Friday, May 25, 2012

Remove Windows Guard Tools malware to avoid errors in security tools and other useful apps

Windows Guard Tools is a computer infection designed to look like a tool to combat viruses and worms. It is a new method for cheating users applied by hacker.
The fake antispyware authors are well-aware of the possibility of their program prosecution, both by sophisticated users and genuine security suites. Accordingly, they have provided for a set of trick to reduce the risk of Windows Guard Tools removal.
Those measures are combined with misleading informational attacks on users. In the wild, the adware has been observed to popup a message on error occurred in certain file, which is an actual part of true antivirus. This error has been generated by the malware, but it never hesitate blaming random virus names for that.
Get rid of Windows Guard Tools malware to prevent errors in useful applications – use free scanner available here.

Windows Guard Tools screenshot:




Windows Guard Tools activation code (helps removal):
0W000-000B0-00T00-E0020
NOTE: "Activating" Windows Safety Maintenance is not enough. You need to remove related trojans \ rootkits using reliable malware removal solution.
It is important to fix Windows registry after Windows Safety Maintenance malware removal using safe registry cleaner software.

Windows Guard Tools manual removal guide:

Delete infected files:
%AppData%\NPSWF32.dll
%AppData%\Protector-[random 3 characters].exe
%AppData%\Protector-[random 4 characters].exe
%AppData%\W34r34mt5h21ef.dat
%AppData%\result.db
%CommonStartMenu%\Programs\Windows Guard Tools.lnk
%Desktop%\Windows Guard Tools.lnk
Delete Windows Guard Tools registry entries:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings “WarnOnHTTPSToHTTPRedirect” = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System “DisableRegedit” = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System “DisableRegistryTools” = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System “DisableTaskMgr” = 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system “ConsentPromptBehaviorAdmin” = 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system “ConsentPromptBehaviorUser” = 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system “EnableLUA” = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “Inspector”
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings “net” = “2012-4-27_2″
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings “UID” = “tovvhgxtud”
HKEY_CURRENT_USER\Software\ASProtect
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\[random].exe

No comments: