XP Guardian virus
Hello, my name is david. i installed a new windows update tonight and i think it was a virus. The security centre opened after a restart and xp guardian was in it, i cant disable it, it asks for money to register, very much like the personal antivirus virus that i had months ago on a different pc. I cant access IE properly and it blocks any sites that i try to go saying danger, buy xp guardian. done a system search for 'xp guardian' which is running in the taskbar which i cant close, nothing appears in the search. It constantly throws errors at me about potential threats and stealth attacks, i cant check the recent update that i done because it blocks me from getting into control panel windows update saying danger etc etc. I have webroot antivirus and spyware doctor which cannot detect it. I will try to upload pictures if u guys tell me the easiest option for you. Thanks alot for your time and i hope i can get this problem solved asap. sorry for the delay, im having serious problems with opera browser, IE just doesnt work, it keeps blocking it. Heres a few photos i put onto photobucket they should give you a better idea of the problem i have. some more feedback on weither i should do a fresh install would be appreciated.Thanks. http://s1020.photobucket.com/albums/af325/dava811/ Also the update was an automatic download like always and thats the main reason that im shocked at recieving this virus. and my webroot was running at the time, thanks.
January 25th, 2010 3:14am

Hi,I can't find anything on that - is the correct name "XP Guardian"? Is that the complete name? To what websitedoes it refer you? Please answer those and then try the general methods below thoroughly and vigilantly.These can be done in Safe Mode - repeatedly tap F8 as you boot however you should also run them in regular Windows when you can.Download malwarebytes and scan with it, run MRT, and add Prevx to be sure it is gone. (If Rootkits run UnHackMe)Download - SAVE - go to where you put it - Right Click on it - RUN AS ADMINMalwarebytes - freehttp://www.malwarebytes.org/Run the Microsoft Malicious Removal Tool Start - type in Search box -> MRT find at top of list - Right Click on it - RUN AS ADMIN.You should be getting this tool and its updates via Windows Updates - if needed you can download it here.Download - SAVE - go to where you put it - Right Click on it - RUN AS ADMIN(Then run MRT as above.)Microsoft Malicious Removal Tool - 32 bithttp://www.microsoft.com/downloads/details.aspx?FamilyID=AD724AE0-E72D-4F54-9AB3-75B8EB148356&displaylang=enMicrosoft Malicious Removal Tool - 64 bithttp://www.microsoft.com/downloads/details.aspx?FamilyId=585D2BDE-367F-495E-94E7-6349F4EFFC74&displaylang=enalso install Prevx to be sure it is all gone. Download - SAVE - go to where you put it - Right Click on it - RUN AS ADMINPrevx - Home - Free - small, fast, exceptional CLOUD protection, works with other security programs. This is a scanner only, VERY EFFECTIVE, if it finds something come back here or use Google to see how to remove. http://www.prevx.com/ <-- informationhttp://info.prevx.com/downloadcsi.asp <-- download PCmag - Prevx - Editor's Choicehttp://www.pcmag.com/article2/0,2817,2346862,00.asp--------------------------------------------------------If needed here are some online free scanners to help http://www.eset.com/onlinescan/http://onecare.live.com/site/en-us/default.htmhttp://www.kaspersky.com/virusscannerOther Free online scanshttp://www.google.com/search?hl=en&source=hp&q=antivirus+free+online+scan&aq=f&oq=&aqi=g1--------------------------------------------------------Also do these to cleanup general corruption and repair/replace damaged/missing system files.Run DiskCleanup - Start - All Programs - Accessories - System Tools - Disk CleanupStart - type this in Search Box -> COMMAND find at top and RIGHT CLICK - RUN AS ADMINEnter this at the prompt - sfc /scannowHow to analyze the log file entries that the Microsoft Windows Resource Checker (SFC.exe) program generates in Windows Vista cbs.loghttp://support.microsoft.com/kb/928228Run checkdisk - schedule it to run at next start and then Apply OK your way out then restart.How to Run Check Disk at Startup in Vistahttp://www.vistax64.com/tutorials/67612-check-disk-chkdsk.html-----------------------------------------------------------------------If any Rootkits are found use this thread and other suggestions. (Run UnHackMe)http://social.answers.microsoft.com/Forums/en-US/InternetExplorer/thread/a8f665f0-c793-441a-a5b9-54b7e1e7a5a4/Hope this helps. Rob - Bicycle - Mark Twain said it right.
Free Windows Admin Tool Kit Click here and download it now
January 25th, 2010 3:30am

Did this update arrive via email? You are seeing the effects of a hijackware infection (i.e., Trojan W32/FakeAlert-variant)! NB: If you had no anti-virus application installed or the subscription had expired *when the machine first got infected* and/or your subscription has since expired and/or the machine's not been kept fully-patched at Windows Update, don't waste your time with any of the below: Format & reinstall Windows. A Repair Install will NOT help! Microsoft PCSafety provides home users (only) with no-charge support in dealing with malware infections such as viruses, spyware (including unwanted software), and adware. https://support.microsoft.com/oas/default.aspx?&prid=7552&st=1 Also available via... Consumer Security Support home page https://consumersecuritysupport.microsoft.com/ Otherwise... 1. See if you can download/run the MSRT manually: http://www.microsoft.com/security/malwareremove/default.mspx NB: Run the FULL scan, not the QUICK scan! You may need to download the MSRT on a non-infected machine, then transfer MRT.EXE to the infected machine and rename it to SCAN.EXE before running it. 2a. WinXP => Run the Windows Live Safety Center's 'Protection' scan (only!) in Safe Mode with Networking, if need be: http://onecare.live.com/site/en-us/center/howsafe.htm 2b. Vista or Win7=> Run this scan instead: http://onecare.live.com/site/en-us/center/whatsnew.htm 3. Now run a thorough check for hijackware, including posting requested logs in an appropriate forum, not here. Checking for/Help with Hijackware:• http://mvps.org/winhelp2002/unwanted.htm • http://inetexplorer.mvps.org/tshoot.html • http://www.mvps.org/sramesh2k/Malware_Defence.htm• http://www.elephantboycomputers.com/page2.html#Removing_Malware **Chances are you will need to seek expert assistance in http://spywarehammer.com/simplemachinesforum/index.php?board=10.0, http://www.spywarewarrior.com/viewforum.php?f=5, http://www.dslreports.com/forum/cleanup, http://www.bluetack.co.uk/forums/index.php, http://aumha.net/viewforum.php?f=30 or other appropriate forums.** If these procedures look too complex - and there is no shame in admitting this isn't your cup of tea - take the machine to a local, reputable and independent (i.e., not BigBoxStoreUSA or Geek Squad) computer repair shop.~Robear Dyer (PA Bear) ~ MS MVP (IE, Mail, Security, Windows & Update Services) since 2002 ~ Disclaimer: MS MVPs neither represent nor work for Microsoft
January 25th, 2010 4:00am

Hello guys, thanks for all your help, im in the middle of downloading the software to try and remove it, i have no recovery partition or windows disk so im going to try and remove the virus. Does the screenshots give you any more information or the infection?
Free Windows Admin Tool Kit Click here and download it now
January 25th, 2010 1:31pm

hello, i think i have made a breakthrough. Prevx picked up a file called "Msascui.exe" which according to google is "Windows Defender" prevx is reporting it as a fraudulant security program at high risk. I would take a guess that the update thati done from Microsoft patched over the old .exe of windows defender thus adding "xp guardian" to my security centre and disabling all other windows security, any advice on how i can remove this? is it safe to just delete the exe? Many thanks.
January 25th, 2010 4:07pm

Had a laptop brought in by one of our staff with this malware on this morning, I tried my usual malware remover but it was not having any of it. In the end I did a system restore which took the laptop back to a previous restore state of last Friday morning which was enough to be before the malware was installed. You can find the System Restore under Accessories, System Tools. Good luck
Free Windows Admin Tool Kit Click here and download it now
January 25th, 2010 5:46pm

System Restore will NOT return infected computers to a secure state.~Robear Dyer (PA Bear) ~ MS MVP (IE, Mail, Security, Windows & Update Services) since 2002 ~ Disclaimer: MS MVPs neither represent nor work for Microsoft
January 25th, 2010 8:22pm

Repost: Did this update arrive via email or an attachment?Did you install Webroot Anti-virus with Spy Sweeper before or after the computer got infected?Was the computer fully-patched at Windows Update when the computer got infected?See Steps #1 through #3 in my previous reply for info on cleaning this system, or...Microsoft PCSafety provides home users (only) with no-charge support in dealing with malware infections such as viruses, spyware (including unwanted software), and adware. https://support.microsoft.com/oas/default.aspx?&prid=7552&st=1~Robear Dyer (PA Bear) ~ MS MVP (IE, Mail, Security, Windows & Update Services) since 2002 ~ Disclaimer: MS MVPs neither represent nor work for Microsoft
Free Windows Admin Tool Kit Click here and download it now
January 25th, 2010 8:26pm

Hi,Bear is certainly right that you normally do not run System Restore to remove malware howeverthere are exceptions.If you did a thorough job with Malwarebytes, MRT, Prevx and even the on-line scanners and theyfound nothing other than the defender replacement then a System Restore would probably workas it only replaced the System files and registry settings needed to product the "Hoax Show".As unusual as it is for an infection I would run System Restore and then SFC and Checkdisk.How to Do a System Restore in Vistahttp://www.vistax64.com/tutorials/76905-system-restore-how.htmlDo these even if you have already done them.Also do these to cleanup general corruption and repair/replace damaged/missing system files.Run DiskCleanup - Start - All Programs - Accessories - System Tools - Disk CleanupStart - type this in Search Box -> COMMAND find at top and RIGHT CLICK - RUN AS ADMINEnter this at the prompt - sfc /scannowHow to analyze the log file entries that the Microsoft Windows Resource Checker (SFC.exe) program generates in Windows Vista cbs.loghttp://support.microsoft.com/kb/928228Hope this helps.Rob - Bicycle - Mark Twain said it right.
January 25th, 2010 8:52pm

I've tried using the Microsoft removal tool, webroot and prevx. prevx picks up 11 infections. Im guessing that prevx is a pretty good scanner? I had fully upto date webroot and windows was upto date, i have downloaded nothing except from the windows update which i think caused this problem. On the other hand, i cant scan as the administrator because i dont know the password because the laptop was given to me from a family member, altho i am trying to get the password as we speak. Does runing the programs as administrator make a big diference? I have no restore points on the laptop as far as i know so i think system restore is out of the question..? it is so strange, it is as if its an official microsoft, i know thats what the script writers want us to think, i can take screenshots of what prevx picks up and upload them, would that help? I appreciate all the help.
Free Windows Admin Tool Kit Click here and download it now
January 25th, 2010 9:22pm

Please state your full Windows version (e.g., WinXP SP3; WinXP 64-bit SP2; Vista SP1; Vista 64-bit SP2; Win7; Win7 64-bit).~Robear Dyer (PA Bear) ~ MS MVP (IE, Mail, Security, Windows & Update Services) since 2002 ~ Disclaimer: MS MVPs neither represent nor work for Microsoft
January 25th, 2010 9:29pm

Im running version 5.1 Windows xp professional sp 3 - 32bit, i think.
Free Windows Admin Tool Kit Click here and download it now
January 25th, 2010 9:33pm

If you don't want to avail yourself of the free support from Microsoft or do all 3 steps in my first reply to this thread, proceed as follows:Back-up any personal data (none of which should be considered 100% trustworthy at this point) then format the HDD & do a clean install of Windows. Please note that a Repair Install (AKA in-place upgrade) will NOT fix this! HOW TO do a clean install of WinXP: See http://michaelstevenstech.com/cleanxpinstall.html#steps and/or Method 1 in http://support.microsoft.com/kb/978307 After the clean install, you'll have the equivalent of a "new computer" so take care of everything on the following page before otherwise connecting the machine to the internet or a network and before using a flash drive or SDCard that isn't brand-new or hasn't been freshly formatted: 4 steps to help protect your new computer before you go online http://www.microsoft.com/security/pypc.aspx Other helpful references include: HOW TO get a computer running WinXP Gold (no Service Packs) fully patched (after a clean install)http://groups.google.com/group/microsoft.public.windowsupdate/msg/3f5afa8ed33e121c HOW TO get a computer running WinXP SP1(a) or SP2 fully patched (after a clean install)http://groups.google.com/group/microsoft.public.windowsxp.general/msg/a066ae41add7dd2b Tip: After getting the computer fully-patched, download/install KB971029 manually: http://support.microsoft.com/kb/971029 NB: Any Norton or McAfee free-trial that came preinstalled on the computer when you bought it will be reinstalled (but invalid) when Windows is reinstalled. You MUST uninstall the free-trial and download/run the appropriate removal tool before installing any updates, Windows Service Packs or IE upgrades and before installing your new anti-virus application (which will require WinXP SP3 to be installed). Norton Removal Tool ftp://ftp.symantec.com/public/english_us_canada/removal_tools/Norton_Removal_Tool.exe McAfee Consumer Products Removal Tool http://download.mcafee.com/products/licensed/cust_support_patches/MCPR.exe Also see: Steps To Help Prevent Spywarehttp://www.microsoft.com/security/spyware/prevent.aspx Steps to Help Prevent Computer Wormshttp://www.microsoft.com/security/worms/prevent.aspx Avoid Rogue Security Software!http://www.microsoft.com/security/antivirus/rogue.aspx If these procedures look too complex - and there is no shame in admitting this isn't your cup of tea - take the machine to a local, reputable and independent (i.e., not BigBoxStoreUSA or Geek Squad) computer repair shop.Good luck. I am no longer watching this thread.~Robear Dyer (PA Bear) ~ MS MVP (IE, Mail, Security, Windows & Update Services) since 2002 ~ Disclaimer: MS MVPs neither represent nor work for Microsoft
January 25th, 2010 10:10pm

And if i havent got an xp disk or recovery partition? Would vista work fine if i done a multiboot ? I appreciate all the help.
Free Windows Admin Tool Kit Click here and download it now
January 25th, 2010 10:25pm

If your computer didn't come with a set of disks, there will be a hidden Recovery partition you can use to do the clean install. If you've deleted the partition, you're SOL.If you need further assistance with the clean install (of WinXP), post here: http://social.answers.microsoft.com/Forums/en-US/xprepair/threads If you want to try a clean install of Vista (and you have the proper & legal installation medium), post here: http://social.answers.microsoft.com/Forums/en-US/vistainstall/threads ~Robear Dyer (PA Bear) ~ MS MVP (IE, Mail, Security, Windows & Update Services) since 2002 ~ Disclaimer: MS MVPs neither represent nor work for Microsoft
January 25th, 2010 10:39pm

Hi,Prevx is a top-notch malware detector, best I have found and I use the Free version as well.Try these on-line scanners - both and maybe othershttp://www.eset.com/onlinescan/http://onecare.live.com/site/en-my/default.htm?mkt=en-myOther Free online scanshttp://www.google.com/search?hl=en&source=hp&q=antivirus+free+online+scan&aq=f&oq=&aqi=g1 Rob - Bicycle - Mark Twain said it right.
Free Windows Admin Tool Kit Click here and download it now
January 25th, 2010 11:20pm

hey guys, i really appreciate the time and effort you all have put in. Anyway, i seem to have made a breakthrough, somehow the "XP Guardian" has now morphed into another program called Antivirus XP 2010, im sure u have heard of it as i have googled it, heres a link - http://answers.yahoo.com/question/index?qid=20081005164440AAzjSap Hopefully following the instructions i will get rid of this pain in the A$$, i just thought i would update the thread to let you all know what the XP Guardian actually was. If i gather anymore knowledge on it i will update the thread. Thanks, dava811.
January 25th, 2010 11:39pm

Hi,See the manual instructions here and you still need to run the on-line scanners for the other malware.How to remove Antivirus 2010 (Uninstall Instructions)http://www.bleepingcomputer.com/virus-removal/remove-antivirus-2010How to manually remove XP Antivirus 2010http://forums.techarena.in/networking-security/1111989.htmHow to manually remove XP Antivirus 2010http://www.abxzone.com/forums/f234/how-manually-remove-xp-antivirus-2010-a-119256.htmlHope this helps.Rob - Bicycle - Mark Twain said it right.
Free Windows Admin Tool Kit Click here and download it now
January 25th, 2010 11:49pm

Dave,I got the same issue today. XP Guardian Alert with all the alert messages you mentioned. I ran the below link to resolve the issue.If you have google chrome installed in your machine, you can download this sofeware. Google chrome is not affected by XP Guardian. Or get this sofeware from some where.You may have to go to the command prompt in windows to Run the exe. Run --> cmd , go to the folder where you have the setup and run it.Malwarebytes - freehttp://www.malwarebytes.org/
January 26th, 2010 2:53am

ok mate, i scanned with malwarebytes and it found 30 infections, i updated it there and am trying to scan again. Really is a pain in the ____. each scan takes 2 hours or so. Did you use any other methods to remove it or did the said program completely remove it? Thanks.
Free Windows Admin Tool Kit Click here and download it now
January 26th, 2010 4:09am

Repost:Chances are you will need to seek expert assistance in http://spywarehammer.com/simplemachinesforum/index.php?board=10.0, http://www.spywarewarrior.com/viewforum.php?f=5, http://www.dslreports.com/forum/cleanup, http://www.bluetack.co.uk/forums/index.php, http://aumha.net/viewforum.php?f=30 or other appropriate forums.~Robear Dyer (PA Bear) ~ MS MVP (IE, Mail, Security, Windows & Update Services) since 2002 ~ Disclaimer: MS MVPs neither represent nor work for Microsoft
January 26th, 2010 4:24am

Yes it completed removed the virus. It found an Infection called 'Fake Alert'.
Free Windows Admin Tool Kit Click here and download it now
January 26th, 2010 4:52pm

Dave malwarebytes was the 1st program in the list of removal methods I posted above. Please do a very thorough job of checking for malware. All too often someone thinks because a programfound and maybe removed an infection that the problem is solved. Unfortunately that is far fromreality as often easy to detect and remove malware is accompanied by much tougher to detectand remove payload. Better to overkill the process now than to pay the price later.Rob - Bicycle - Mark Twain said it right.
January 26th, 2010 8:32pm

I am having the same issue right now.I ran malwarebytes and while it found a few infections, it didnt find the xp guardian 2010 infection and this still resides on my computer.I found the task to end the process on and it was av.exe, not sure if that helps, i think this might be a new issue so not sure if malwarebytes or MRT is updated enough to find these?Any other suggestions?
Free Windows Admin Tool Kit Click here and download it now
January 26th, 2010 8:51pm

I suggest referring to PA Bear's post above regarding receiving expert assistance. Regardless the name of the malware, or whether general scanners have been updated to find it, the trained volunteers know how to find and fix issues on your computer.
January 27th, 2010 4:39am

@Bugbatter: Fancy meetin' you here! ;)
Free Windows Admin Tool Kit Click here and download it now
January 27th, 2010 4:45am

I suggest referring to PA Bear's post above regarding receiving expert assistance. Regardless the name of the malware, or whether general scanners have been updated to find it, the trained volunteers know how to find and fix issues on your computer. +1Vincenzo Di Russo Microsoft MVP Windows Internet Explorer, Windows Desktop Experience & Security - Since 2003. Moderator in the Microsoft Answers Forums Italy My MVP Profile: https://mvp.support.microsoft.com/profile/Vincenzo
January 27th, 2010 3:47pm

Hi, I have just followed your instructions and Prevx found it as an av.exe file? I have no idea how to get rid of this!! It's also on a work computer with some information not backed up! Thanks in advance
Free Windows Admin Tool Kit Click here and download it now
January 27th, 2010 4:51pm

Hi,AV.exehttp://www.bleepingcomputer.com/startups/av.exe-24845.htmlRemove Secure Antivirus Pro (Removal Instructions)http://www.bleepingcomputer.com/startups/av.exe-24845.htmlnadinek89 did you run malwarebytes, MRT, on-line scan or other tools?Hope this helps. Rob - Bicycle - Mark Twain said it right.
January 27th, 2010 8:04pm

Hi, I didn't know how else to contact you, Can you please tell me if there is a way that I can contact you or other support people directly. Also, Can you please tell me if you are aware of the "logging on then logging off" problem with XP? It seems to be affecting many people but no support people or moderators have posted any comments. PLEASE HELP!!
Free Windows Admin Tool Kit Click here and download it now
January 27th, 2010 8:38pm

Hi Hockey,If you want support here you need to start your own thread.How to ask a questionhttp://support.microsoft.com/kb/555375XP Solution Center - more support options and contactshttp://support.microsoft.com/ph/1173#tab0Hope this helps.Rob - Bicycle - Mark Twain said it right.
January 27th, 2010 9:05pm

Hi Hockey,If you want support here you need to start your own thread.How to ask a questionhttp://support.microsoft.com/kb/555375XP Solution Center - more support options and contactshttp://support.microsoft.com/ph/1173#tab0Hope this helps. Rob - Bicycle - Mark Twain said it right. Hi, SpiritX. You, Vincenzo, and PA Bear really seem to know what's going on. This forum has been quite informative! If you have a chance, I really could use your help in the thread I started today (XP Pro infected with virus and now stuck in "login loop").Thank you for helping us!
Free Windows Admin Tool Kit Click here and download it now
January 27th, 2010 9:28pm

I had the same problem about 30 min ago and just ran a onecare scan and it found and removed it immediately i <3 onecare now
January 27th, 2010 10:43pm

Just search your registry for av.exe and remove all entries then restore to an ealier point in time. Just had to do this myself
Free Windows Admin Tool Kit Click here and download it now
January 28th, 2010 1:14am

Thanks for your reply. I can not run Malwarebytes or MRT as administrator it wont allow me to. and online - the XP Guardian will not allow me online. Thanks
January 28th, 2010 12:37pm

How did you run that? XP GUARDIAN wont allow me online?
Free Windows Admin Tool Kit Click here and download it now
January 28th, 2010 12:44pm

Hi,Start in Safe Mode with Networking - repeatedly tap F8 as you boot up. Rare that one of these rogueswould prevent on-line access as they allow that so you can pay them. Another thing you try is CTRLSHIFT ESC - Task Manager - Processes Tab - and end Process on the file AV.EXE or others you candetermine might be the rogue. If you make a mistake just reboot and then you can start over. Oncethese processes are ended if should be easier to remove them.Rob - Bicycle - Mark Twain said it right.
January 28th, 2010 5:14pm

"XP Internet Security 2010 also known as XP Guardian and Antivirus XP 2010 is a rogue anti-spyware application". In your case it's titled XP Guardian. For other people this virus can show up as XP Internet Security 2010 or Antivirus XP 2010. Anyway, these removal instructions apply for this virus no matter how it's titled: http://deletemalware.blogspot.com/2010/01/how-to-remove-xp-internet-security-2010.html http://www.bleepingcomputer.com/virus-removal/remove-antivirus-vista-2010
Free Windows Admin Tool Kit Click here and download it now
January 29th, 2010 4:07am

I hope everyone is paying attention with the news about China. Seems these people don't like the way we do things in other parts of the world, especially the US. With that in mind, beware. I also suggest turning off automatic updates and use Belarc at http://www.belarc.com. This program is an audit program and will let you know if there is any updates from microsoft that need to be installed. Second, stay away from IE, use firefox or google chrome. IE is not really a good browser. I agree with what Nick says above, go to START, then RUN, type in Regedit, then Edit, then find and type in any files your aware of and delete them from the registry. Use your F3 key to find more after you delete until you find no more. This is just getting totally rediculous. You don't hear about this ____ with Apple Macs!b.d. de witt jr.
January 29th, 2010 7:46pm

I hope everyone is paying attention with the news about China. Seems these people don't like the way we do things in other parts of the world, especially the US. With that in mind, beware. I also suggest turning off automatic updates and use Belarc at http://www.belarc.com. This program is an audit program and will let you know if there is any updates from microsoft that need to be installed. Second, stay away from IE, use firefox or google chrome. IE is not really a good browser. I agree with what Nick says above, go to START, then RUN, type in Regedit, then Edit, then find and type in any files your aware of and delete them from the registry. Use your F3 key to find more after you delete until you find no more. This is just getting totally rediculous. You don't hear about this ____ with Apple Macs! b.d. de witt jr. A personal software firewall installed blocking pings and unsolicited noise can cure much with the 'china problem' here mentioned which is rather the cyber criminal underground (cyber crime, crimewares) as opposed to less than a handful of of "state sanctioned" levels of attack which do not affect average consumerism. China has never been reported as committing "state sanctioned" levels of attack on the average computer in USA. Just wanted to add more to your help.... Microsoft Baseline Security Analyzer 2.1http://www.microsoft.com/downloads/details.aspx?familyid=F32921AF-9DBE-4DCE-889E-ECF997EB18E9&displaylang=en(will detect Windows Updates missing and gives full security results) DON'T MISS THIS... a-squared HiJackFreehttp://www.hijackfree.com/en/a-squared HiJackFree is a detailed system analysis tool which helps advanced users to detect and remove all types of HiJackers, Spyware, Adware, Trojans and Worms.# Manage all types of Autoruns on your system# Control all Explorer and Browser plugins (BHOs, Toolbars, etc.)# Manage all running Processes and their associated modules# Control all Services, even those Windows doesn't display# View open ports and the associated listening processes# View all DNS entries in the hosts file# Manage installed Layered Service Providers (LSPs)# Analyze the system configuration with using our live online analysisDownload a-squared HiJackFree now! It's free for private use!It comes with language packs for English, German, French, Spanish, Italian, Japanese and many more.Gerald60606 Windows Live Spaces http://gerald60606.spaces.live.com/default.aspx
Free Windows Admin Tool Kit Click here and download it now
January 30th, 2010 11:43am

I hope everyone is paying attention with the news about China. Seems these people don't like the way we do things in other parts of the world, especially the US. With that in mind, beware. I also suggest turning off automatic updates and use Belarc at http://www.belarc.com. This program is an audit program and will let you know if there is any updates from microsoft that need to be installed. Second, stay away from IE, use firefox or google chrome. IE is not really a good browser. I agree with what Nick says above, go to START, then RUN, type in Regedit, then Edit, then find and type in any files your aware of and delete them from the registry. Use your F3 key to find more after you delete until you find no more. This is just getting totally rediculous. You don't hear about this ____ with Apple Macs! b.d. de witt jr. As far as the firefox vs internet explorer (IE) advice - this is wrong as usual by misinformed users that spread this "hype".... Firefox, Opera, Safari browsers top list of high risk software 2009... http://www.prnewswire.com/news-releases/bit9-releases-annual-report-on-top-vulnerable-applications-in-2009-79401757.htmlGerald60606 Windows Live Spaces http://gerald60606.spaces.live.com/default.aspx
January 30th, 2010 11:55am

I hope everyone is paying attention with the news about China. Seems these people don't like the way we do things in other parts of the world, especially the US. With that in mind, beware. I also suggest turning off automatic updates and use Belarc at http://www.belarc.com. This program is an audit program and will let you know if there is any updates from microsoft that need to be installed. Second, stay away from IE, use firefox or google chrome. IE is not really a good browser. I agree with what Nick says above, go to START, then RUN, type in Regedit, then Edit, then find and type in any files your aware of and delete them from the registry. Use your F3 key to find more after you delete until you find no more. This is just getting totally rediculous. You don't hear about this ____ with Apple Macs! b.d. de witt jr. As far as the firefox vs internet explorer (IE) advice - this is wrong as usual by misinformed users that spread this "hype".... Firefox, Opera, Safari browsers top list of high risk software 2009... http://www.prnewswire.com/news-releases/bit9-releases-annual-report-on-top-vulnerable-applications-in-2009-79401757.html Gerald60606 Windows Live Spaces http://gerald60606.spaces.live.com/default.aspx As far as the other incorrect advice to switch to apple/mac and linux - this is not good security advice as Windows is Unix Certified (secure and stable - only one) whereas Apple/Mac and Linux only achieved "Unix Like" which is LESS stable and LESS secure. As you say - read the news - then I suggest you do to become more informed. To keen your eye, the garbage of these arguments you were intimating (the whole dump windows scene) was spread all over the internet by criminal cyber gum shoes to flaf peopleinto Linux as computer dummies to then infect their machines into their botnets. SEE Botmasters, Botherders, etc. The only safety originally several years ago (that's how old and antiquidated your suggestion was) was that apple/Mac and Linux were less of a target to the cyber criminal underground because 90 percent of world computers run Windows - 'where the money is' (cyber crime target). They even claimed Apple/Mac and Linux could not get infected by malware - and is quite the absurd lies we know today. It is insulting as Windows Vista truly is the first Operating System that does NOT allow a virus to write to the disk and does NOT allow rootkits to run on it unless the user has listened to the rest of those garbage gumshoes telling them to turn off UAC. Appleand Linux can NOT make this claim at all !!! But go back in your mind or online and re-examine these arguements (worthless lies) across the board and as my TIP from someone in Amatuer Forensics is to re-word your good advice to 'Safe Practices' as to not be dismissed as part of that. But do indeed see what you are inviting people to that you are calling 'safer'.... this is not true at all !!! ..... First Mac OS X botnet activatedThe first botnet created with Mac computers running OS X software has beenactivated, according to reports filtering out across the Internet. ......http://www.networkworld.com/news/2009/041709-first-mac-os-x-botnet.html?Inform=nl&nlhtsec=rn_042009&nladname=042009securityal Linux role in botnets studiedThursday, 14 February 2008Researchers at a major security vendor are exploring the extent to which Linuxsystems - especially servers - are involved in the botnet plague.....http://www.itwire.com/content/view/16635/53/1/1/ Botnets were the leading online security problem for 2009....http://www.techday.co.nz/netguide/news/botnets-ruled-in-2009/14990/Gerald60606 Windows Live Spaces http://gerald60606.spaces.live.com/default.aspx
Free Windows Admin Tool Kit Click here and download it now
January 30th, 2010 12:19pm

@Bugbatter: Fancy meetin' you here! ;) Just passing through for a test drive. Moving on....
February 6th, 2010 4:52pm

Thru task mnager I was able to time the delete of av.exe to finally be able to log on to the internet. And then was able to update my Spyware doctor program. Every atemp and running Spyware prior would fail as the program would hang up at about 30%. I did the same thing, stopping the av.exe process during the Spyware scan and was finally able to complete it. It finally picked up this Xp Gaurdian scam and deleted it. After a reboot all seems well now.
Free Windows Admin Tool Kit Click here and download it now
February 9th, 2010 6:08pm

VMwareService.exe may be blocking internet access. Try to download Hijackthis and prevent VMwareService.exe process from loading at startup: http://www.pcindanger.com/xp-guardian-2010-removal.html
March 3rd, 2010 6:28pm

Followed exactly what you said to do, Rob - worked great. Thanks so much.
Free Windows Admin Tool Kit Click here and download it now
March 6th, 2010 5:21pm

This is one of those rogue antispyware software's that are changing their name depending on the os that you use. So you are using Vista that means name of it is XP Guardian . basiclly you just need to remove these files: av.exe and registry RUNNING PROGRAMav.exe Enjoy
March 8th, 2010 5:06pm

Try these steps :-****Once you remove the virus, exe files will not work****Before starting troubleshooting, have the following text copied into a notepad :-------Start --------Do not copy this line, copy starting next line ----------------Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\.exe]@="exefile""Content Type"="application/x-msdownload" [HKEY_CLASSES_ROOT\.exe\PersistentHandler]@="{098f2470-bae0-11cd-b579-08002b30bfeb}" [HKEY_CLASSES_ROOT\exefile]@="Application""EditFlags"=hex:38,07,00,00"TileInfo"="prop:FileDescription;Company;FileVersion""InfoTip"="prop:FileDescription;Company;FileVersion;Create;Size" [HKEY_CLASSES_ROOT\exefile\DefaultIcon]@="%1" [HKEY_CLASSES_ROOT\exefile\shell] [HKEY_CLASSES_ROOT\exefile\shell\open]"EditFlags"=hex:00,00,00,00 [HKEY_CLASSES_ROOT\exefile\shell\open\command]@="\"%1\" %*" [HKEY_CLASSES_ROOT\exefile\shell\runas] [HKEY_CLASSES_ROOT\exefile\shell\runas\command]@="\"%1\" %*" [HKEY_CLASSES_ROOT\exefile\shellex] [HKEY_CLASSES_ROOT\exefile\shellex\DropHandler]@="{86C86720-42A0-1069-A2E8-08002B30309D}" [HKEY_CLASSES_ROOT\exefile\shellex\PropertySheetHandlers] [HKEY_CLASSES_ROOT\exefile\shellex\PropertySheetHandlers\PEAnalyser]@="{09A63660-16F9-11d0-B1DF-004F56001CA7}" [HKEY_CLASSES_ROOT\exefile\shellex\PropertySheetHandlers\PifProps]@="{86F19A00-42A0-1069-A2E9-08002B30309D}" [HKEY_CLASSES_ROOT\exefile\shellex\PropertySheetHandlers\ShimLayer Property Page]@="{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}" -----------End--------------Do not copy this line. Copy till the end of previous line---------------1. Boot the computer in safe mode with networking- Usually by tapping F8 when the computer boots up2. Open My Computer, Click on tools and then folder options.3. Select - "Show hidden files and folders" - Uncheck "Hide protected operating system files"4. Apply and then OKFor XP :- 5. Navigate to C:\Documents and Settings\%userprofile%\Local Settings\Application Data6. Look for either of the following files :-- av.exe - msascui.exe7. Once you find the above file, open task manager(Ctrl+Shift+Esc) and kill the process with the same name8. Delete the file from the above folder****Once you remove the above file, exe files will not work. Hence open IE/Any browser already open and minimised****9. Now open the notepad file saved on your desktop earlier10. Click on file-> save as - Select file type as all files - Name the file as fix.reg - Encoding should be Unicode11. Run that file, it will edit the registry accordingly 12. Now restart the computer in normal mode and see if everything is working fine. - Mareechan
Free Windows Admin Tool Kit Click here and download it now
March 10th, 2010 6:38pm

Bay777, my security will not allow me to go to that site. I get a WARNING! because it is flagged asDangerous by Web Of Trust .
June 6th, 2010 3:41pm

I "reported" the post & link twice now. <sigh>~Robear
Free Windows Admin Tool Kit Click here and download it now
June 6th, 2010 7:48pm

How to remove MANY fake antivirus software (Includes XP Guardian Removal):Download this free software: http://www.softpedia.com/progDownload/Remove-Fake-Antivirus-Download-127588.htmlWhen you open the program, it shows you which fake antivirus it removes.How the program looks like (You can read what it removes): http://img806.imageshack.us/img806/1452/capturecm.pngIf your antivirus detects it, then it's a false positive!Youtube video tutorial for Remove Fake Antivirus: http://www.youtube.com/watch?v=g9EMHbJ1fJcopen it, and then click start. It'll ask you to start remove virus, click yes and then it will start to remove. This is a safe application.Best free antivirus software: 1. Microsoft Security Essentials. Link http://www.microsoft.com/security_essentials 2. AVG free 2011: http://download.cnet.com/AVG-Anti-Virus-Free-Edition-2011/3000-2239_4-10320142.html?part=dl-10044820&subj=dl&tag=button&cdlPid=11014801 3. Avira free: http://www.avira.com/en/free-download-avira-antivir-personal
January 27th, 2011 1:08pm

How to remove MANY fake antivirus software:Download this: http://www.softpedia.com/progDownload/Remove-Fake-Antivirus-Download-127588.htmlIf your antivirus detects it, then it's a false positive!Execute it, and then click start. It'll ask you to start remove virus, click yes and then it will start to remove. This is a safe application.
Free Windows Admin Tool Kit Click here and download it now
January 27th, 2011 1:13pm

its name is XP guardian
January 27th, 2011 1:14pm

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics