By changing its name according to the OS it finds, programs from XP Guard group infect computers unnoticeably with a help f Trojans. XP Guard is also distributed through fake online scanners, flash updates, misleading pop-ups that appear when you are browsing, so make sure that your anti-spyware is usually updated!
Having infiltrated the targeted computer, XP Guard will start causing numerous problems though it will try to convince you that it is extremely needed. Being quite hardly removable, this scam displays lots of false spyware detection reports and fabricated scanners that will announce the same thing. This unpaid activity also includes continuous pop-up ads and takeover of your browser to interrupt into your normal work with PC. XP Guard will misleadingly announce:
Going no further, XP Guard will say that for elimination of these problems, you firstly have to register its "full" version and now it should become obvious that it wants your money only. XP Guard should not be left inside your PC because it will let other scams to reach your machine and also starts fraudulent activity. Whenever you see XP Guard, don’t take seriously anything what it tells and stay away from it and its websites. Make sure that you remove XP Guard ASAP if it’s on your machine already.
UPDATE!!! One of PC security bloggers, S!Ri, has announced about a serial code that may help you to disable those malwares that change their names according to OS they find. Enter this serial code when doing registration: 1145-17884799-7733. This and the order number 21197673 should also work for earlier versions of this type of parasite.
After typing them, you should become able to use your anti-spyware, if it fails follow the guide written below. Be aware that these numbers are expected to change in the near future!
a) Burn these programs to CD or write them to USB disk. You can use your MP3 player, or smartphone if it has storage functions. This parasite does not spread through USB at the moment:
1. Spyware Doctor or an automatic removal tool below. Update Spyware Doctor and run a full system scan.
2.You might want to download Hitman Pro or Malwarebytes as alternate scanners. Though you are likely to be able to download them later on.
b) Boot normally. Wait for XP Guard to launch, and run exeregfix.reg . This should allow launching legitimate programs
c) Delete or remove the files that are mentioned in our files box. You can use Spyware Doctor to identify the infected files and additional infections or automatic XP Guard removal tool. Do not forget update it before scanning. Remove what it finds.
d) Scan with Spyware Doctor and secondary tools and reboot your PC. This should fully get rid of XP Guard.
XP Guard properties:
• Connects itself to the internet
• Hides from the user
• Stays resident in background
XP Guard manual removal
Delete registry values:
HKEY_CURRENT_USERSoftwareClasses.exeshellopencommand "(Default)" = "%UserProfile%Local SettingsApplication Datapw.exe" /START "%1" %*
HKEY_CURRENT_USERSoftwareClassespezfileshellopencommand "(Default)" = "%UserProfile%Local SettingsApplication Datapw.exe" /START "%1" %*
HKEY_CLASSES_ROOT.exeshellopencommand "(Default)" = "%UserProfile%Local SettingsApplication Datapw.exe" /START "%1" %*
HKEY_CLASSES_ROOTpezfileshellopencommand "(Default)" = "%UserProfile%Local SettingsApplication Datapw.exe" /START "%1" %*
HKEY_LOCAL_MACHINESOFTWAREClientsStartMenuInternetFIREFOX.EXEshellopencommand "(Default)" = "%UserProfile%Local SettingsApplication Datapw.exe" /START "C:Program FilesMozilla Firefoxfirefox.exe"
HKEY_LOCAL_MACHINESOFTWAREClientsStartMenuInternetFIREFOX.EXEshellsafemodecommand "(Default)" = "%UserProfile%Local SettingsApplication Datapw.exe" /START "C:Program FilesMozilla Firefoxfirefox.exe" -safe-mode
HKEY_LOCAL_MACHINESOFTWAREClientsStartMenuInternetIEXPLORE.EXEshellopencommand "(Default)" = "%UserProfile%Local SettingsApplication Datapw.exe" /START "C:Program FilesInternet Exploreriexplore.exe"
HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity Center "AntiVirusOverride" = "1"
HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity Center "FirewallOverride" = "1"
%UserProfile%Local SettingsApplication DataopRSK
%UserProfile%Local SettingsApplication Datapw.exe
%UserProfile%Local SettingsApplication DataMSASCui.exe
Geolocation of XP Guard
Comments on XP Guard
Post a comment
Attention: Use this form only if you have additional information about a parasite, its removal instructions, additional resources or behavior. By clicking "post comment" button you agree not to post any copyrighted, unlawful, harmful, threatening, abusive, harassing, defamatory, vulgar, obscene, profane, hateful, racially, ethnically or otherwise objectionable material of any kind.