Os-guard2010.com
Os-guard2010.com is a deceitful website that was created to advertise the rogue anti-spyware program Antivirus Live. Os-guard2010.com cannot be trusted as the language suggests that you will need to purchase a full version of Antivirus Live to remove detected parasites. Not only is this a scam, but you will end up the potentially other parasites installed on your system from the Os-guard2010.com website.
File System Modifications
- The following files were created in the system:
# File Name 1 %WINDOWS%\sysguard.exe 2 %WINDOWS%\system32\iehelper.dll
Registry Modifications
- The following newly produced Registry Values are:
HKEY..\..\..\..{Subkeys}HKEY_CURRENT_USER\Software\AvScanHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "system tool"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BAD4551D-9B24-42cb-9BCD-818CA2DA7B63}HKEY..\..\..\..{RegistryKeys}HKEY_CLASSES_ROOT\CLSID\{BAD4551D-9B24-42cb-9BCD-818CA2DA7B63}
Hi
I was just infected by this file and it was hiding in the computer while stopping any attempt to activate the TakManager , cmd.exe or any other program
After restart be fast and activate the Task manager which load before the process, than look for the process name and kill it.
open the command line and type msconfig to upload the system restart tool and deactivate it from the restart tab so the process will stop loading itself
hope its clear as it took me an hour to find it
I checked the exe file and under properties I saw it was created by a guy name Guy Tzur - he wasent smart enough to remove his name from the exe... I hope I will get this guy soon