Monday, July 18, 2011

Remove Zentom System Guard which does not keep its promise

Zentom System Guard is capable of functioning as expected by its developers only in Windows. Other computer systems would not accept it.  However, the infection does not give up and might cause malfunctioning of such computer systems and programs concerned.
Needless to say, it is reasonably considered a Windows targeting infection. It is devised to imitate computer scan offering full scope of declared features which multi-purpose utility for computer defense would perform. But, in this case words remain only words, for not a single promised feature functions. For instance, scan progress window has several variations representing prepared in advance scenarios. Folders and even drives specified in such  scan windows might mismatch with actual  structure of computer memory, which the program pretends to examine.
Removal of Zentom System Guard is not available for Windows user via Add/Remove table. Users of other operating systems, as well as other users need to apply special technology or utility to get rid of Zentom System Guard – comprehensive system cleanup with the adware covered and free scan provided is available here.



Zentom System Guard manual removal guide:
Delete infected files:
%APPDATA%\205BA7C8FC5F7E32A2A4797AFBB34F61\enemies-names.txt
%APPDATA%\205BA7C8FC5F7E32A2A4797AFBB34F61\nv716saver.exe
%APPDATA%\205BA7C8FC5F7E32A2A4797AFBB34F61\local.ini
%TEMP%\2AD39F.dmp
%APPDATA%\Adobe\plugs\KB2721125.exe
%TEMP%\2A9473.dmp
%USERPROFILE%\Start Menu\Programs\Startup\Zentom System Guard.lnk
%TEMP%\WER13.tmp
%TEMP%\FY11.tmp
%TEMP%\2B88A7.dmp
%TEMP%\WER15.tmp
%USERPROFILE%\Start Menu\Programs\Zentom System Guard\Zentom System Guard.lnk
%TEMP%\2A8F24.dmp
%USERPROFILE%\Start Menu\Programs\Zentom System Guard\Uninstall.lnk
%APPDATA%\Adobe\plugs\KB2692265.exe
%TEMP%\44d18f1b51a1182dac79e4320ec31538310a8c5f
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\Zentom System Guard.lnk
%USERPROFILE%\Start Menu\Zentom System Guard.lnk
%TEMP%\WER14.tmp
%TEMP%\WER13.tmp.dir00\appcompat.txt
%TEMP%\WER14.tmp.dir00\appcompat.txt
%TEMP%\WER15.tmp.dir00\appcompat.txt
%TEMP%\2AE6AA.dmp
%TEMP%\WER16.tmp.dir00\appcompat.txt
%APPDATA%\205BA7C8FC5F7E32A2A4797AFBB34F61\hookdll.dll
Delete infected registry entries:

HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\
HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\ZENTOM SYSTEM GUARD\
HKEY_CURRENT_USER\SOFTWARE\ZENTOMSYSTEMGUARD\
HKEY_CURRENT_USER\SOFTWARE\ZENTOMSYSTEMGUARD\ZENTOM SYSTEM GUARD\
HKEY_CURRENT_USER\SESSIONINFORMATION\PROGRAMCOUNT = 4
HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\NV716SAVER.EXE = “%APPDATA%\205BA7C8FC5F7E32A2A4797AFBB34F61\nv716saver.exe”
HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\ZENTOM SYSTEM GUARD\DISPLAYICON = %APPDATA%\205BA7C8FC5F7E32A2A4797AFBB34F61\nv716saver.exe,0
HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\ZENTOM SYSTEM GUARD\DISPLAYNAME = Zentom System Guard
HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\ZENTOM SYSTEM GUARD\INSTALLLOCATION = %APPDATA%\205BA7C8FC5F7E32A2A4797AFBB34F61\
HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\ZENTOM SYSTEM GUARD\NOMODIFY = 1
HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\ZENTOM SYSTEM GUARD\NOREPAIR = 1
HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\ZENTOM SYSTEM GUARD\UNINSTALLSTRING = %APPDATA%\205BA7C8FC5F7E32A2A4797AFBB34F61\nv716saver.exe /uninstall
HKEY_CURRENT_USER\SOFTWARE\ZENTOMSYSTEMGUARD\ZENTOM SYSTEM GUARD\AFFID = 7071627000
HKEY_CURRENT_USER\SOFTWARE\ZENTOMSYSTEMGUARD\ZENTOM SYSTEM GUARD\COID = Mjg5MzUxNTgyMjc4OTk5M1ZDuo9FTE
HKEY_CURRENT_USER\SOFTWARE\ZENTOMSYSTEMGUARD\ZENTOM SYSTEM GUARD\DATABASE_VERSION = 246
HKEY_CURRENT_USER\SOFTWARE\ZENTOMSYSTEMGUARD\ZENTOM SYSTEM GUARD\DATARL1 = KRoAGVdOQwQJHBA2QQoa
HKEY_CURRENT_USER\SOFTWARE\ZENTOMSYSTEMGUARD\ZENTOM SYSTEM GUARD\DATARL2 = KRoAGVdOQwQJHBA2QQoa
HKEY_CURRENT_USER\SOFTWARE\ZENTOMSYSTEMGUARD\ZENTOM SYSTEM GUARD\DATARLA
HKEY_CURRENT_USER\SOFTWARE\ZENTOMSYSTEMGUARD\ZENTOM SYSTEM GUARD\INST = ok
HKEY_CURRENT_USER\SOFTWARE\ZENTOMSYSTEMGUARD\ZENTOM SYSTEM GUARD\INSTALL_TIME = 4/21/20[private subnet] PM
HKEY_CURRENT_USER\SOFTWARE\ZENTOMSYSTEMGUARD\ZENTOM SYSTEM GUARD\VIRUS_SIGNATURES = 64274
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNONCE\*KB2721125.EXE = “%APPDATA%\Adobe\plugs\KB2721125.exe”
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet\CONTROL\SESSION MANAGER\PENDINGFILERENAMEOPERATIONS = \??\%TEMP%\err.log2675046


 

No comments: