Your computer is infected with malicious software? Do you have pop-ups on your PC?
If so, search this blog for removal instructions or browse computer threats by category.

Wednesday, April 9, 2014

Windows Internet Guard Removal Guide

Tell your friends:
Whether you think you may have been infected by a rogue antivirus program or you're just curious as to what they are, read on as this short article takes a close look at this particularly sneaky variety of malicious software. This page contains removal instructions for the Windows Internet Guard computer infection. Please use this guide to remove Windows Internet Guard and any associated malware.

What is Windows Internet Guard?

It's a malicious program that tries to trick you into downloading and sometimes paying for, it in order to remove viruses and threats that are completely fabricated. Fabricated by whom though? Fabricated by the makers of the rogue antivirus software, I'm sorry to say!

Windows Internet Guard malware screenshot

So as you can probably already tell from the very nature of its existence, rogue antivirus software is a very real online threat and one that you should take seriously. Unfortunately, however, rogue antivirus programs are increasingly becoming a big problem for both individual computer users at home and for businesses of all sizes. And being infected by one can not only leave us feeling duped, but we can end up out of pocket too.

How does Windows Internet Guard get on my computer in the first place?

To be honest there are a number of ways that this rogue antivirus software finds its way onto your PC however the most common one is via fraudulent pop-up windows and fake alerts that try to convince you that your machine has been infected. These alerts play on your insecurities and on your desire to protect your computer and your data. They will attempt to frighten you into downloading their software that will – supposedly - detect and delete the virus. And let's not lose sight of the fact that this is a fake virus. You can see where this is going!

Anything else I should look out for?

Quite honestly, yes. Pop-up windows are not the only way you can get infected by rogue antivirus software. Some other known ways include fake browser plug-ins and infected browser toolbars, fake online malware scanning websites and drive-by-downloads.

How do I protect myself against Windows Internet Guard?

So first and foremost, it is crucial that you bear in mind that these are fake warnings. But how can you tell? Especially when Windows Internet Guard pop-up windows have been designed to look like a genuine product? The key is to download a reputable, genuine antivirus software program to protect your computer. Take a good look at the logo, the design and the wording of this program and familiarize yourself with it. This is important as it will enable you to tell the difference if and when you are the victim of a spam pop-up alert.

You should also make sure your real antivirus software is kept up to date with the latest patches and that you run it frequently. A good antivirus will be able to spot any imposters. It is also important to note that a reputable antivirus publisher will never ask you for your credit card details before it performs its detect and delete procedure.

Good luck and stay safe out there!

Written by Michael Kaur, http://deletemalware.blogspot.com


Method 1: Windows Internet Guard removal using an activation key:

1. Open Windows Internet Guard scanner window. Click the "question mark button" (top right hand corner of the scanner window) and select "Register".



You should now see the registration form.

Enter one of the registration keys given below and click Register to activate this rogue security program. Don't worry, this is completely legal since it's not genuine software.

0W000-000B0-00T00-E0021 ← (new key)
0W000-000B0-00T00-E0001
0W000-000B0-00T00-E0002
0W000-000B0-00T00-E0003



Once this is done, you are free to install recommended anti-malware software and remove this malware from your computer.

2. Download recommended anti-malware software and run a full system scan to completely remove this rogue program and related malware from your computer.






Method 2: Windows Internet Guard removal instructions (Safe Mode with Command Prompt):

1. Reboot your computer in "Safe Mode with Command Prompt". As the computer is booting tap the "F8 key" continuously which should bring up the "Windows Advanced Options Menu" as shown below. Use your arrow keys to move to "Safe Mode with Command Prompt" and press Enter key.



2. Login as the same user you were previously logged in with in the normal Windows mode. When done, the Windows Command Prompt will open and you will see a screen similar to the one below.

3. Once the Command Prompt appears type in explorer and hit Enter.



4. The Windows desktop will now appear. When the desktop appears you can then close the Command Prompt window by clicking on the X.

5. Write the text in bold below to Notepad.

Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"GuardSoftware" =-

[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Shell"="explorer.exe"




6. Save file as fixshell.reg to your Desktop. NOTE: (Save as type: All files)



7. Double-click on fixshell.reg to run it. Click Yes for Registry Editor prompt window. Click OK.



NOTE: if you can't create the file as explained or you get an error, you can download the shellfix.reg file on a clean computer and burn it on to a CD or save it to a USB drive so that you can transfer the file to the infected computer. Then insert your CD or USB drive and double-click on the shellfix.reg and allow the data to be merged when you are prompted. Once the data has been merged, you can press the OK button and remove the removable media from your computer.

8. Please reboot your computer into the Normal Windows Mode and login as the infected user.

9. Now that you are at your normal Windows desktop, download recommended anti-malware software and run a full system scan. It will detect and remove this infection from your computer.






Method 3: Windows Internet Guard removal instructions (System Restore):

1. Reboot your computer in "Safe Mode with Command Prompt". As the computer is booting tap the "F8 key" continuously which should bring up the "Windows Advanced Options Menu" as shown below. Use your arrow keys to move to "Safe Mode with Command Prompt" and press Enter key.



2. Login as the same user you were previously logged in with in the normal Windows mode. When done, the Windows Command Prompt will open and you will see a screen similar to the one below.

3. Once the Command Prompt appears type in explorer and hit Enter.



4. The Windows desktop will now appear. When the desktop appears you can then close the Command Prompt window by clicking on the X.

5. Once in there, go to Start menu and search for "system restore". Or you can browse into the Windows Restore folder and run System Restore utility from there:

Win XP: C:\windows\system32\restore\rstrui.exe double-click or press Enter
Win Vista/7/8: C:\windows\system32\rstrui.exe double-click or press Enter

6. Select Restore to an earlier time or Restore system files... and continue until you get into the System Restore utility.



7. Select a restore point from well before the Windows Internet Guard appeared, two weeks should be enough.

8. Restore it. Please note, it can take a long time, so be patient.

9. Once restored, restart your computer and hopefully this time you will be able to login (Start Windows normally).

10. At this point, download recommended anti-malware software and run a full system scan to remove this malware from your computer.






Associated Windows Internet Guard Files:
  • C:\Documents and Settings\[User]\Application Data\guard-[random].exe (Windows XP)
  • C:\Users\[User]\AppData\Roaming\guard-[random].exe (Windows 7/8)
Associated Windows Internet Guard Keys:
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "GuardSoftware"
  • HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell"="C:\Users\[User]\AppData\Roaming\guard-[random].exe"

0 comments: