NEWS
PARASITES
SOFTWARE
FORUM
DIRECTORY

 
 
 
 
 
 
  
Title: XP Guardian
Type: Rogue Antispyware

Remove XP Guardian. Removal instructions


 
Also known as: XPGuardian
Severity scale:XP Guardian severity is 72  (72 / 100)
 
XP Guardian is a fake anti-spyware program that is distributed through the use of Trojans or comes bundled with other malware. Once a Trojan virus is installed, it will impersonate an Automatic Windows Updates window and download the rogue program onto your computer. When the rogue program is active, it will imitate a system scan and report false system security threats. What is more, XPGuardian will constantly display fake security alerts and impersonate Windows Security Center to make the scam look more realistic. Finally it will ask you to pay for a full version of the program to remove the infections which don't even exist. Don't purchase it and remove XP Guardian virus from your computer upon detection.

XP Guardian graphical user interface
[Figure 1. XP Guardian graphical user interface]

The worst thing about XP Guardian is that it actually protects itself quite well. It blocks legitimate security software and hijack web browsers. In some cases it blocks all programs, not only anti-virus or anti-spyware software. Furthermore, it will detect many of well known and reputable websites as harmful and display fake security alert stating that you may infect your PC if you open a particular website. And of course, it disables certain Windows functions such as Task Manager or Regedit. It's possible to remove it manually, but you have to re-enable those Windows functions at first. You may also download an automatic removal tool, but again have to fix some registry entries and terminate the main process of XPGuardian which is AV.exe to be able to run the removal tool.

XP Guardian removal instructions:

1. Click Start->Run (or WinKey+R). Input: "command". Press Enter or click OK.


2. Type "notepad" as shown in the image below and press Enter. Notepad will open.


3. Copy and past the following text into Notepad:


Windows Registry Editor Version 5.00

[-HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command]
[-HKEY_CURRENT_USER\Software\Classes\secfile\shell\open\command]
[-HKEY_CLASSES_ROOT\.exe\shell\open\command]

[HKEY_CLASSES_ROOT\.exe]
@="exefile"
"Content Type"="application/x-msdownload"

[-HKEY_CLASSES_ROOT\secfile]

4. Save file as "exefix.reg" (without quotation-marks) to your Desktop.
NOTE: choose Save as type: All files


5. Double-click to open exefix.reg. Click "Yes" for Registry Editor prompt window.

6. Download Spyware Doctor or an automatic removal tool below. Update Spyware Doctor and run a full system scan.

If you can't complete the above steps then please use another PC to download an automatic removal tool and exefix.reg (Right Click (Save Target As)) to download file. Copy these files to USB flash drive or any other external media and transfer them to infected computer. Launch exefix.reg file first and then install Spyware Doctor.

Related files: %UserProfile%\Local Settings\Application Data\av.exe, %UserProfile%\Local Settings\Application Data\WRblt8464P

XP Guardian properties:
• Changes browser settings
• Shows commercial adverts
• Connects itself to the internet
• Stays resident in background

Automatic XP Guardian removal:

remover for XP Guardian
SpyHunter is recommended remover to uninstall XP Guardian. You should confirm using free trial that it detects current version of parasite.

Note: Tested and Confirmed means that we have tested spyware remover with multiple versions of XP Guardian and got the best results. There might be updated or modified version of particular parasite that require manual killing of parasite process or an update. In such case try other removers in the line.

Manual assistance required means that one or all of removers were unable to remove parasite without some manual intervention, please read manul removal instructions below.

If you failed to remove XP Guardian using SpyHunter please report this to us.

We might be affiliated with any product we recommend on the site. Full disclosure in our Agreement of Use.
STOPzilla
download | review
Tested and Confirmed! STOPzilla removes XP Guardian (2010-01-28 05:14:37)
Malwarebytes Anti Malware
download | review
Tested and Confirmed! Malwarebytes Anti Malware removes XP Guardian (2010-01-28 05:14:37)
Spyware Doctor
download | review | tutorial
We are testing Spyware Doctor's efficiency at removing XP Guardian (2010-04-25 10:42:11)
XoftSpySE Anti Spyware
download | review

XP Guardian manual removal:

Kill processes:
av.exe
HELP:
how to kill malicious processes

Delete registry values:
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command "(Default)" = "%UserProfile%\Local Settings\Application Data\av.exe" /START "%1" %*
HKEY_CURRENT_USER\Software\Classes\secfile\shell\open\command "(Default)" = "%UserProfile%\Local Settings\Application Data\av.exe" /START "%1" %*
HKEY_CLASSES_ROOT\.exe\shell\open\command "(Default)" = "%UserProfile%\Local Settings\Application Data\av.exe" /START "%1" %*
HKEY_CLASSES_ROOT\secfile\shell\open\command "(Default)" = "%UserProfile%\Local Settings\Application Data\av.exe" /START "%1" %*
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command "(Default)" = "%UserProfile%\Local Settings\Application Data\av.exe" /START "C:\Program Files\Mozilla Firefox\firefox.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command "(Default)" = "%UserProfile%\Local Settings\Application Data\av.exe" /START "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command "(Default)" = "%UserProfile%\Local Settings\Application Data\av.exe" /START "C:\Program Files\Internet Explorer\iexplore.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center "AntiVirusOverride" = "1"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center "FirewallOverride" = "1"
HELP:
how to remove registry entries

Delete files:
%UserProfile%\\Local Settings\\Application Data\\av.exe %UserProfile%\\Local Settings\\Application Data\\WRblt8464P
HELP:
how to remove harmful files
Information added: 2010-01-28 05:14:37
Information updated: 2010-04-25 08:04:56

Additional resources related to XP Guardian:

Attention: If you know or you have a website or page about XP Guardian removal, feel free to add a link to this list: add url
more resources
0
0
<Guest>
OMG thank you, it worked!
i can open stuff again
2010 01 28
0
0
Captain Morgan
NOTE!!!!

If you follow the manual removal instructions don't just delete values, replace it with "%1" %* otherwise you will not be able to open any applications.
2010 02 01
0
0
<Guest>
thank you, it worked
2010 02 02
0
0
<Guest>
The death penalty for whoever wrote XP Guardian
2010 02 04
0
0
<Guest>
THANK GOD FOR THE ANGEL WHO DEVELOPEDMTHESE TOOLS.
I COULD NOT EVEN RELOAD XP.
BLESSINGS
2010 02 06
0
0
<Guest>
I clicked Regedit down and forgot the "%1" %* what do i do?
cant open anything got nod32 and Mozilla started.
2010 02 08
0
0
<Guest>
thanx... it works.... mannual... :)
2010 02 09
0
0
<Guest>
Many thanks. I've added this site to my security collection in favourites.
2010 02 12
0
0
<Guest>
Many thanks. It's great to have sites like yours who help out desparate users!
2010 02 18
0
0
Chicken
Had to do it manually but now I think it is gone for good. I don't know much about computers and this helped me a lot. Also, like Captain Morgan said DO NOT DELETE THE VALUES. It stops you from opening things and can be a real b***h when you already have XP Guardian on your hands.
2010 02 19
0
0
<Guest>
i almost purchased it to make the pop-ups go away, thank god for this website do i have to keep spyware doctor on my computer now or can i uninstall it when all is back to normal?
2010 02 20
0
0
...
Wait..
I have to pay for spyware doctor to remove the threats?
What the hell?
2010 02 23
0
0
<Guest>
You don't need to do the sixth step... once you've finished the fifth you can reboot your computer and run a scan on your own security system if you want.
2010 02 23
0
0
<Guest>
100% efective! Just I removal XP Guardian thanks to this article.

THANKS!!
2010 02 27
0
0
<Guest>
thanks it worked
2010 02 27
0
0
cvoelcker
I add my thanks. The process worked!
2010 02 27
0
0
<Guest>
Worked for me. One thing to try that worked for me to be able to use my browser was I kept shutting down "av.exe". That seems to be the executable causing the problem.
2010 02 28
0
0
oznerol
When i try to open the exefix.reg file it tells me it can only open binary files . whats going on?
2010 03 01
0
0
<Guest>
Worked great! I followed the directions through step 5, then rebooted as one of the other posts suggested and I was back up and running within 5 minutes. Following that I ran the spyware scan in the background.
2010 03 01
0
0
<Guest>
Wonderful. Thank goodness for this information. Was a little concerned about downloading further programmes when I wasn't really sure what I was doing (not a computer expert). It certainly did the trick though. MANY THANKS !
2010 03 02
0
0
<Guest>
omg thank YOU SO MUCH
I WAS FREAKING OUT WHEN THAT SHIT POPPED UP
2010 03 02
0
0
Kanth
Please help me. I followed the manual steps above but didn't see Captain Morgan's suggestion until it's too late. I cannot open .exe files now. What should I do now?

