derek Posted March 13, 2010 Following ridding myself of a fake AV trojan -probably "Coreguard" which popped up one day demanding to be purchased-I declined of course deleted most of the exe files it had set up, and used SAS to kill it- but I found explorer.exe did not start up other than through windows Task Manager. I located the following entry in my registry. Shell C\WINNT\system32\AY4EFQK3X.EXE -interestingly this was missed by SAS - I googled it and found it was a trojan so I deleted it. Still no start up without using WTM. Also found a reg entry called Shelly - explorer.exe and decided to delete this too.(Shell with a y - I guessed it was put there by the fake AV) So, although explorer.exe is there in the registry in its rightful place, I still have a blank screen on start up and have to use WTM to get the icons back. ANY IDEAS how to fix this? It must be simple - I am no tech wiz.........help appreciated. Share this post Link to post Share on other sites
noknojon Posted March 13, 2010 This observation is from bleeping computers - They claim to have a remover for it - Most times they use Combofix, but the method was not followed up by me - Copy and Paste (or type) Coreguard into your search engine (Google) and you will get this result - Try a Full Scan by SUPERAntiSpyware first - CoreGuard Antivirus 2009 is a rogue anti-spyware program discovered by security researcher S!RI, that uses an interesting trick in order to protect itself. This trick is to uninstall legitimate anti-malware programs when CoreGuard detects they are installed. When CoreGuard Antivirus 2009 starts it will examine the Windows Registry key that contains the list of programs that Windows knows how to uninstall from your computer. If it detects certain programs installed it will display the following message and then start the program's uninstall process: Be careful if you do use Combofix and Fully read all instructions given to you - Thank You - Share this post Link to post Share on other sites
Seth Posted March 13, 2010 Hi Derek. I've used ComboFix dozens of times to fix similar issues with Explorer: http://www.bleepingcomputer.com/combofix/how-to-use-combofix Be sure close as many programs as possible before running it. When you disable your antivirus, ComboFix may still detect it. Just ignore the message and continue. Share this post Link to post Share on other sites
noknojon Posted March 14, 2010 Quote=SUPERAntispyware Home Page / SUPERAntiSpyware can safely remove AY4EFQK3X.EXE (Trojan.Agent/Gen-FakeAV VirusProtector) and protect your computer from spyware, adware, malware, rootkits, worms, trojans, keyloggers, bots and other forms of harmful software. Please run a Full SUPERAntiSpyware Scan prior to using Combofix - Thank You - Share this post Link to post Share on other sites