NEWS
PARASITES
SOFTWARE
FORUM
DIRECTORY

 
 
 
 
 
 
  

Remove XP Guardian. Description and removal instructions

 
Title: XP Guardian
 Also known as: XPGuardian
Type: Spyware
Severity scale:XP Guardian severity is 72  (72 / 100)
 
XP Guardian is a fake anti-spyware program that is distributed through the use of Trojans or comes bundled with other malware. Once a Trojan virus is installed, it will impersonate an Automatic Windows Updates window and download the rogue program onto your computer. When the rogue program is active, it will imitate a system scan and report false system security threats. What is more, XPGuardian will constantly display fake security alerts and impersonate Windows Security Center to make the scam look more realistic. Finally it will ask you to pay for a full version of the program to remove the infections which don't even exist. Don't purchase it and remove XP Guardian virus from your computer upon detection.

XP Guardian graphical user interface
[Figure 1. XP Guardian graphical user interface]

The worst thing about XP Guardian is that it actually protects itself quite well. It blocks legitimate security software and hijack web browsers. In some cases it blocks all programs, not only anti-virus or anti-spyware software. Furthermore, it will detect many of well known and reputable websites as harmful and display fake security alert stating that you may infect your PC if you open a particular website. And of course, it disables certain Windows functions such as Task Manager or Regedit. It's possible to remove it manually, but you have to re-enable those Windows functions at first. You may also download an automatic removal tool, but again have to fix some registry entries and terminate the main process of XPGuardian which is AV.exe to be able to run the removal tool.

XP Guardian removal instructions:

1. Click Start->Run (or WinKey+R). Input: "command". Press Enter or click OK.


2. Type "notepad" as shown in the image below and press Enter. Notepad will open.


3. Copy and past the following text into Notepad:


Windows Registry Editor Version 5.00

[-HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command]
[-HKEY_CURRENT_USER\Software\Classes\secfile\shell\open\command]
[-HKEY_CLASSES_ROOT\.exe\shell\open\command]

[HKEY_CLASSES_ROOT\.exe]
@="exefile"
"Content Type"="application/x-msdownload"

[-HKEY_CLASSES_ROOT\secfile]

4. Save file as "exefix.reg" (without quotation-marks) to your Desktop.
NOTE: choose Save as type: All files


5. Double-click to open exefix.reg. Click "Yes" for Registry Editor prompt window.

6. Download Spyware Doctor or an automatic removal tool below. Update Spyware Doctor and run a full system scan.

If you can't complete the above steps then please use another PC to download an automatic removal tool and exefix.reg (Right Click (Save Target As)) to download file. Copy these files to USB flash drive or any other external media and transfer them to infected computer. Launch exefix.reg file first and then install Spyware Doctor.

FORUM:
Discuss XP Guardian in
spyware removal forum

Related files: %UserProfile%\Local Settings\Application Data\av.exe, %UserProfile%\Local Settings\Application Data\WRblt8464P

XP Guardian properties:
• Changes browser settings
• Shows commercial adverts
• Connects itself to the internet
• Stays resident in background

Automatic XP Guardian removal:

remover for XP Guardian

XP Guardian manual removal:

Kill processes:
av.exe
HELP:
how to kill malicious processes

Delete registry values:
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command "(Default)" = "%UserProfile%\Local Settings\Application Data\av.exe" /START "%1" %*
HKEY_CURRENT_USER\Software\Classes\secfile\shell\open\command "(Default)" = "%UserProfile%\Local Settings\Application Data\av.exe" /START "%1" %*
HKEY_CLASSES_ROOT\.exe\shell\open\command "(Default)" = "%UserProfile%\Local Settings\Application Data\av.exe" /START "%1" %*
HKEY_CLASSES_ROOT\secfile\shell\open\command "(Default)" = "%UserProfile%\Local Settings\Application Data\av.exe" /START "%1" %*
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command "(Default)" = "%UserProfile%\Local Settings\Application Data\av.exe" /START "C:\Program Files\Mozilla Firefox\firefox.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command "(Default)" = "%UserProfile%\Local Settings\Application Data\av.exe" /START "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command "(Default)" = "%UserProfile%\Local Settings\Application Data\av.exe" /START "C:\Program Files\Internet Explorer\iexplore.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center "AntiVirusOverride" = "1"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center "FirewallOverride" = "1"
HELP:
how to remove registry entries

Delete files:
%UserProfile%\\Local Settings\\Application Data\\av.exe %UserProfile%\\Local Settings\\Application Data\\WRblt8464P
HELP:
how to remove harmful files

Other programs to remove XP Guardian:

• Malwarebytes Anti Malware - Review - Download
• Malwarebytes Anti Malware - Review - Download
• Windows Defender - Review - Download

Information added: 28/01/10
Information updated: 25/04/10

Additional resources related to XP Guardian:

Attention: If you know or you have a website or page about XP Guardian removal, feel free to add a link to this list: add url



more resources

Post Comment:

Attention: Use this form only if you have additional information about XP Guardian parasite, its removal instructions, additional resources or behavior. By clicking "post comment" button you agree not to post any copyrighted, unlawful, harmful, threatening, abusive, harassing, defamatory, vulgar, obscene, profane, hateful, racially, ethnically or otherwise objectionable material of any kind.



