Zentom System Guard

Posted: July 18, 2011

Threat Metric

The Threat Meter is a malware assessment that SpywareRemove.com's research team is able to give every identifiable malware threat. Our Threat Meter includes several criteria based off of specific malware threats to value their severity, reach and volume. The Threat Meter is able to give you a numerical breakdown of each threat's initial Threat Level, Detection Count, Volume Count, Trend Path and Percentage Impact. The overall ranking of each threat in the Threat Meter is a basic breakdown of how all threats are ranked within our own extensive malware database. The scoring for each specific malware threat can be easily compared to other emerging threats to draw a contrast in its particular severity. The Threat Meter is a useful tool in the endeavor of seeking a solution to remove a threat or pursue additional analytical research for all types of computer users.

The following fields listed on the Threat Meter containing a specific value, are explained in detail below:

Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.

Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.

Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.

Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.

% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.

Threat Level:	10/10
Infected PCs:	124

First Seen:	July 20, 2011
Last Seen:	February 25, 2023
OS(es) Affected:	Windows

Zentom System Guard is a rogue security program that creates infection-filled scanner results and fake system alerts to make you believe that your PC is under attack from multiple sources. After inciting panic, Zentom System Guard will try to make you purchase Zentom System Guard, supposedly to get rid of these imaginary computer threats. However, you can ignore Zentom System Guard's warnings and other fake information, since Zentom System Guard has no real ability to find or delete infections or other system problems. To delete Zentom System Guard with a minimum of trouble, use a high-quality security program while Zentom System Guard itself is disabled; the latter can most easily be done in Safe Mode.

A Preemptive Defense Against Zentom System Guard Infection

Zentom System Guard is a recent rogue security application that already has, at least, one clone out, the identical Zentom System Guard Protection. You may download Zentom System Guard accidentally from a website that pretends that Zentom System Guard is a real security product, but it's more likely that your PC will be infected through deceptive means.

One common method used by rogue security program is to use fake online scanners that are embedded in websites or advertisements. These scanners pretend to find infections on your PC, and then ask you to download some kind of security program, which is almost always Zentom System Guard or another rogue security application. This form of infection is a very accurate prelude to what awaits you with Zentom System Guard on your PC.

In other cases, you may be infected by Zentom System Guard silently, after having become infected by a related Trojan such as Zlob or Fake Microsoft Security Essentials Alert. Disable Flash and JavaScript and use updated web browsers and security software to avoid these hidden rogue security program installers.

When Zentom System Guard Steps onto Your Computer

Although Zentom System Guard's infection methods are rather dainty, its attacks once Zentom System Guard is on your PC, are quite blunt. Zentom System Guard will launch itself without your permission whenever Windows starts, and create persistent error messages and scanner displays that indicate that your hard drive is brimming over with infections and other problems.

Some other attacks that are also associated with rogue security programs that are similar to Zentom System Guard include:

Browser hijacks. Hijacks use various means to redirect you from one website to another one. This is done for the dual purposes of blocking you from PC security websites and forcing you to go to Zentom System Guard's website and purchase page.
Applications that refuse to run. Zentom System Guard may prevent you from using an anti-virus scanner or standard Windows applications, amongst other things. You shouldn't pay any attention to Zentom System Guard's attempts to make these programs look as though they're infected.
General system problems such as slowdown, trouble viewing files in Windows Explorer and low system memory. Since Zentom System Guard will try to keep itself active all the time, you should assume that Zentom System Guard is the cause of all of the above problems until you've managed to deactivate and delete Zentom System Guard.

Because Zentom System Guard changes the Windows Registry, manual deletion of Zentom System Guard's files is a less than ideal deletion method. Consider using a good anti-virus program in Safe Mode to remove Zentom System Guard with no side effects.

Technical Details

File System Modifications

Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.

The following files were created in the system:

C:\Documents and Settings\<username>\Application Data\F6EDEB5506B2D31CE66D78C4F7EBBB25\hookdll.dll

File name: hookdll.dll
Size: 16.89 KB (16896 bytes)
MD5: 0aebcc563df1a5a7f8996df00ae16c69
Detection count: 23
File type: Dynamic link library
Mime Type: unknown/dll
Path: C:\Documents and Settings\<username>\Application Data\F6EDEB5506B2D31CE66D78C4F7EBBB25\hookdll.dll
Group: Malware file
Last Updated: October 23, 2021

C:\Documents and Settings\<username>\Application Data\F6EDEB5506B2D31CE66D78C4F7EBBB25\vcc70dep2r.exe

File name: vcc70dep2r.exe
Size: 1.7 MB (1705984 bytes)
MD5: 21872480abb724db4b9c2bec68bab7f7
Detection count: 16
File type: Executable File
Mime Type: unknown/exe
Path: C:\Documents and Settings\<username>\Application Data\F6EDEB5506B2D31CE66D78C4F7EBBB25\vcc70dep2r.exe
Group: Malware file
Last Updated: October 23, 2021

%AppData%\[RANDOM CHARACTERS]\

File name: %AppData%\[RANDOM CHARACTERS]\
Group: Malware file

%AppData%\[RANDOM CHARACTERS]\[RANDOM CHARACTERS].exe

File name: %AppData%\[RANDOM CHARACTERS]\[RANDOM CHARACTERS].exe
File type: Executable File
Mime Type: unknown/exe
Group: Malware file

%AppData%\[RANDOM CHARACTERS]\hookdll.dll

File name: %AppData%\[RANDOM CHARACTERS]\hookdll.dll
File type: Dynamic link library
Mime Type: unknown/dll
Group: Malware file

%AppData%\[RANDOM CHARACTERS]\lsrslt.ini

File name: %AppData%\[RANDOM CHARACTERS]\lsrslt.ini
Mime Type: unknown/ini
Group: Malware file

%AppData%\[RANDOM CHARACTERS]\local.ini

File name: %AppData%\[RANDOM CHARACTERS]\local.ini
Mime Type: unknown/ini
Group: Malware file

%AppData%\[RANDOM CHARACTERS]\enemies-names.txt

File name: %AppData%\[RANDOM CHARACTERS]\enemies-names.txt
Mime Type: unknown/txt
Group: Malware file

%AppData%\Microsoft\Internet Explorer\Quick Launch\Zentom System Guard.lnk

File name: %AppData%\Microsoft\Internet Explorer\Quick Launch\Zentom System Guard.lnk
File type: Shortcut
Mime Type: unknown/lnk
Group: Malware file

%StartMenu%\Zentom System Guard.lnk

File name: %StartMenu%\Zentom System Guard.lnk
File type: Shortcut
Mime Type: unknown/lnk
Group: Malware file

%StartMenu%\Programs\Startup\Zentom System Guard.lnk

File name: %StartMenu%\Programs\Startup\Zentom System Guard.lnk
File type: Shortcut
Mime Type: unknown/lnk
Group: Malware file

%StartMenu%\Programs\Zentom System Guard\

File name: %StartMenu%\Programs\Zentom System Guard\
Group: Malware file

%StartMenu%\Programs\Zentom System Guard\Uninstall.lnk

File name: %StartMenu%\Programs\Zentom System Guard\Uninstall.lnk
File type: Shortcut
Mime Type: unknown/lnk
Group: Malware file

%StartMenu%\Programs\Zentom System Guard\Zentom System Guard.lnk

File name: %StartMenu%\Programs\Zentom System Guard\Zentom System Guard.lnk
File type: Shortcut
Mime Type: unknown/lnk
Group: Malware file

%UserProfile%\Desktop\Zentom System Guard.lnk

File name: %UserProfile%\Desktop\Zentom System Guard.lnk
File type: Shortcut
Mime Type: unknown/lnk
Group: Malware file

Registry Modifications

The following newly produced Registry Values are:

File name without pathZentom System Guard.lnkRegexp file mask%AppData%\????????????????????????????????\newsecureapp70700.exe

Additional Information

The following messages's were detected:

#	Message
1	Firewall file transfer detected Hidden file transfer to remote host was detected Zentom System Guard has detected that somebody is trying to transfer Your private data via internet. We strongly recommend you to block attack immediately.
2	Network intrusion detected! Warning! Network attack detected! Process is trying to steal your passwords listed below. It is highly recommended to block this threat now. Your computer is being attacked from a remote PC. Attack from: 145.7.151.43:34630
3	Protection Center Alert To help protect your computer, Zentom System Guard has blocked some features of this program Zentom System Guard has detected unauthorized activity, but unfortunately trial version cannot remove viruses, keyloggers and other treats. Your personal data under serious risk. It is strongly recommended to register Your copy of Zentom System Guard and prevent intrusion for future. Do You want to block this suspicious software? Name: Trojan.Win32.Autoit.agg Alert level: High Description: It is highly recommended to remove this threat from your PC
4	Trojan.Spy threat has been detected. This threat module advertises websites with explicit content. Be advised of such content being possibly illegal. Please click button below to locate and remove this threat now.
5	Warning! Removed attack detected! Zentom System Guard has detected that somebody is trying to stole Your private data remotely via Trojan.Win32.Generic!BT. Transfer for Your private data via internet will start in: 10 seconds We strongly recommend You to block attack immediately.
6	Warning! Threat detected! Threat module detected on your PC! Zlob.Porn.Ad threat has been detected. This threat module advertises websites with explicit content. Be advised of such content being possibly illegal. Please click button below to locate and remove this threat now.
7	Warning! Infections on your PC can cause: - Applications won't start - Unwanted advertising displaying - Loss of Internet communication - Lost documents and settings - Some files can disappear from PC - You need registered version of Zentom System Guard to remove these infections. Click "Remove threats" to activate protection and eliminate these security hazards.
8	Zentom System Guard - Hacker attack detected Your computer is subjected to hacker attack. Zentom System Guard has detected that somebody is trying to transfer Your private data via internet. We strongly recommend you to block attack immediately.

3 Comments

Bill Parsons says:

August 11, 2011 at 11:24 am

I tried removing all of the files but Zentom keeps coming back each time I restart my PC. What gives? How do you remove this junk so it wont come back. One of my friends said to take my pc to geek squad but they want to charge me just for bringing my PC in on top of the service fee. What do I do. I want to try your solution but it costs also but a heck of a lot less than those geek squatters at best buy. Wish me luck!
Beeek says:

September 26, 2011 at 11:51 am

Having the same problem, were you ever able to find an easy solution?
Sandy Panico says:

June 10, 2012 at 11:48 pm

I had no idea what was happening or what was going to happen with this program. I downloaded Zentom accidentally, a few months ago. And for a while things were quirky but not anything alarmingly obvious, until today. I lost my antivirus software and my computer would not shut down normally. I spent two hours on the phone with Dell, and lucky for me, they were able to remove it, via remote access. It took some doing but they got it off, and now I'm infection free. I strongly recommend that anyone who has this on their computer, at the early signs of it's infection. Get help, get rid of it, and never download it again. Go to your tech support people, yes, it's money, but well worth it, and let them help you delete the rogue software. And don't download anything off the net, please, check with your tech advisor before downloading anything.