Exterminate It! Antimalware

malpedia

Known threats:699,443 Last Update:August 10, 12:54

Testimonials

Dear Jean, Thank you for your response. I had a Windows 2003 Server down because of the USBroot trojan. I purchased Exterminate It! and it corrected the problem. I am very pleased with your product! I’m going to purchase it for other workstations with problems in our company.

Jerry C.

File: pguard.ini

Location of pguard.ini and Associated Malware

Check whether pguard.ini is present in the following locations:

Windows 2000, Windows XP, Windows Server 2003 specific pguard.ini file locations:

  • C:\Documents And Settings\USER_NAME\Local Settings\Application Data\Microsoft\Windows\pguard.ini

Windows Vista, Windows Server 2008, Windows 7, Windows 8 specific pguard.ini file locations:

  • C:\Users\USER_NAME\AppData\Local\Microsoft\Windows\pguard.ini

If you find pguard.ini file in any of these locations, your computer is very likely to be infected with the following malware:

IMPORTANT: Malware files can be camouflaged with the same file names as legitimate files. The pguard.ini file is associated with malware only if found in the locations listed above.

Notes:

Different Variations of pguard.ini File^

File SizeFile Md5Last Seen
14927E14D3B712DB14702E49DEC78AD019CDec 29, 2009
149561A2BABBB07EBD4665C9EBCB0F48D3FDec 29, 2009
16833596ECD6BA98949F311561DF4E584B1Jan 8, 2010
149E2A410E190D6EDE0DCDADFDEAFF0FD5CJan 13, 2010
149B3366AE573B393E8F2E1F0E4890DEDF0Jan 17, 2010
169A1BF43B634B852E165AFE5DD4B41756BJan 21, 2010
1273AE4C203095EB48D05B96FE0A56E6691Jan 24, 2010
1683CDC7204548C3C277A03578E732D2F0CFeb 13, 2010
149B46CD15C71A0510F70FEFAF47BD8AE7DFeb 28, 2010
1666F676B6B9B1BBB1E146F7AC93C0BE811Mar 5, 2010
6545C726A67EDEEA60C33B8E40DE1676C3Mar 6, 2010
93021F7467FEA608B84293E41EE36A3333Mar 10, 2010
1267F2B081264FD5753B3BDA7BE0969621CMar 13, 2010
132031E462DEC61A7E3D2AD735102AD96F0Mar 16, 2010
169F56FF7C1261E30D124FC64FD279D8EEAApr 16, 2010
149C3549C1568F729DEAFE1746438F12640Apr 24, 2010
1492E75690010E6A12166CCE08EAFD920DAApr 26, 2010
149BFC1AAA3CD78652329B1F85F2CD7921DApr 27, 2010
14941F6DB3129E174B954C99C8E5C4945F9Apr 29, 2010
14975D7430A92A2F57C643DCB866BBA8E97Apr 29, 2010
91F07E22ABB7D8B788FF3621FAAEB5722FMay 27, 2010
169CEB5578F5912E9FAE22F085CA0025A8CJun 5, 2010
91F93B792C2B44A138F3CECAE80BEA4274Jun 5, 2010
910044D9DDCB819C36618BD48F610E0630Jun 6, 2010
1494F931242682D58AE7314CA080797351FJun 16, 2010
913B81D1E222DA6F0720A912DBB667B5E8Jun 18, 2010
149DB53D19F445B67BC04E6C1A6C1D278CBJun 22, 2010
91C3A7A4216884B7A2413800E6AA7FFB46Jun 28, 2010
14920BDC1A64ECE0D69480F1B829D54AD39Jul 4, 2010
149C6C8F456FB161640D70743912BF5DA85Jul 8, 2010
166AFA7FC52971231EA378D7C702EEE5EBFJul 9, 2010
91796C07087000E4272A2A8429A2D43168Jul 12, 2010
1497360842A8621B54FB371DA47821142D7Jul 17, 2010
91FDCF1F20D05BECC8C1A7195EB5BE5A02Aug 9, 2010
9174233F96F310322304D063A141EE771FAug 10, 2010
1495E4CEF4CCC66F22CE2B4C575D5513153Aug 23, 2010
149BDEF257C11B5BD7BA56CAE6C70C2E92AAug 23, 2010
14927983FADD6A0298BBBC36E7A05850E1CSep 6, 2010
149B216A62BE0471DA70015485D04B6ECBESep 10, 2010
149FB37B46E5CF9A6162402658767787586Sep 30, 2010
9141CC8208C3334B54B536ADFE5526E7A4Sep 30, 2010
166B23E2C52790C623DBBB8439411DA4379Sep 30, 2010
168C32AE4D120CE158A9A12B214DB84830AOct 17, 2010
149911658879D9D1DCFE5BDDC4465671BACNov 1, 2010
149B3C9A9D7096403C5F05EBDB79130135ANov 2, 2010
149053D60E8B3E6B5B802C9D52BF31FA4CENov 12, 2010
1493040CBD7978F37B6405B0AF2B9779880Nov 24, 2010
10058D4D765BE9AED585CD32B3409A4CB64Dec 6, 2010
149C97847AB66BD87D25481C1A9B24D9269Dec 24, 2010
1498EEC55542FDA6D76A44970984FEF5B42Feb 1, 2011
14940113715EA49BD1AE666D8197F9D336EFeb 16, 2011
1497D55ABBC43899C259A5B34C74C7A23CCApr 2, 2011
93EFECA013EC8FA3DCADCC0E4F1B66C80FApr 22, 2011
1680C89ACB6705912BBDC87BC0BCF16570CApr 26, 2011
14932B0FA502E04F9FA2F1D8AB3576170B6May 11, 2011
149D609FBA4AE65DEAB64F04ED78408420DMay 17, 2011
1493F400C26ECCF74B0249483DFCC86C6ECJun 15, 2011
91E0E2867EED79FD9AA87E68E050C11020Jul 6, 2011
91FC280ED95D869F9FBC8AD42453D7D7ABJul 12, 2011
1492F7BD4E47BBABF1C8609629FD5C67CBCSep 13, 2011
913D1F3C3CD8F191F2E312458603B705E3Dec 25, 2011
149884713FBB7AA10CF76622A927536D669Dec 31, 2011
1499F5FE550E026A735572837DAD147AA28Jan 8, 2012
149102D66B36BCABEC614895EAB3E14CA53Feb 3, 2012
1497F45D4DA574DC31FA835A8E51A15AB75Apr 30, 2012
14911CD21BA7F9101734EE7204D7E628864May 22, 2012
1493FDF6001A0FB05D18B8480F6020E9A40Apr 5, 2013

