Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trouble Removing "Guard Online" Virus


  • Please log in to reply
1 reply to this topic

#1 ArcaneKnight

ArcaneKnight

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:08:52 AM

Posted 24 October 2011 - 12:55 PM

I have been using McAfee total protection for a number of years, and never really had any problems with it. I also try to run an Ad-Aware, and Spybot Search and Destroy scan about once a week. My subscription to McAfee expired, and it was about a month later that I was finally able to renew it. I ended up redownloading and updating McAfee when I renewed my subscription. I decided to run a virus scan right away once it completed updating, and it got to 98% when suddenly a pop-up for "Guard Online" came up. I knew full well that I had no such program on my computer, so I immediately took it as a virus. For anybody who is familiar with the virus, when it comes up it pretty much locks down your computer so you can't do anything, even claiming that you can't open your task manager as well. I ended up having to shut the computer down illegally, and left it off for awhile while I did some research on removing the virus via my laptop. After reading about removing the virus on a couple websites, included this one, I started my counter-attack. First I downloaded Malwarebytes' Anti-Malware, and ran a full scan in safe mode. It found around 3,000 items the first time, and I had the program remove the files. I immediately decided to let it scan again, and this time it found over 4,000 items. The third time it scanned it only found 18, and I was finally able to at least boot up my computer in normal mode. I then read on another website that I should try right clicking on the "Guard Online" icon that got placed on my desktop, and locate the source file. I was then told to rename the file, and restart my computer. After restarting the computer, I was supposed to delete the file that I renamed, and then empty my recycle bin. After which I ran another scan with Malwarebytes, and it didn't end up finding any items.

Unfortunately that while I know I've crippled it, something is still present on my computer and causing it some problems. I am able to run my programs alright for the most part, but now I keep getting a pop-up in the lower right corner of my screen, telling me that McAfee as blocked a Trojan. Malwarebytes also keeps having a similar popup, saying that it blocked malicious content that is "outgoing".

I'm kind of at a loss as to what I should do now, and any advice would be greatly appreciated.

BC AdBot (Login to Remove)

 


#2 Guest_sundar7701_*

Guest_sundar7701_*

  • Guests
  • OFFLINE
  •  

Posted 26 October 2011 - 08:17 AM

Peoplw who get affected by AV guard or open cloud security rogues will most likely get infected by 64 bit zaccess rootkit

MBAM finding lot of infections(4000) is another symptom of 64 bit zacccess rootkit.


Check for C:/WINDOWS/SYSTEM64 (not the sysWOW64 folder)

if u have it then i can confirm that is a 64 bit zaccess rootkit.
With the information you have provided I believe you will need help from the malware removal team.
Please make sure that you read the information about getting started first.

http://www.bleepingcomputer.com/forums/topic34773.html


Then start a new thread HERE and include or required logs.

http://www.bleepingcomputer.com/forums/forum22.html

Including a link to this thread will be helpful.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users