Updated on Tuesday, February 2nd, 2010
So you think your computer’s been infected by a bunch of malware and you’re glad a program called XP Guardian alerted you about them, eh? Well, your computer’s been infected alright. However, you shouldn’t be happy about the presence of XP Guardian. As a matter fact, you should be alarmed!
XP Guardian is actually a scamming, scheming piece of scareware. That is, if you do get scared, you may get to the point of even purchasing what this malware alleges as a full version that can provide maximum protection from the threats it’s been reporting to you about.
Truth be told, the threats that XP Guardian are warning you about are all fake. All those pop-ups and system scams are all fake.
Once XP Guardian infiltrates your system, it will immediately attack your Windows system registry and gain control even starting from boot up. In other words, one of the first few programs that will be running once you start turning on your computer will be XP Guardian.
This scareware is so innovative, that it can direct you to a bogus site designed to convince you into buying the so-called full version. Surely, you wouldn’t want your credit card information in the hands of shady individuals. Get rid of this malware now!
Symptoms Of Infection
- Your computer is acting slow. XP Guardian slow down your system significantly. This includes starting up, shutting down, playing games, and surfing the web.
- You are getting pestered with pop ups. XP Guardian infects your registry and uses it to launch annoying pop up ads out of nowhere.
- Searches are redirected or your homepage and desktop are settings are changed. This is a symptom of a very serious XP Guardian infection.
Dangers Of Infection
Viruses like XP Guardian will infect your registry and other important system files. If the infection is not treated it can cause a complete collapse of your system.
Some XP Guardian infections contain spyware and keyloggers which can be used to record sensitive data like passwords, credit card, bank account, and social security numbers. The longer you allow the infection to fester, the greater the chance of identity fraud.
How To Remove Infection Manually
Uninstall XP Guardian Processes
Delete XP Guardian Files
%UserProfile%\\Local Settings\\Application Data\\WRblt8464P
Remove XP Guardian Registry Files
HKEY_CURRENT_USER\Software\Classes\secfile\shell\open\command “(Default)” = “%UserProfile%\Local Settings\Application Data\av.exe” /START “%1″ %*
HKEY_CLASSES_ROOT\.exe\shell\open\command “(Default)” = “%UserProfile%\Local Settings\Application Data\av.exe” /START “%1″ %*
HKEY_CLASSES_ROOT\secfile\shell\open\command “(Default)” = “%UserProfile%\Local Settings\Application Data\av.exe” /START “%1″ %*
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command “(Default)” = “%UserProfile%\Local Settings\Application Data\av.exe” /START “C:\Program Files\Mozilla Firefox\firefox.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command “(Default)” = “%UserProfile%\Local Settings\Application Data\av.exe” /START “C:\Program Files\Mozilla Firefox\firefox.exe” -safe-mode
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command “(Default)” = “%UserProfile%\Local Settings\Application Data\av.exe” /START “C:\Program Files\Internet Explorer\iexplore.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center “AntiVirusOverride” = “1″
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center “FirewallOverride” = “1″
Popular Search Terms
Remove XP Guardian
Delete XP Guardian
Uninstall XP Guardian
How to get rid of XP Guardian
How to remove XP Guardian
XP Guardian removal
Warning! If Spyware Doctor is blocked by the virus then run your system in safe mode and try again. To do this reboot your system and tap F8 repeatedly as your computer starts up. Then run Spyware Doctor as normal.
Posted under Fake Antispyware | No Comments