Windows Maintenance Guard Description

[+] Click Image to Enlarge

• 
• 
• 
• 
• 
• 
• 
• 
• 
• 
• 

Despite the fact that its name would lead you to believe that Windows Maintenance Guard is a legitimate security program, Windows Maintenance Guard is in fact a kind of malware infection. Windows Maintenance Guard is not associated with Microsoft and has no way of guarding your computer against malware or performing any kind of maintenance. Windows Maintenance Guard is one more member of a notorious online scam. Basically, criminals will try to convince you to purchase bogus security software by convincing you that your PC is in trouble. Because of this, if Windows Maintenance Guard has managed to infect your machine, you should use a real, legitimate anti-malware program in order to remove Windows Maintenance Guard from your computer system.

To steal your money, Windows Maintenance Guard will try to persuade you that your PC is critically infected with malware. To do this, Windows Maintenance Guard has several tactics. These include pestering you with numerous fake error messages and bogus pop-up notifications from the Task Manager and displaying fake system scans showing alarming results. Windows Maintenance Guard can also cause browser redirects and block access to your files and programs – especially those associated with computer security. Windows Maintenance Guard will often conflict with legitimate programs and Windows components, making your computer system become slow and unresponsive. Windows Maintenance Guard will rarely show up alone, so if this fake security program is installed on your hard drive, expect other malware to be lurking about.

Windows Maintenance Guard’s Large Family of Rogue Security Software

Windows Maintenance Guard, along with dozens other fake security programs, belongs to a family of malware commonly known as the FakeVimes family of rogue security software. Active since 2009, the FakeVimes family of malware is composed of fake security programs that carry out similar scams. Windows Maintenance Guard in particular belongs to a batch of malware in the FakeVimes family that can be hard to be removed, due to their association with rootkits such as ZeroAccess and Sirefef variants. Examples of malware in the FakeVimes family similar to Windows Maintenance Guard include Windows Defence Counsel, Windows Ultimate Security Patch and Windows Advanced User Patch. To remove these threats from your system, you may need a specialized anti-rootkit tool. In many cases, the registration code 0W000-000B0-00T00-E0020 has attested to be an adequate way of stopping many of Windows Maintenance Guard’s most irritating symptoms in order to ease removal of this malware infection with a reliable anti-malware program.

Type: Rogue AntiSpyware Programs

How Can You Detect Windows Maintenance Guard?

‘How Windows Maintenance Guard Infects Your Computer’ Video

Windows Maintenance Guard Removal Details

Windows Maintenance Guard has typically the following processes in memory:

• %AppData%\Protector-[RANDOM 4 CHARACTERS].exe
• %AppData%\Protector-[RANDOM 3 CHARACTERS].exe
• %AppData%\NPSWF32.dll

Windows Maintenance Guard creates the following files in the system:

• %AppData%\1st$0l3th1s.cnf
• %AppData%\result.db

Windows Maintenance Guard creates the following registry entries:

• HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System “DisableTaskMgr” = 0
• HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings “WarnOnHTTPSToHTTPRedirect” = 0
• HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings “UID” = “idhsudrgrf”
• HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexplorerv1.0.exe
• HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avnt.exe
• HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\npf40_tw_98_nt_me_2k.exe
• HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System “DisableRegistryTools” = 0
• HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system “ConsentPromptBehaviorUser” = 0
• HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “Inspector”
• HKEY_CURRENT_USER\Software\ASProtect
• HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vsmain.exe
• HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mbamservice.exe
• HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System “DisableRegedit” = 0
• HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system “ConsentPromptBehaviorAdmin” = 0
• HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system “EnableLUA” = 0
• HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings “net” = “2012-6-18_7″
• HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\spoolcv.exe
• HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\escanv95.exe
• HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Anti-Virus Professional.exe

Important Article Disclaimer