guard\
  • C:\Users\[UserName]\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Zentom System Guard.lnk
  • C:\Users\[UserName]\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Zentom System Guard\Uninstall.lnk
  • C:\Users\[UserName]\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Zentom System Guard\Zentom System Guard.lnk
  • C:\Users\[UserName]\Desktop\Zentom System Guard.lnk
Registry values:
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Zentom System Guard
  • HKEY_CURRENT_USER\Software\ZentomSystemGuard
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "[SET OF RANDOM CHARACTERS].exe"
Share this information with other people:
Email ThisBlogThis!Share to XShare to FacebookShare to Pinterest
Posted in Rogue programs | No comments
Newer Post Older Post Home

0 comments:

Post a Comment

Subscribe to: Post Comments (Atom)

Popular Posts

  • Remove ShopperReports (Uninstall Guide)
    ShopperReports is defined as adware or a potentially unwanted program that displays marketing related results in a side pane of the browser...
  • Trojan.MBRlock, Внимание! Ваш компьютер заблокирован
    Trojan.MBRlock is a very disturbing piece of malicious code which infects the master boot record (MBR) and prevents Windows from starting. ...
  • Remove RiskTool.Win32.BitCoinMiner (Uninstall Guide)
    RiskTool.Win32.BitCoinMiner is a risk tool or potentially unwanted application that may use your computer's resources to generate bitco...
  • What is wrtc.exe and how to remove it?
    wrtc.exe - by Perion Network Ltd. What is wrtc.exe? wrtc.exe is a part of IncrediMail software, digitally signed by Perion Network Ltd. This...
  • Remove Rattlingsearchsystem.com (Uninstall Guide)
    Rattlingsearchsystem.com is a ZeroAccess/Sirefef rootkit-related browser hijacker that redirects users to shady websites while searching on...
  • False Positive: Ikarus and Comodo detecting TDSSKiller as a Trojan horse
    This awkward moment when you realize that your favorite rootkit removal utility is detected as malware. I probably wouldn't even have no...
  • Remove TR/ATRAPS.Gen2, removal instructions
    Cyber crooks and third parties that buy stolen data are increasingly using more and more sophisticated techniques, in a variety of different...
  • Remove Ask Search and Ask Toolbar (Uninstall Guide)
    Ask Search and Ask Toolbar are very often incorrectly classified as virus/spyware that may cause search redirects. The majority of us pref...
  • Remove Windows Attention Utility (Uninstall Guide)
    Windows Attention Utility is a rogue security application that generates misleading warnings about nonexistent viruses and attempts to lure...
  • Remove "System Check" (Uninstall Guide)
    System Check is malicious software posing as Windows system utility. Although, it may look like a real thing, it isn't! You are actuall...

Categories

  • Adware
  • Answers
  • Antivirus software
  • Browser Hijackers
  • Cloud Computing
  • Fake Alerts
  • Giveaways
  • Hoax
  • How-To
  • IaaS
  • Internet
  • Malicious websites
  • Malware
  • PaaS
  • Parental Controls
  • Passwords
  • Phishing
  • Process Information
  • Ransomware
  • Rogue programs
  • Rootkits
  • SaaS
  • Security Advisories
  • Spam
  • Spyware
  • Trojans
  • Viruses
  • Web Browsers
  • Worms

Blog Archive

  • ►  2013 (173)
    • ►  December (6)
    • ►  November (13)
    • ►  October (11)
    • ►  September (20)
    • ►  August (4)
    • ►  July (17)
    • ►  June (31)
    • ►  May (25)
    • ►  April (15)
    • ►  March (17)
    • ►  February (7)
    • ►  January (7)
  • ►  2012 (86)
    • ►  November (2)
    • ►  October (4)
    • ►  September (6)
    • ►  August (6)
    • ►  July (11)
    • ►  June (1)
    • ►  May (5)
    • ►  April (7)
    • ►  March (7)
    • ►  February (17)
    • ►  January (20)
  • ▼  2011 (239)
    • ►  December (8)
    • ►  November (18)
    • ►  October (21)
    • ►  September (24)
    • ►  August (28)
    • ▼  July (32)
      • How can I tell if my computer is infected?
      • How do I know if I have spyware on my computer?
      • Remove "Your computer is infected with Spyware!" A...
      • Norton AntiVirus ENHANCED PROTECTION MODE
      • Microsoft Defender ENHANCED PROTECTION MODE
      • Microsoft Security Essentials ENHANCED PROTECTION ...
      • McAfee ENHANCED PROTECTION MODE
      • Dr.Web ENHANCED PROTECTION MODE
      • Comodo ENHANCED PROTECTION MODE
      • Avira AntiVir ENHANCED PROTECTION MODE
      • Remove "Avast ENHANCED PROTECTION MODE" Trojan (Un...
      • Remove "Your codec version is too old" (Uninstall ...
      • How to Remove Total Protect (Uninstall Guide)
      • How to Remove Zentom System Guard (Uninstall Guide)
      • Remove www5.antimalware-lab.com (Uninstall Guide)
      • Remove Jucheck.exe Trojan (Uninstall Guide)
      • How to Remove BlueFlare Antivirus (Uninstall Guide)
      • What Is Cloud Computing? Defining the Cloud
      • IaaS - Cloud Computing
      • PaaS - Cloud Computing
      • SaaS - Cloud Computing
      • How to Remove Scour (Uninstall Guide)
      • How to Remove System Repair (Uninstall Guide)
      • Are there any safe adult websites that won't give ...
      • Remove Windows XP Fix, Windows Vista Fix or Window...
      • "System process at address 0x3BC3 have just crashe...
      • How to Remove Anti-Malware Lab (Uninstall Guide)
      • How do I block a website on Google Chrome?
      • How to Remove Personal Shield Pro (Uninstall Guide)
      • How to Create a Strong Password
      • Remove Windows Supervision Center (Uninstall Guide)
      • Remove TR/VB.Agent.20480.A (Uninstall Guide)
    • ►  June (16)
    • ►  May (23)
    • ►  April (15)
    • ►  March (16)
    • ►  February (9)
    • ►  January (29)
  • ►  2010 (2)
    • ►  December (2)
Powered by Blogger.

About Me

Unknown
View my complete profile