Remove the W32/AutoRun-ZX worm and the Ogard.exe infection
Description:
W32/AutoRun-ZX is a removable media worm that spreads by infecting devices such as flash drives, external hard drives, and other removable media. Once an infected media is inserted into a clean machine, the clean computer will autplay the media and infect itself.
Once infected, the worm will create the file C:\RESTORE\k-1-3542-4232123213-7676767-8888886\Ogard.exe. It will then create the follow registry key to start itself automatically:
HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{67KLN5J0-4OPM-00WE-AAX5-77EF1D187322}
Manual Removal Instructions for W32/AutoRun-ZX
End these processes if they exist:
Learn how to end processes
Ogard.exe
Delete these files if they exist:
Lean how to remove files
C:\RESTORE\k-1-3542-4232123213-7676767-8888886\Ogard.exe
Remove these Registry keys if they exist:
Learn how to remove Windows Registry entries
Warning: Editing the Windows Registry incorrectly can cause problems with your computer that may cause it not to operate correctly. Please edit the Registry only if you know what you are doing.
HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{67KLN5J0-4OPM-00WE-AAX5-77EF1D187322}
June 17th, 2009 at 9:57 am
i tried it this way but it did not work. When i try to delete it it says accesssed denied. It also hides itself in the “recycler” folder in the c: root directory.I even tried to delete it using linspire but no luck.
July 27th, 2009 at 11:48 am
Can anybody tell me how to remove this ogard.exe from Removable Drive i.e. USB pen drives?