• Downloads
  • Threats
    • Adware
    • Browser Hijacking
    • Phishing
    • Ransomware
  • Questions and Answers
  • Recover Encrypted Files
  • Free Malware Removal Tools

My AntiSpyware

Free antispyware software, Online Scanners, Instructions on how to remove spyware and malware.

Menu
  • Downloads
  • Threats
    • Adware
    • Browser Hijacking
    • Phishing
    • Ransomware
  • Questions and Answers
  • Recover Encrypted Files
  • Free Malware Removal Tools
Home › Tutorials - HowTo › How to remove guardupdate.com, startupguarduptodate.com, guarduptodate.com homepage hijackers

How to remove guardupdate.com, startupguarduptodate.com, guarduptodate.com homepage hijackers

Myantispyware team May 23, 2006     No Comment    

Symptoms:

  • Homepage hijacked and you got redirect to guardupdate.com, startupguarduptodate.com, guarduptodate.com.
  • Many more popups.
  • Yelloe triangle pops up in the bottom of the task bar flashing and saying that your PC have infected.

Print out these instructions as we will need to close every window that is open later in the fix.

Download HijackThis and save the file to your desktop.
Double click on the file to extract it to it’s own folder on the desktop.

Download and unzip Avenger to your desktop.

Download CCleaner.

Download SmitfraudFix (by S!Ri)
Extract the content (a folder named SmitfraudFix) to your Desktop.

Next, Download, install, and update the free version of Ewido security suite:

1. When installing, under “Additional Options” uncheck “Install background guard” and “Install scan via context menu”.
2. Run Ewido.
3. From the main ewido screen, click on update in the left menu, then click the Start update button.
4. After the update finishes (the status bar at the bottom will display “Update successful”)
5. Exit Ewido. DO NOT scan yet.

Run Avenger. Check the ‘Input script manually’ option. Click the Magnifying Glass icon. In the box that opens, copy,then paste the following bold text:

Files to delete:
C:\WINDOWS\system32\intell321.exe
C:\windows\SYSTEM32\winrlo32.dll

Then click on ‘Done’. Click the Traffic Light icon to start the program. Then press OK at the prompts to reboot your PC.

Next, please reboot your computer in Safe Mode by doing the following:

1. Restart your computer
2. After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3. Instead of Windows loading as normal, a menu should appear
4. Select the first option, to run Windows in Safe Mode.

Now you need to run HijackThis and click “Do a system scan only.” Place a check next to the following entries (if they are still there):

R3 – Default URLSearchHook is missing
O2 – BHO: Nothing – {b0398eca-0bcd-4645-8261-5e9dc70248d0} – D:\windows\system32\hp****.tmp
O3 – Toolbar: (no name) – {BA52B914-B692-46c4-B683-905236F6F655} – (no file)
O4 – HKLM\..\Run: [rock] rock.exe
O4 – HKLM\..\Run: [intell321.exe] C:\WINDOWS\system32\intell321.exe
O20 – Winlogon Notify: winrlo32 – D:\windows\SYSTEM32\winrlo32.dll

(where **** random letters)

Now close all browser and other windows except for HijackThis, and click “Fix Checked” to have HijackThis fix the entries you checked.

Open the SmitfraudFix folder again and double-click smitfraudfix.cmd
Select option #2 – Clean by typing 2 and press “Enter” to delete infected files.
You will be prompted : “Registry cleaning – Do you want to clean the registry ?”; answer “Yes” by typing Y and press “Enter” in order to remove the Desktop background and clean registry keys associated with the infection.

The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer “Yes” by typing Y and press “Enter”.
The tool may need to restart your computer to finish the cleaning process.

Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a “RiskTool”; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between “good” and “malicious” use of such programs, therefore they may alert the user.

Restart your PC. Boot again in safe Mode.

Run Ewido

1. Click on the Scanner button in the left menu, then click on Complete System Scan. This scan can take quite a while to run.
2. If Ewido finds anything, it will pop up a notification. Please select “clean” and check the boxes “Perform action with all infections” and “Create encrypted backup” before clicking on OK.
3. When the scan finishes, click on “Save Report”. This will create a text file. Make sure you know where to find this file again.

Run CCleaner.

Reboot your computer.

If you are still having problems with spyware after completing these instructions, then please follow the steps outlined in the topic linked below

Spyware removal – Read Before Posting

Tutorials - HowTo

Author: Myantispyware team

Myantispyware is an information security website created in 2004. Our content is written in collaboration with Cyber Security specialists, IT experts, under the direction of Patrik Holder and Valeri Tchmych, founders of Myantispyware.com.

Leave a Reply Cancel reply




New Guides

Defense-fordesktop.com Click Allow Scam
Defense-fordesktop.com Virus Removal Guide
Searches.today Google Search results
How to get rid of Searches.today redirect from Chrome, Firefox, IE, Edge
Helllomedias.com Click Allow Scam
Helllomedias.com Virus Removal Guide
AccessibleSearchGuide mac app adware
How to uninstall AccessibleSearchGuide app/extension from Mac (Virus removal guide)
Link 2captcha Virus Click Allow Scam
Link 2captcha Virus (removal guide)

Follow Us

Search

Useful Guides

This setting is enforced by your administrator (Removal guide)
ads by adware
How to remove Adware from Windows 10 (Virus removal guide)
remove chrome extension
How to remove Chrome extensions installed by enterprise policy
Best free malware removal tools
Best Free Malware Removal Tools 2020
browser redirect virus
How to remove Browser redirect virus [Chrome, Firefox, IE, Edge]

Recent Posts

How to block Microsoft Word vulnerability, recommended defenses.
Found exploit using new Microsoft Word vulnerability
How to remove Spyware Sheriff and Antispylab
How to remove Spyware Soft Stop
New rogue antispyware – SpywareSheriff

MYANTISPYWARE.COM

  • About Us
  • Contact Us
  • Privacy Policy

NEED A HELP ?

If you're seeing unwanted pop-ups or ads in your web-browser, you might have an adware installed on your computer. Use the following guide to stop pop-up ads and remove malicious software. Or ask for help here.

Links

  • Downloads
  • Instructions
  • Questions and Answers
  • Free Malware Removal Tools
Copyright © 2004 - 2022 Myantispyware.com - Free antispyware programs and Spyware Removal Instructions.