AV Guard Online

Threat Scorecard

Threat Level: 100 % (High)
Infected Computers: 20
First Seen: October 5, 2011
Last Seen: August 17, 2022
OS(es) Affected: Windows

AV Guard Online Image

AV Guard Online

AV Guard Online is a kind of malware infection known as a rogue anti-spyware program. Despite its genuine-sounding name and convincing interface, AV Guard Online can be easily categorized as a rogue anti-spyware program. This is because, according to ESG PC security researchers, AV Guard Online has no legitimate anti-virus capabilities. This fake anti-virus program exists for the sole reason of scamming inexperienced computer users and tricking them into purchasing an also fake "full version" of AV Guard Online. If AV Guard Online is installed on your computer system, ESG malware analysts strongly recommend using a real anti-malware application to remove it permanently.

What Makes AV Guard Online a Rogue Anti-Virus Program?

There are several aspects of AV Guard Online that are typical of most rogue anti-virus programs. Below, ESG PC security researchers have listed some of the main reasons why AV Guard Online is considered a rogue rather than a real security application:

  1. AV Guard Online is installed through deceptive or even criminal means. There are two main ways that AV Guard Online can enter a computer system: it can be either installed with the help of a Trojan infection, or directly by the victim. There are several Trojans that are associated with rogue anti-spyware programs like AV Guard Online. Some examples of these include the Vundo Trojan, the Zlob Trojan, and the Fake Microsoft Security Essentials Alert Trojan. Other rogue anti-spyware programs similar to AV Guard Online are Security Sphere 2012, Data Restore, Data Recovery, Fake System Restore, Cloud Protection, OpenCloud AV, OpenCloud Security and OpenCloud Antivirus. An inexperienced computer user, taken in by deceptive marketing, may also directly download and install AV Guard Online.
  2. AV Guard Online makes harmful changes to the Windows Registry and to a computer system's settings. These changes allow it to start up and run in the background with the user's authorization. They also allow AV Guard Online to block certain applications (mainly legitimate security programs) and access to the Internet. These changes to the Windows Registry also allow AV Guard Online to display constant fake security alerts in an attempt to convince the victim to purchase a useless "full version" of this rogue.
  3. A computer system infected with AV Guard Online will quickly become unstable and show a marked decrease in performance. This is due to the fact that AV Guard Online hogs up system resources, also conflicting with many legitimate Windows components and applications.

ScreenshotScreenshotScreenshotScreenshotScreenshot

SpyHunter Detects & Remove AV Guard Online

AV Guard Online Video

Tip: Turn your sound ON and watch the video in Full Screen mode.

File System Details

AV Guard Online may create the following file(s):
# File Name MD5 Detections
1. c5aQJ6dEKfZhXjV.exe cf9e5ae469561b8bce223eb8496a005c 3
2. %AppData%\conhost.exe %AppData%\csrss.exe
3. %SystemRoot%\system32\[random].exe
4. %Windows%\system32\[random].exe
5. %AppData%\Microsoft\csrss.exe
6. %SystemRoot%\system32\[random].exe %AppData%\[random]EAV Guard Online.ico
7. %Temp%\54.tmp %Temp%\55.tmp
8. %Documents and Settings%\[UserName]\Desktop\AV Guard Online.lnk
9. %UserProfile%\Desktop\AV Guard Online.lnk %Temp%\4F.tmp %Temp%\53.tmp
10. %Documents and Settings%\[UserName]\Local Settings\Temp\[random].tmp
11. %AppData%\E84E.1B6 %AppData%\ldr.ini %AppData%\[random]\ %AppData%\[random]\ %AppData%\[random]\
12. %UserProfile%\Start Menu\Programs\AV Guard Online\ %UserProfile%\Start Menu\Programs\AV Guard Online\AV Guard Online.lnk

Registry Details

AV Guard Online may create the following registry entry or registry entries:
HKEY_CURRENT_USER\software\Microsoft\Windows\CurrentVersion\Internet Settings "ProxyEnable=00000001"
HKEY_CURRENT_USER\software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections "SavedLegacySettings=3C0000006B0000000…"
HKEY_CURRENT_USER\software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell=explorer.exe,%AppData%\conhost.exe"
HKEY_LOCAL_MACHINE\system\CurrentControlSet\Hardware Profiles\0001\Software\Microsoft\windows\CurrentVersion\Internet Settings "ProxyEnable=00000001"
HKEY_CURRENT_USER\software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections "DefaultConnectionSettings=3C0000000B0000000…"
HKEY_CURRENT_USER\software\Microsoft\Windows NT\CurrentVersion\Windows "Load=%SystemRoot%\system32\lvvm.exe"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce "AV Guard Online"
HKEY_CURRENT_USER\software\Microsoft\Windows\CurrentVersion\Internet Settings "ProxyServer=http=127.0.0.1:53717"
HKEY_CURRENT_USER\software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run "%RANDOM%=%AppData%\csrss.exe"
HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Run "gTZqjYCkIrOyAuS8234A=%SystemRoot%\system32\[random]"

Messages

The following messages associated with AV Guard Online were found:

Security Warning
There are critical system files on your computer that were modified by malicious software.
It may cause permanent data loss.
Click here to remove malicious software.
Windows Security Alert
To help protect your computer, Windows Firewall has blocked some features of this program.
Do you want to keep blocking this program?
Name: Zeus Trojan Publisher: Unauthorized

Trending

Most Viewed

Loading...