Enter security code:


Comments from visitors:

1. by . 2010-04-25 08:04:56
I am also getting the message "editing registry is disabled by your admiistrator." What to I do? HELP PLEASE

2. by . 2010-04-15 20:04:37
Um.. i tried to edit my registry, but it said "editing registry is disabled by your admiistrator." What to I do?

3. by . 2010-03-18 14:03:43
I also got the "binary only" error message when I created the regedit file myself. So I downloaded regedit and Windows Defender to another computer and transferred to the infected computer on a thumb drive and the procedure worked perfectly!

4. by . 2010-03-16 17:03:41
Help please i have followed all the instructions BUT when spy doctor is installing and there is only 32kb to go. I am getting an error message. and the guardian is still doing my head in. I'm no expert on computers need an idiots guide
karole

5. by . 2010-03-14 19:03:57
worked perfectly fine. Another way is to
Step 1: open registry file by Start - > Run -> type regedit
Step 2: Go to Edit->Find and search "av.exe"
Step 3: delete entry
Step 4 : press F3 for find next and repeat step 3.
Step 5 : restart system after all entries are removed.

6. by . 2010-03-14 16:03:40
Worked perfectly! I am so glad there is help against these terrible spyware programs that work and are free. THANK YOU!!

7. by . 2010-03-14 06:03:27
thankyou, saved alot of time and effort

8. by . 2010-03-11 01:03:46
im getting the binary code when i open it from the desktop even when saves under all files so then i tried to open it in the registry and it says some keys are open by the system or other process, any suggestions?

9. by PR. 2010-03-10 21:03:11
i did all the registry edits, up until the file that needs to be deleted "%UserProfile%\Local Settings\Application Data\av.exe %UserProfile%\Local Settings\Application Data\WRblt8464P "

how do i get rid of this one?

10. by . 2010-03-10 00:03:31
Thanks man, worked like a charm A++++++++

11. by . 2010-03-09 10:03:22
Hi can you tell me if a system restore will also get rid of it. As i have done this and Guardian doesn't appear to be running but am concerned that it is still somewhere on my computer

12. by . 2010-03-09 00:03:50
I dont get this it wont go away even if i do the steps :(

13. by Guest. 2010-03-09 00:03:26
OMG i dont get it i did a scan and it worked but suddenly my computer shutted down for no reason then when i turned it on Guess what...IT CAME BACK :( and now when i do a scan it wont work and it is still on my computer :(

14. by . 2010-03-08 16:03:24
This is amazing! Your steps totally helped me!
I did all till step 5 and rebooted my computer and it;s gone!
Currently running my scan now but it seems to be ok.
THANK YOU VERY MUCH!
SERIOUSLY.
Thank you!

15. by . 2010-03-08 09:03:55
this just worked for me, brilliant

16. by . 2010-03-07 12:03:30
For anyone having the "binary only" prompt, open the file again using Notepad and go to "save as" then make sure "file type" is set to "All Files" and not text.

17. by . 2010-03-06 18:03:57
too bad you have to pay for this service!!!!!!!!!!!!!

18. by Andrew. 2010-03-06 10:03:35
omg thank you sooooooooo much, this program almost had my buying it before i realized it was a viruse, and your instructions saved it. Thank you sooooo much!!!!=]

19. by . 2010-03-05 20:03:30
Awesome instructions! Had the whole computer fixed, up, and running in about 5 minutes. Thank you, Thank you, Thank you! :)

20. by . 2010-03-05 18:03:07
mine keeps sayin only binary my brother only just told me it was a freakin virus my pc bin like this for 3 dam days i was ready to kill my mate as i thought he had messed it up lol

See more comments about XP Guardian >>>
Latest spyware news:
Similar parasites:
Related discussions:
Latest Spyware Threats: VirusProtect Pro | VirusLocker | SpyCrush | ContraVirus | SpyLocked | SpyDawn | AntiVerminser | SpywareQuake | VirusBurst | AntiVermins | AntiVermeans | Zlob | PopCorn.net | MovieLand | TagASaurus | BraveSentry | VirusBurster | SystemDoctor | VirusRescue | MalwareWipe | SpySheriff | CmdService | Smitfraud | SpywareStrike | WinFixer | WinHound | PestTrap | UnSpyPC
Agreement of Use | Privacy policy | Webmasters | Contact us | RSS Feeds
© 2001-2008 2-spyware.com All Rights Reserved. Reproduction in part or whole without written permission is prohibited. Powered by: eSolutions.