sysguard.exe

By: webmaster | Under: EXE Files

26 Jan

Filename:
sysguard.exe

Related to:
Spyware Protect 2009

File Directory:
%Windir%\

Startup Type:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\”sysguard” = “%Windir%\sysguard.exe”

Removal and Protection:
Deleting the file sysguard.exe will not help in removing the threat on computer. Antivirus and Anti-Spyware Software are recommended for automatic removal and protection.

17 Responses for "sysguard.exe"

Laura February 7th, 2009 at 7:25 pm 1
wow, i was able to find it and get rid of the link thing, but it’s not allowing me to get online or anything else. i’ve had norton 360 for quite some time and i don’t understand how i got the virues even with it, my subscription is competely up to date
The tech February 28th, 2009 at 9:10 pm 2
it is not a virus. It is malware. 360 by symantec protects you from known viruses.. etc.
Brandon March 6th, 2009 at 5:27 pm 3
@ laura, that program is useless.
Wickenstein March 23rd, 2009 at 4:45 pm 4
You can START>RUN>SEARCH for sysguard.exe. You should find it here>>>
C:\WINDOWS\Prefetch\
delete the file with the name SYSGUARD*…
and here>>>
C:\WINDOWS\sysguard.exe
You may also find it using start>run>msconfig startup tab – sysguard.exe
disable it there, but do the other 2 first. It may be gone @ next start up. Next time, don’t visit that nudie site! hahah

Good luck.
Awil Avast found it too.
Collin March 25th, 2009 at 7:17 pm 5
My work PC had this. I located the file name on the task manager, searched my hard drive for the file name, select the file properties, then the security and denied every permission. It hasn’t come back yet. I’m using this as a short term solution.
adolph March 26th, 2009 at 1:18 am 6
You can find out the file the program is using by waiting until the real popup window comes up on your desktop and right-clicking over the titlebar at the top of the popup window.

Then select properties

This will give you the name and location of the command file (i.e. C:WINDOWSsysguard.exe)

Now that you know the name of the file and location, you can go from there deleting it and eliminating the registry keys associated with it.

———————————————————————
(in addition i had to do the below to get rid of the I.E. redirect the sysguard.exe created.)

1) Open Registry Editor:
Start > Run > type “regedit” (without the quotes)

2) Delete Registry entry
*Always export the registry to your hard drive as a backup before editing it. (File > Export)
Select HKEY_CURRENTUSER > SOFTWARE > AVSCAN
Right click on the AV Scan folder and select Delete.

Also, you may need to delete the sysguard from the startup programs list. It is found under the HKEY_LOCALMACHINE > Software > Microsoft > Shared Tools > Startupreg

Delete the folder containing the command to launch sysguard at startup. Highlight the folders to see the command lines for the registry entry. If it says sysguard.exe, delete it.

After deleting the files from your hard drive and deleting the registry keys, the virus is now gone for good! Don’t forget to empty your recycle bin!
Jesse April 2nd, 2009 at 4:51 pm 7
Great information people!! Thank you for all the expert advise!!! Boy, I wish this kind of info was more accessible on the internet!!
Adolph you kick ass!!

Hailz~
Sandra Willis April 6th, 2009 at 11:16 am 8
I have been trying to get rid of this thing for two days with no success. What security program do you recommend? I don’t want to be messing with this forever. Is there a program that will just do it after I install it? Who is responsible for this shit anyway? I would love to send them an email….at least.
Thanks
Gregg April 23rd, 2009 at 12:52 am 9
Thanks for your help. I finally have this stupid program gone.
JC April 23rd, 2009 at 9:28 pm 10
After deleting the sysguard.exe (or whatever version exe it is using), remove it from your registry as well with regedit. Make sure your browsers are all closed first. It also changes your proxy settings to something like localhost:7171. The port might vary. If you remove all of the proxies (with regedit too), you can then browse the internet. That’s at least a start to fixing the problem.
EG May 19th, 2009 at 6:24 pm 11
easy removal directions people, great job. I found the reg, windows local an i always delete all in prefect but the avscan in sofware i missed TY ADOLF!!

If I may add, the second i found i had it it came from Jengo, i rebooted into safe mode. took me ten min to find remove and on my way… thank god for two PC’s or i wouldn’t have been able to find the fix …lol
jim July 3rd, 2009 at 4:53 pm 12
Thanks for the info
Sharon December 5th, 2009 at 12:40 am 13
I found the file but are unABLE TO DELETE IT .IT wont let me.tried to get into Regedit and it wont let me
Sharon December 5th, 2009 at 2:35 am 14
I was able to finally get into safe mode and did it all .It worked like a charm .Thankyou so much
Shawn December 12th, 2009 at 6:03 pm 15
Well I got this last week and these instructions helped. I now have it on my other computer but it has changed.

New name: yhkosysguard.exe

It has taken away my regedit abilities (no others tho) and so these instructions aren’t helping.

Merry Christmas!!! And feedback be my guest
TJ January 19th, 2010 at 3:29 am 16
Working on fixing a computer that has this. Doesn’t have all the files in windows but had a file named bttfsysguard.exe-050c006a.pt in c:\prefetch and then a bttfsysguard.exe in c:\documents and settings\(user)\local settings\application data\qxgdrs. Then I found 2 reg enteries by searching on the bttf. One was in the run, don’t remember where the other one was.

As for the person that can’t get in to the regedit. Boot the machine in safe mode by hitting F8 when it first is booting up and then pick safe mode, probably best if you do without network support. Then when it is booted up you will not see a run command in your start. What you need to do is and alt ctrl del to bring up your task manager. From there go to file and new task which is pretty much run and type in your regedit and you should be able to do it from there. Sure you have probably fixed it by now but maybe it will help someone else for the future.
Max Siles January 20th, 2010 at 9:15 pm 17
Hi, I had a Windows XP, SP3 computer infected with the “Antivirus Live” nasty little demon. Here is what I did to remove it:

Logged on as Administrator
Launched msconfig command from Run (remember, this is an XP computer)
Restored the system to a couple of days back

Once the computer rebooted, I installed MalwareBytes and ran the complete scan. In this case, it found 9 entries of malware on the registry. I removed them and rebooted the computer.

I hope this helps someone else out there.