Zentom System Guard

9th October 2011 

Avoiding Zentom System Guard

Ads, scan results windows, banners, warnings, and websites all help create a picture of legitimacy online.  It is much easier for us to walk into a physical location and determine that a business or product is a fake and simply after our money than it is for us to do this virtually.  Online, malware developers can employ a great variety of tricks to create the illusion of legitimacy.  Rogue antivirus programs depend on this, and they depend on people acting quickly and without thought.  A little caution, though, can help us avoid rogue programs like Zentom System Guard and keep our systems safe.

What is Zentom System Guard?

Rogue antivirus programs have only one objective: to convince computer users to purchase their ineffective software.  To do this, they must first create a need for protection. Zentom System Guard and other rogues do this by making it appear that your computer has several serious threats and is infected with various forms of malware.  They launch into what appear to be security scans and display results indicating that there are risks to your data and/or system.  Popup ads warn that your computer is not protected and that data is endangered.  This is intended to spur immediate action on the part of the user, but it is vital that we remember these “threats” are nonexistent.  The ability of rogues to detect and remove threats is likewise nonexistent.
Zentom System Guard is related to rogue Antimalware Doctor and has a nearly identical interface.

Rogue Antivirus Behavior

Following the increase in legitimate security programs, there has been a proliferation in recent years of rogue antivirus programs.  While they vary slightly in name and appearance, most behave in identical ways.  If Zentom System Guard has become installed in your system, you will notice the following signs:

Popups.  These are a favorite tool of rogue programs; the popups typically appear while you are browsing, but they may also appear when you are offline.  The popups are designed to mimic the warnings of legitimate security programs, so computer owners need to be cautious when reading any message.  Typical popups include:

Infections on your PC can cause:
 -Applications won’t start
 -Unwanted advertising displaying
 -Loss of Internet communication
 -Lost documents and settings
 -Some files can disappear from PC
You need registered version of Zentom System Guard to remove these infections. Click “Remove threats” to activate protection and eliminate these security hazards.

Trojan.Spy threat has been detected.
This threat model advertises websites with explicit content. Be advised of such content being possibly illegal.  Please click button below to locate and remove this threat now.


Zentom System Guard – Hacker attack detected.
Your computer is subjected to hacker attack.  Zentom System Guard has detected that somebody is trying to transfer Your private data via internet.  We strongly recommend you to block attack immediately.

Notice that “Zentom System Guard” is mentioned in most ads, and that the wording and syntax is a bit “off.”  These are both vital clues that help the user determine that these messages are false.

False Security Scan Results.  As with the pop-up warnings, the false scans are designed to mimic those of legitimate security programs.  Zentom System Guard even uses the distinctive Windows shield to create the appearance of authenticity.  The rogue’s name appears on the top left corner and on the right side above the text, “Help protect your PC.”  Below this is your “Security status.”  It will usually indicate that your automatic updates, RAM protection, and scheduled scan options are turned off and that several vulnerabilities have been detected.  Users are urged to “Unlock the full version.”  In another scan screen, threats are listed by name, type, description, and threat level.  It may indicate, for instance, that the keylogger MDSA Sentinel has been detected and that it is a “high” risk threat.  Again, users are urged to “Remove Threats” with Zentom System Guard.

These screens may appear legitimate at first, and they are certainly alarming to computer users.  Be aware that these are false scans; this rogue cannot scan your computer.  Any “threats” it claims to find are, in fact, harmless files. 

Impaired Performance.  Rogue antivirus programs configure themselves to launch upon startup, and they run resident in the background.  This diverts system resources away from your legitimate programs, so a common symptom you will notice is a slowing of performance.  Even routine tasks, such as switching browser panes, may take longer.  You may also find it difficult to navigate to pages via search engine because you are redirected to malicious websites and urged to purchase this rogue program.

Unfamiliar icons.  You may notice new and flashing icons on your desktop or system tray.  When clicked on, these will cause a pop-up warning to appear.  These are false, and these icons should be avoided.  If you do click on one, however, make sure to close it with your task manager and take immediate steps to remove the rogue antivirus program.

Mode of Entry

There are two main methods of entry that rogues like Zentom System Guard rely on.  The primary method is stealth installation via Trojan.  Trojans hide within websites, and when an unsuspecting user clicks on an ad, downloads a free video, or link, it can allow these malware-carrying vehicles to enter.  Sites that contain pirated, P2P, freeware, gaming, adult, and trending content are often the most vulnerable to Trojans.  Once the Trojan enters, it can deposit the rogue program, as well as other forms of malware.  This gives the user the “free version” of Zentom.

Less common is for the rogue to be user-installed.  After a user is confronted with pop-ups and warnings courtesy of the free version, he may opt to purchase the protection of the software.  While an understandable reaction, it is, unfortunately, not effective.  The rogue is great at creating the illusion of threats, but it is not able to detect or remove any real virus, malware, or Trojans from your system.

Removing Zentom System Guard

Whether stealth or user-installed, it is important to remove Zentom Guard as soon as possible. Specially designed programs like Malwarebytes Anti-Malware (Malwarebytes has free malware removal) or Enigma's SpyHunter provide a safe, fast, and effective way to automatically remove rogue antivirus programs.  This is an ideal solution for those without a great deal of technical experience or time.  After download, the rogue can be detected and removed immediately and your computer restored to optimal functioning.

The other option is manual removal.  This is more complicated and risky because it is easy to inadvertently delete a necessary file or fail to remove the entire rogue program.  The system registry is complex, and few people have experience working with it.  Manual removal is recommended only for those with experience and patience.  If you require assistance, please contact us so we can help guide you through the removal process and ensure continued safe operation of your system. 

Stop Processes:
[random characters].exe

Remove Registry Entries:

Remove Files:
%APPDATA%\[random characters]\enemies-names.txt
%USERPROFILE%\Start Menu\Programs\Startup\Zentom System Guard.lnk
%USERPROFILE%\Start Menu\Programs\Zentom System Guard\Zentom System Guard.lnk
%USERPROFILE%\Start Menu\Programs\Zentom System Guard\Uninstall.lnk
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\Zentom System Guard.lnk
%USERPROFILE%\Start Menu\Zentom System Guard.lnk

All content copyright 2006-2017, Bonobo Pty Limited. All Rights Reserved.
Privacy Policy | Terms Of Service