Home | Spyware List | Search Spyware | Bookmark | Link to us
spyware removal instructions
> Spyware Encyclopedia Page 107 > PSGuard

PSGuard removal

Spyware PSGuard Information
Name: PSGuard
Category: Trojan
Date: 2005-10-17
Dangerous: Yes
PSGuard is a malicious anti-spyware software that performs those actions usually done by trojan horses. It uses a root-kit to keep registry key HKEY_LOCAL_MACHINE\SOFTWARE\ShudderLTD (with its child keys and values) protected. PSGuard is able to do this by using a well known exploit [difference between Win32 and Native APIs]. Having this nasty corrupt anti-spyware program on your computer makes it insecure, you should deal with it as soon as possible.
This Trojan is also known as:
ps guard
>> Delete PSGuard automatically - Download Spyware Doctor

PSGuard Removal Instructions
Kill the following processes
psguardinstall.exe, uninstall.exe, psguard.exe, psguardinstall[1].exe
Unregister the following DLLs and reboot
core.dll, localization.dll, wndsystem.dll in Program Files\psguard\
Delete these registry entries
HKEY_LOCAL_MACHINE\software\shudderltd\psguard\psguard installationid
HKEY_LOCAL_MACHINE\software\shudderltd\psguard versioninfo
HKEY_LOCAL_MACHINE\software\shudderltd\psguard updateinterval
HKEY_LOCAL_MACHINE\software\shudderltd\psguard startatwinstartup
HKEY_LOCAL_MACHINE\software\shudderltd\psguard scanonstartup
HKEY_LOCAL_MACHINE\software\shudderltd\psguard scan_priority
HKEY_LOCAL_MACHINE\software\shudderltd\psguard scan_depth
HKEY_LOCAL_MACHINE\software\shudderltd\psguard resourcedll
HKEY_LOCAL_MACHINE\software\shudderltd\psguard registrationurl
HKEY_LOCAL_MACHINE\software\shudderltd\psguard quarantinelocation
HKEY_LOCAL_MACHINE\software\shudderltd\psguard performupdate
HKEY_LOCAL_MACHINE\software\shudderltd\psguard minonstartup
HKEY_LOCAL_MACHINE\software\shudderltd\psguard mguid
HKEY_LOCAL_MACHINE\software\shudderltd\psguard installdir
HKEY_LOCAL_MACHINE\software\shudderltd\psguard enablertmonitoring
HKEY_LOCAL_MACHINE\software\shudderltd\psguard databasefile
HKEY_LOCAL_MACHINE\software\shudderltd\psguard alwaysblockwhennoav
HKEY_LOCAL_MACHINE\software\shudderltd\psguard alwaysblockchanges
HKEY_CLASSES_ROOT\typelib\{f61d1ce1-5199-4b57-b59e-c6819ea92f3b}
HKEY_CLASSES_ROOT\typelib\{982392f9-9c65-48b4-b667-3459c46630d1}
HKEY_CLASSES_ROOT\interface\{f4364eec-31f5-4b8b-a7e0-3b6394c9d23f}
HKEY_CLASSES_ROOT\interface\{f100a342-3ac5-47ff-b5b3-fcdb6fc9f016}
HKEY_CLASSES_ROOT\interface\{e0d6c30a-b9a3-4181-8099-3b0d5a2b98af}
HKEY_CLASSES_ROOT\interface\{d6a7d177-0b2f-4283-b2e8-b6310a45e606}
HKEY_CLASSES_ROOT\interface\{d5d6e9b5-30d5-4457-ac8b-399205f50411}
HKEY_CLASSES_ROOT\interface\{cf1674cc-ec9a-4aee-996e-65a8f7c0b0e4}
HKEY_CLASSES_ROOT\interface\{cb9385ab-8541-4b2f-a363-48f64c612993}
HKEY_CLASSES_ROOT\interface\{c6e2a22c-b3a8-43a4-b5ec-a5bb671ab3f7}
HKEY_CLASSES_ROOT\interface\{b803d266-a08d-4a4c-9604-6d35689abe09}
HKEY_CLASSES_ROOT\interface\{b26b5883-f15f-4283-b3d5-a1728077de47}
HKEY_CLASSES_ROOT\interface\{a917b2f3-a9bf-477c-a0e3-0382d0376159}
HKEY_CLASSES_ROOT\interface\{a20f5672-7486-4d27-bd2b-e555e4692c5f}
HKEY_CLASSES_ROOT\interface\{a00e2305-7001-4200-ba00-5779f9a3e7d3}
HKEY_CLASSES_ROOT\interface\{8ec33b7d-9953-4edb-ace2-d4c105968601}
HKEY_CLASSES_ROOT\interface\{8b6c0168-baac-4c7c-911e-0132590f5661}
HKEY_CLASSES_ROOT\interface\{7b6a3434-8625-4abf-b79d-09d98c2498c4}
