Today we want to warn you against using XP Guardian as it is nasty antispyware application that has nothing to do with computer security. XP Guardian is promoted through different misleading web sites that give you a possibility to watch movies online or to scan your system from their source. Such Internet sites require downloading some updates but the Trojan virus comes inside your Pc with them. After invasion, this Trojan is going to download and install XP Guardian without your knowledge or permission. XP Guardian is constructed the way it begins its nasty activity right after Windows starts. First of all you will face a malware scan of your system that will display a list with numerous infections inside your PC. What is more, you will not be able to remove those threats unless you visit badware’s official web page and purchase the license. Please note that most of those files that XP Guardian detects are just simple scam and they were drop inside your PC by the same Trojan installed XP Guardian on your computer. Also some of them are legitimate Windows files, so do not start removing them as it will cause great damages to your machine. Another feature of XP Guardian is that this badware can really protect itself from being removed. It will block all security programs on your computer and impersonate windows Security Center, so you are going to receive from it tons of annoying alerts stating about low security level of your PC or about active threats discovering. Remember that all such pop-ups as well as system scans are simple scam and must be ignored at once. What is more, XP Guardian should be removed out from your computer, until it gets over your system at all.
Type: Rogue Anti-Spyware
Malware Author: Unknown
Threat Level: Critical
Screenshot:
How to remove XP Guardian manually:
It's possible to remove XP Guardian manually, but you have to be very experienced in dealing with registry entries, program files and .dll files.
The files to be deleted:
%Documents and Settings%\[UserName]\Application Data\av.exe
%Documents and Settings%\[UserName]\Application Data\WRblt8464P
Remove registry entries:
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command “(Default)” = “av.exe” /START “%1″ %*
HKEY_CURRENT_USER\Software\Classes\secfile\shell\open\command “(Default)” = “av.exe” /START “%1″ %*
HKEY_CLASSES_ROOT\.exe\shell\open\command “(Default)” = “av.exe” /START “%1″ %*
HKEY_CLASSES_ROOT\secfile\shell\open\command “(Default)” = “av.exe” /START “%1″ %*
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command “(Default)” = “av.exe” /START “firefox.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command “(Default)” = “av.exe” /START “firefox.exe” -safe-mode
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command “(Default)” = “av.exe” /START “iexplore.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center “AntiVirusOverride” = “1″
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center “FirewallOverride” = “1″
Please be careful because manual removal of XP Guardian may seriously damage operational system and sensitive data. Also there is a big possibility of incomplete removal, because some files could be hidden and program could re-install itself after you delete files and registry entries. So we strongly recommend you to use automatical removal tool.
No comments:
Post a Comment