Windows Guardian Angel is a system of popups that very plausibly ape a tool for computer security. However, it is not concerned with system security issues. Not a single virus ever suffers of the self-appointed antivirus quarantining or removing activities. Moreover, the fake cannot detect threats, includes not a single virus detection routines.
In the meantime, the popups are actually produced by a full-featured virus of rootkit functionality. It takes care of its own protection very well affecting boot sector area and creating fake system drivers or modifying existing drivers to bewilder programs potentially capable of performing Windows Guardian Angel removal.
Get rid of Windows Guardian Angel fake antispyware, as well as ensure detection and extermination of other viruses following the free scan link.
In the meantime, the popups are actually produced by a full-featured virus of rootkit functionality. It takes care of its own protection very well affecting boot sector area and creating fake system drivers or modifying existing drivers to bewilder programs potentially capable of performing Windows Guardian Angel removal.
Get rid of Windows Guardian Angel fake antispyware, as well as ensure detection and extermination of other viruses following the free scan link.
Windows Guardian Angel screenshot:
Windows Guardian Angel manual removal directions:
Delete infected files:
%AppData%\NPSWF32.dll
%AppData%\Protector-.exe
%AppData%\result.db
%CommonStartMenu%\Programs\Windows Guardian Angel.lnk
%Desktop%\Windows Guardian Angel.lnk
Delete registry entries created by Windows Guardian Angel:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "WarnOnHTTPSToHTTPRedirect" = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableRegedit" = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableRegistryTools" = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableTaskMgr" = 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system "ConsentPromptBehaviorAdmin" = 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system "ConsentPromptBehaviorUser" = 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system "EnableLUA" = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "Inspector"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings "net" = "2012-3-20_1"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings "UID" = "hhkuubvnyh"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AntivirusPro_2010.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avptc32.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\exantivirus-cnet.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcsysmon.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pcip10117_0.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\scan95.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tvtmd.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\xpf202en.exe
No comments:
Post a Comment