Free malware removal tool to remove AV Guard Online

To remove AV Guard Online (Uninstall AV Guard Online)

• Restart your computer and as soon as your computer turns on hit the F8 key (repeatedly) until a screen comes up
• Choose Start computer in SAFE MODE with network support
• If you cannot connect to the Internet, do this :
  • Open Internet Explorer
  • Go to Tools => Internet Options => Connections Tab => LAN Settings
  • Uncheck "Use a proxy server"
  • Recheck "Automatically detect settings"
• Download this free removal tool for AV Guard Online
• Extract it
• Launch
• Click on the delete button

AV Guard Online will be removed from your system in 10s. Restart your computer when it’s finished.

Processes :

• [random].exe
• conhost.exe
• csrss.exe

Files :

• %System%\[RANDOM].exe
• %AppData%\[RANDOM]AV Guard Online.ico
• %TEMP%\[RANDOM NUMBERS].tmp
• %Desktop%\AV Guard Online.lnk
• %Programs%\AV Guard Online\AV Guard Online.lnk
• %Windows%%\Temp\Cab[Random Number].tmp
• %Windows%%\Temp\Tar[Random Number].tmp
• %Windows%%\Temp\Cab[Random Number].tmp
• %Windows%%\Temp\Tar[Random Number].tmp
• %Windows%%\Temp\Cab[Random Number].tmp
• %AppData%\Microsoft\CryptnetUrlCache\Content\A44F4E7CB3133FF765C39A53AD8FCFDD
• %AppData%\Microsoft\CryptnetUrlCache\MetaData\A44F4E7CB3133FF765C39A53AD8FCFDD
• %AppData%\conhost.exe
• %AppData%\csrss.exe
• %AppData%\Microsoft\csrss.exe
• %AppData%\ldr.ini

Registry

Registry created values:

• HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
  
  • [RANDOM] = "%System32%\[RANDOM].exe"
  • conhost=%AppData%\Microsoft\csrss.exe
  • [RANDOM]=%AppData%\csrss.exe”
• HKEY_CURRENT_USER\Software\Microsoft\Installer\Products\C0AB6693AB3202B4B9D95716ED5CE4A6\SourceList
  
  • LastUsedSource = "n;1;%ProgramFiles%\Common Files\Wise Installation Wizard\"
• HKEY_CURRENT_USER\software\Microsoft\Windows NT\CurrentVersion\Winlogon
  
  • Shell=explorer.exe,%AppData%\conhost.exe
  • Load=%Systemt32%\lvvm.exe”

Registry deleted values:

• HKEY_CURRENT_USER\Software\Microsoft\Installer\Products\C0AB6693AB3202B4B9D95716ED5CE4A6\SourceList
  
  • LastUsedSource = "n;1;%ProgramFiles%\Common Files\Wise Installation Wizard\"

Registry modified values:

• HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\ServiceCurrent
  
  • (Default) =
• HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\ServiceCurrent
  
  • (Default) =

Remove AV Guard Online Software manually :

• Restart your computer in safe mode :
  • Restart your computer and as soon as your computer turns on hit the F8 key (repeatedly) until a screen comes up
  • Choose Start computer in SAFE MODE
• Open the infected account
• Open explorer, paste into the address bar the text %Temp% then press enter, it will open C:\Documents and Settings\Christian\Local Settings\Temp on my computer
• Remove all .exe files and all random folders under this path
• Open explorer, paste into the address bar the text %AppData% then press enter, it will open C:\Documents and Settings\Christian\Local Settings\Application Data on my computer
• Remove all .exe files and all random folders under this path and the AV Guard Online folder
• Remove AV Guard Online.lnk from your desktop
• Remove AV Guard Online.lnk from your start menu
• Click on the start menu button then click on run
• Type msconfig and press enter
• Go to the Startup tab
• Uncheck all random character keys in it and click on the OK button
• Restart your computer in normal mode