Windows Guard Solutions
Threat Scorecard
EnigmaSoft Threat Scorecard
EnigmaSoft Threat Scorecards are assessment reports for different malware threats which have been collected and analyzed by our research team. EnigmaSoft Threat Scorecards evaluate and rank threats using several metrics including real-world and potential risk factors, trends, frequency, prevalence, and persistence. EnigmaSoft Threat Scorecards are updated regularly based on our research data and metrics and are useful for a wide range of computer users, from end users seeking solutions to remove malware from their systems to security experts analyzing threats.
EnigmaSoft Threat Scorecards display a variety of useful information, including:
Ranking: The ranking of a particular threat in EnigmaSoft’s Threat Database.
Severity Level: The determined severity level of an object, represented numerically, based on our risk modeling process and research, as explained in our Threat Assessment Criteria.
Infected Computers: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
See also Threat Assessment Criteria.
| Threat Level: | 100 % (High) |
| Infected Computers: | 24 |
| First Seen: | April 18, 2012 |
| OS(es) Affected: | Windows |
Windows Guard Solutions Image
You should not be fooled by Windows Guard Solutions' name and appearance; this supposed anti-virus application is really a malware infection that is part of the Rogue:FakeVimes family of malware. Windows Guard Solutions carries out the typical rogue anti-virus scam, using fake error messages to induce panic in its victims. Once the victim believes their computer is infected with malware, Windows Guard Solutions will attempt to convince the victim to purchase a useless upgrade for this fake security program. Windows Guard Solutions impersonates an actual security program and borrows heavily from the interfaces of common security applications. However, trying to use Windows Guard Solutions to fix a malware problem simply results in error messages claiming that an expensive "full version" of Windows Guard Solutions is needed to fix the problems.
While all of this may be annoying, a Windows Guard Solutions infection is often accompanied by other severe problems on the infected computer system. For example, a computer infected with Windows Guard Solutions will often become slow and unresponsive, crash frequently, and have problems connecting to the Internet. Because of this, Windows Guard Solutions should be removed immediately. To do this, ESG security analysts advise using a very strong anti-malware program, preferably with anti-rootkit capabilities.
Table of Contents
Taking a Look at the Windows Guard Solutions Scam
The Windows Guard Solutions interface is made to resemble the interface for Microsoft Security Center and other common anti-virus programs. However, beyond Windows Guard Solutions' capability to display error messages and its authentic-looking interface, ESG security researchers have not detected any actual anti-virus capabilities. The FakeVimes family of rogue anti-virus programs has been active in the wild since 2009 and Windows Guard Solutions belongs to a subdivision of this family released after 2012. Examples of clones of Windows Guard Solutions include Virus Melt, Presto TuneUp, Fast Antivirus 2009, Extra Antivirus, Windows Security Suite, Smart Virus Eliminator, Packed.Generic.245, Volcano Security Suite, Windows Enterprise Suite, Enterprise Suite, Additional Guard, PC Live Guard, Live PC Care, Live Enterprise Suite, Security Antivirus, My Security Wall, CleanUp Antivirus, Smart Security, Windows Protection Suite, Windows Work Catalyst.
Belonging to a more modern iteration of the FakeVimes family of malware, these fake security programs are often bundled with a rootkit component that can make their removal difficult. They will also severely decrease the infected computer's security and cause browser redirects to websites associated with Windows Guard Solutions. Other ways in which the infected computer's web browser can be affected include problems connecting to the Internet, in particular to websites related to computer security. When attempting to connect to these websites, an error message will be displayed instead.
SpyHunter Detects & Remove Windows Guard Solutions
Windows Guard Solutions Video
Tip: Turn your sound ON and watch the video in Full Screen mode.
File System Details
| # | File Name | MD5 |
Detections
Detections: The number of confirmed and suspected cases of a particular threat detected on
infected computers as reported by SpyHunter.
|
|---|---|---|---|
| 1. | Protector-haid.exe | c94023f64598bd1873ff8c45d3862a53 | 23 |
| 2. | Protector-pvou.exe | 633a03bba169e23d68a56f79ec20c24c | 1 |
| 3. | %AppData%\Inspector-[RANDOM CHARACTERS].exe | ||
| 4. | %AppData%\npswf32.dll | ||
| 5. | %CommonPrograms%\Windows Guard Solutions.lnk | ||
| 6. | %DesktopDir%\Windows Guard Solutions.lnk |
Registry Details
Messages
The following messages associated with Windows Guard Solutions were found:
|
Error
Attempt to modify Registry key entries detected. Registry entry analysis recommended. |
|
Error
Attempt to run a potentially dangerous script detected. Full system scan is a highly recommended. |
|
Error
Keylogger activity detected. System information security is at risk. It is recommended to activate protection and run a full system scan. |
|
Error
Software without a digital signature detected. Your system files are at risk. We strongly advise you to activate your protection. |
|
Warning
Firewall has blocked a program from accessing the Internet C:\program files\internet explorer\iexplore.exe is suspected to have infected your PC. This type of virus intercepts entered data and transmits them to a remote server. |
|
Warning! Spambot detected!
Attention! A spambot sending viruses from your e-mail has been detected on your PC. |