HKEY_CLASSES_ROOT\interface\{4723879b-8f52-4be7-9994-626afa539366}
HKEY_CLASSES_ROOT\interface\{3a350193-c7f7-4e10-b347-02ff4c3cc4e9}
HKEY_CLASSES_ROOT\interface\{2c462d06-3ba0-48bb-9282-bb6519fe86e9}
HKEY_CLASSES_ROOT\interface\{28fedb90-53c7-4928-994a-cee782606507}
HKEY_CLASSES_ROOT\interface\{20f8b70d-9f16-4dcb-8788-90a0498e46b9}
HKEY_CLASSES_ROOT\interface\{206538f7-f98c-4a46-a7d4-4a37fcdc932b}
HKEY_CLASSES_ROOT\interface\{1c08d3d0-1e04-4dde-ab0a-75355ea2585e}
HKEY_CLASSES_ROOT\interface\{1449f89c-ad28-427a-97ff-1d5bd812ea43}
HKEY_CLASSES_ROOT\interface\{09b90087-4ffa-4a44-be69-da117a710f07}
HKEY_CLASSES_ROOT\interface\{08101c3e-6c90-439e-9734-6e4dd1b53b69}
HKEY_CLASSES_ROOT\clsid\{f4b3e25a-33b4-4647-9a78-b627dde211a6}
HKEY_CLASSES_ROOT\clsid\{e5d78bd8-3874-4aa0-9d45-cfb79382c484}
HKEY_CLASSES_ROOT\clsid\{e0aa0493-c410-4cbd-b1db-1723374fa8e0}
HKEY_CLASSES_ROOT\clsid\{ceabf027-6cdc-4d47-adf6-ac5d065826a6}
HKEY_CLASSES_ROOT\clsid\{ca5e7959-60b5-47b7-80ac-1606309733f3}
HKEY_CLASSES_ROOT\clsid\{c7f22879-7151-4c71-8c50-9557afda66c6}
HKEY_CLASSES_ROOT\clsid\{c5a40fce-0a0f-40ca-985e-661c28b5b431}
HKEY_CLASSES_ROOT\clsid\{9746b450-6064-4ec8-9480-72a289aa2237}
HKEY_CLASSES_ROOT\clsid\{7d98221e-af8f-4d29-8bb1-1dfabc288173}
HKEY_CLASSES_ROOT\clsid\{7adda344-1d36-4446-9f4b-b2351fb19efd}
HKEY_CLASSES_ROOT\clsid\{7702c521-76ae-42c0-a181-3b5a96c2eef7}
HKEY_CLASSES_ROOT\clsid\{52034ad2-914c-4634-b375-9299631e5525}
HKEY_CLASSES_ROOT\clsid\{49443d6e-ce4e-47a9-8deb-f5774ce14984}
HKEY_CLASSES_ROOT\clsid\{3d74d140-f780-4ae3-8d6d-f8dc39107213}
HKEY_CLASSES_ROOT\clsid\{35ed274e-3f42-4a78-bbdc-3b7d73e85578}
HKEY_CLASSES_ROOT\clsid\{2f34e0e0-f0bb-477f-afb8-509262fa0ad1}
HKEY_CLASSES_ROOT\clsid\{2c59d5ec-6b91-4896-bd6f-5f121d87a7f8}
HKEY_CLASSES_ROOT\clsid\{23f7ad29-f51a-4ba1-be70-143b1cb25bd1}
HKEY_CLASSES_ROOT\clsid\{21e132c9-1f98-4151-bdad-7d9b49c60a8e}
HKEY_CLASSES_ROOT\clsid\{20d1af34-6e19-42d8-af9f-bdfbe45c2454}
HKEY_CLASSES_ROOT\clsid\{1c94ea51-3800-4f08-b5dc-a5b67823ffea}
HKEY_CLASSES_ROOT\clsid\{1bd98dfd-2da9-4c54-85d7-be03a0f9c487}
HKEY_CLASSES_ROOT\clsid\{17e02586-a91d-4a9d-a74e-187b05dffe6f}
HKEY_CLASSES_ROOT\clsid\{15dc7116-e58e-4395-a45a-a1c99b17c030}
Remove the following files
psguardinstall.exe, psguardinstall[1].exe.
psguard spyware remover.lnk in Desktop\
register psguard spyware remover.lnk, start psguard spyware remover.lnk, uninstall.lnk in Program Files\Common Files\psguard spyware remover\
core.dll, database.pkg, localization.dll, logfile.txt, psguard.exe, psguard.exe.local, uninstall.exe, wndsystem.dll in Program Files\psguard\
Remove the following directories
Program Files\psguard
Documents and Settings\UserName\application data\shudder global limited
Program Files\Common Files\start menu\programs\psguard spyware remover

Bookmark PSGuard page

Visitor Comments on PSGuard
2005-12-14 15:21:50, Ralph:
god, i hate psguard, although these instructions did a great part of the job removing it, automatic remover was needed as well.
2006-07-27 19:36:10, Guest:
cancel winantispyware2005 alert from my computer. I am tired of it popping up when I am doing a program. Cancel it or I will report it to the BBB on tomorrow.
2007-05-13 13:01:22, Guest:
ok can some one please help me find this stuff so i can delete it cause i cant find it.
 Previous Spyware: Remove WinFixer Next Spyware: Remove Search200 Toolbar
© 2005-2008 www.spywaredb.com All rights reserved. webmaster@spywaredb.com