XP Guardian
February 1, 2010 Threat level:
(6 / 10)
XP Guardian description
XP Guardian is a malicious software made to look like a security program. The goal of this rogue application is to make the user believe that it is actually a computer protection tool which needs to be purchased in order to gain its full benefit. XP Guardian is usually acquired online via websites which pretend to be online security scanners or employ trojans to download and install XP Guardian.
The parasite uses deceptive methods to scare the user into thinking that their computer has been seriously infected and that they need to buy the license for using XP Guardian in order to protect their system. XP Guardian performs fabricated security scans and displays false alerts warning about a number of threats. Security issues reported by XP Guardian are all made up and don't even exist. In order to keep their system safe from XP Guardian and other similar applications one should first of all acquire a real security software. However, if XP Guardian had already made your computer and yourself go nuts, here are the XP Guardian removal instructions.
New processes created
av.exe Learn how to remove malicious processesNew XP Guardian registry entries created
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command "(Default)" = "%UserProfile%\Local Settings\Application Data\av.exe" /START "%1" %*HKEY_CURRENT_USER\Software\Classes\secfile\shell\open\command "(Default)" = "%UserProfile%\Local Settings\Application Data\av.exe" /START "%1" %*
HKEY_CLASSES_ROOT\.exe\shell\open\command "(Default)" = "%UserProfile%\Local Settings\Application Data\av.exe" /START "%1" %*
HKEY_CLASSES_ROOT\secfile\shell\open\command "(Default)" = "%UserProfile%\Local Settings\Application Data\av.exe" /START "%1" %*
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command "(Default)" = "%UserProfile%\Local Settings\Application Data\av.exe" /START "C:\Program Files\Mozilla Firefox\firefox.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command "(Default)" = "%UserProfile%\Local Settings\Application Data\av.exe" /START "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command "(Default)" = "%UserProfile%\Local Settings\Application Data\av.exe" /START "C:\Program Files\Internet Explorer\iexplore.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center "AntiVirusOverride" = "1"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center "FirewallOverride" = "1" Download RegistryBooster 2010 to scan your registry errors
Learn how to remove malicious registry entries
New files and directories created
%UserProfile%\Local Settings\Application Data\av.exe%UserProfile%\Local Settings\Application Data\WRblt8464P Learn how to unregister malicious DLL files
How to remove XP Guardian
To remove XP Guardian manually you must block rogue XP Guardian related websites, remove malicious processes and registry entries, unregister dlls and delete all malicious XP Guardian files from your computer.
Please note: cleaning your computer is a difficult and dangerous task, manually editing registry entries and removing processes and files may cause serious damage to your system. We strongly recommend scanning your computer with one of the legitimate antispyware scanners.