Why Is It Important to Remove Malware Files?^

It is imperative that you delete malware-associated files as soon as possible because they can be used - or are already being used - to inflict serious damage on your PC, including:

  • Disrupting the normal functioning of the operating system or rendering it completely useless.
  • Hijacking valuable private information (credit card numbers, passwords, PIN codes, etc.)
  • Directing all your Web searches to the same unwanted or malicious sites.
  • Dramatically slowing down your computer.
  • Gaining total control of your PC to spread viruses and trojans and send out spam.

How to Remove pguard.ini^

  1. To enable deleting the pguard.ini file, terminate the associated process in the Task Manager as follows:
    • Right-click in the Windows taskbar (a bar that appears along the bottom of the Windows screen) and select Task Manager on the menu.
    • In the Tasks Manager window, click the Processes tab.
    • On the Processes tab, select pguard.ini and click End Process.
  2. Using your file explorer, browse to the file using the paths listed in Location of pguard.ini and Associated Malware.
  3. Select the file and press SHIFT+Delete on the keyboard.
  4. Click Yes in the confirm deletion dialog box.
  5. Repeat steps 2-4 for each location listed in Location of pguard.ini and Associated Malware.
  6. Notes:

    • The deletion of pguard.ini will fail if it is locked; that is, it is in use by some application (Windows will display a corresponding message). For instructions on deleting locked files, see Deleting Locked Files.
    • The deletion of pguard.ini will fail if your Windows uses the NT File System (NTFS) and you have no write rights for the file. Request your system administrator to grant you write rights for the file.

Deleting Locked Files^

You can delete locked files with the RemoveOnReboot utility. You can install the RemoveOnReboot utility from here.

After you delete a locked file, you need to delete all the references to the file in Windows registry.

To delete a locked file:

  1. Right-click on the file and select Send To -> Remove on Next Reboot on the menu.
  2. Restart your computer.

The file will be deleted on restart.

Note: In the case of complex viruses that can replicate themselves, malware files can reappear in the same locations even after you have deleted those files and restarted your computer. Exterminate It! Antimalware can effectively eradicate such viruses from your computer.

To remove all registry references to a pguard.ini malware file:

  1. On the Windows Start menu, click Run.
  2. In the Open box, type regedit and click OK. The Registry Editor window opens.
  3. On the Edit menu, select Find.
  4. In the Find dialog box, type pguard.ini. The name of the first found registry value referencing pguard.ini is highlighted in the right pane of the Registry Editor window.
  5. Right-click the registry value name and select Delete on the menu.
  6. Click Yes in the Confirm Value Delete dialog box.
  7. To delete all other references to pguard.ini, repeat steps 4-6.
IMPORTANT: Malware files can masquerade as legitimate files by using the same file names. To avoid deleting a harmless file, ensure that the Value column for the registry value displays exactly one of the paths listed in Location of pguard.ini and Associated Malware.