Thank you very much for such a wonderful site.
2010 03 03
0
0
April
What I'd like to know is how you can avoid these things. What kind of sites should you avoid going into? It seems whenever my daughter is on my computer I start getting these darn viruses! What can I do to stop it?
2010 03 04
0
0
<Guest>
I'm getting a "binary only" message upon using exefix.reg. Any suggestions?
2010 03 05
0
0
<Guest>
mine keeps sayin only binary my brother only just told me it was a freakin virus my pc bin like this for 3 dam days i was ready to kill my mate as i thought he had messed it up lol
2010 03 05
0
0
<Guest>
Awesome instructions! Had the whole computer fixed, up, and running in about 5 minutes. Thank you, Thank you, Thank you! :)
2010 03 05
0
0
Andrew
omg thank you sooooooooo much, this program almost had my buying it before i realized it was a viruse, and your instructions saved it. Thank you sooooo much!!!!=]
2010 03 06
0
0
<Guest>
too bad you have to pay for this service!!!!!!!!!!!!!
2010 03 06
0
0
<Guest>
For anyone having the "binary only" prompt, open the file again using Notepad and go to "save as" then make sure "file type" is set to "All Files" and not text.
2010 03 07
0
0
<Guest>
this just worked for me, brilliant
2010 03 08
0
0
<Guest>
This is amazing! Your steps totally helped me!
I did all till step 5 and rebooted my computer and it;s gone!
Currently running my scan now but it seems to be ok.
THANK YOU VERY MUCH!
SERIOUSLY.
Thank you!
2010 03 08
0
0
Guest
OMG i dont get it i did a scan and it worked but suddenly my computer shutted down for no reason then when i turned it on Guess what...IT CAME BACK :( and now when i do a scan it wont work and it is still on my computer :(
2010 03 09
0
0
<Guest>
I dont get this it wont go away even if i do the steps :(
2010 03 09
0
0
<Guest>
Hi can you tell me if a system restore will also get rid of it. As i have done this and Guardian doesn't appear to be running but am concerned that it is still somewhere on my computer
2010 03 09
0
0
<Guest>
Thanks man, worked like a charm A++++++++
2010 03 10
0
0
PR
i did all the registry edits, up until the file that needs to be deleted "%UserProfile%Local SettingsApplication Dataav.exe %UserProfile%Local SettingsApplication DataWRblt8464P "

how do i get rid of this one?
2010 03 10
0
0
<Guest>
im getting the binary code when i open it from the desktop even when saves under all files so then i tried to open it in the registry and it says some keys are open by the system or other process, any suggestions?
2010 03 11
0
0
<Guest>
thankyou, saved alot of time and effort
2010 03 14
0
0
<Guest>
Worked perfectly! I am so glad there is help against these terrible spyware programs that work and are free. THANK YOU!!
2010 03 14
0
0
<Guest>
worked perfectly fine. Another way is to
Step 1: open registry file by Start - > Run -> type regedit
Step 2: Go to Edit->Find and search "av.exe"
Step 3: delete entry
Step 4 : press F3 for find next and repeat step 3.
Step 5 : restart system after all entries are removed.
2010 03 14
0
0
<Guest>
Help please i have followed all the instructions BUT when spy doctor is installing and there is only 32kb to go. I am getting an error message. and the guardian is still doing my head in. I'm no expert on computers need an idiots guide
karole
2010 03 16
0
0
<Guest>
I also got the "binary only" error message when I created the regedit file myself. So I downloaded regedit and Windows Defender to another computer and transferred to the infected computer on a thumb drive and the procedure worked perfectly!
2010 03 18
0
0
<Guest>
Um.. i tried to edit my registry, but it said "editing registry is disabled by your admiistrator." What to I do?
2010 04 15
0
0
<Guest>
I am also getting the message "editing registry is disabled by your admiistrator." What to I do? HELP PLEASE
2010 04 25

Post Comment:

Attention: Use this form only if you have additional information about XP Guardian parasite, its removal instructions, additional resources or behavior. By clicking "post comment" button you agree not to post any copyrighted, unlawful, harmful, threatening, abusive, harassing, defamatory, vulgar, obscene, profane, hateful, racially, ethnically or otherwise objectionable material of any kind.
Home page Name



«


* All field required
Latest spyware news:
Subscribe to news

Similar parasites:
Related discussions:
Compare spyware removers
Compare free products

HijackThis Log Analyzer Beta 2 HijackThis Log Analyzer Beta 2

I failed to remove XP Guardian using SpyHunter.

Email


Close

Spreading the knowledge:

It is very hard to fight Computer parasites alone in internet space. If you have a website we would be more than happy if you would help us to spread the knowledge about latest threats. You can help your visitors to manage their Computer system manually without aditional expences. Knowledge is the power, we just need to spread it.
add text box
rss feed
help other
Latest Spyware Threats: Internet Security 2012 | Win 7 Total security 2012 | System Check | Win 7 Internet Security 2012 | Win 7 Home Security 2012 | Win 7 Antivirus 2012 | Win 7 Antispyware 2012 | Vista Security 2012 | Vista Antivirus 2012 | Vista Antispyware 2012 | XP Antispyware 2012 | XP Antivirus 2012 | XP Security 2012 | XP Home Security 2012 | Security Shield
Agreement of Use | Privacy policy | Webmasters | Contact us | RSS Feeds
© 2001-2011 2-spyware.com All Rights Reserved. Reproduction in part or whole without written permission is prohibited. Powered by: eSolutions.