Free malware removal tool for Guard Online

Written by Administrator | Monday, 10 October 2011 05:49

Guard Online is a another rogue Antispyware from the OpenCloud and AV Guard Online familly, it's a malware that pretends to be an Antivirus. Guard Online conducts a fake scan of your system; you are warned by a fake alarm that there are more malwares on your system. It’s true indeed, there is really a malware in your system but I think the only malware on your system is Guard Online itself. Guard Online invites you to purchase a license to remove malwares, do not, it's a scam, you need a license for a malware? This so-called Antivirus tries to scam you. Uninstall Guard Online immediately from your system.

Guard Online

To remove Guard Online (Uninstall Guard Online)

Restart your computer and as soon as your computer turns on hit the F8 key (repeatedly) until a screen comes up
Choose Start computer in SAFE MODE with network support
If you cannot connect to the Internet, do this :
- Open Internet Explorer
- Go to Tools => Internet Options => Connections Tab => LAN Settings
- Uncheck "Use a proxy server"
- Recheck "Automatically detect settings"
Download this free removal tool for Guard Online
Extract it
Launch
Click on the delete button

Guard Online will be removed from your system in 10s. Restart your computer when it’s finished.

Processes :

[random].exe

Files :

%AppData%\ldr.ini
%AppData%\[RANDOM]\Guard Online .ico
%DesktopDir%\Guard Online .lnk
%Temp%\[NUMBER].tmp
%AppData%\[RANDOM 1]
%AppData%\[RANDOM 2]
%AppData%\[RANDOM 3]
%Programs%\Guard Online

Registry

Registry created values:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
- [RANDOM] = "%System32%\[RANDOM].exe"
HKEY_CURRENT_USER\Software\Microsoft\Installer\Products\C0AB6693AB3202B4B9D95716ED5CE4A6\SourceList
- LastUsedSource = "n;1;%ProgramFiles%\Common Files\Wise Installation Wizard\"

Registry deleted values:

HKEY_CURRENT_USER\Software\Microsoft\Installer\Products\C0AB6693AB3202B4B9D95716ED5CE4A6\SourceList
- LastUsedSource = "n;1;%ProgramFiles%\Common Files\Wise Installation Wizard\"

Registry modified values:

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\ServiceCurrent
- (Default) =
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\ServiceCurrent
- (Default) =

Remove Guard Online Software manually :

Restart your computer in safe mode :
- Restart your computer and as soon as your computer turns on hit the F8 key (repeatedly) until a screen comes up
- Choose Start computer in SAFE MODE
Open the infected account
Open explorer, paste into the address bar the text %Temp% then press enter, it will open C:\Documents and Settings\Christian\Local Settings\Temp on my computer
Remove all .exe files and all random folders under this path
Open explorer, paste into the address bar the text %AppData% then press enter, it will open C:\Documents and Settings\Christian\Local Settings\Application Data on my computer
Remove all .exe files and all random folders under this path and the Guard Online folder
Remove Guard Online.lnk from your desktop
Remove Guard Online.lnk from your start menu
Click on the start menu button then click on run
Type msconfig and press enter
Go to the Startup tab
Uncheck all random character keys in it and click on the OK button
Restart your computer in normal mode

This will solve the problem but you can run the removal tool to remove the other registry keys and values.

Free malware removal tool for Guard Online

Processes :

Files :

Registry

Remove Guard Online Software manually :

Add comment

Free malware removal tool for Guard Online

Free malware removal tool to remove AV Guard Online

Free removal tool to remove Security Guard 2012

Free removal tool for Advanced PC Shield 2012

Security Sphere 2012 Free Removal Tool