AV Guard Online

AV Guard Online Description

Type: Rogue AntiSpyware Programs

Screenshot

AV Guard Online

AV Guard Online is a kind of malware infection known as a rogue anti-spyware program. Despite its genuine-sounding name and convincing interface, AV Guard Online can be easily categorized as a rogue anti-spyware program. This is because, according to ESG PC security researchers, AV Guard Online has no legitimate anti-virus capabilities. This fake anti-virus program exists for the sole reason of scamming inexperienced computer users and tricking them into purchasing an also fake "full version" of AV Guard Online. If AV Guard Online is installed on your computer system, ESG malware analysts strongly recommend using a real anti-malware application to remove it permanently.

What Makes AV Guard Online a Rogue Anti-Virus Program?

There are several aspects of AV Guard Online that are typical of most rogue anti-virus programs. Below, ESG PC security researchers have listed some of the main reasons why AV Guard Online is considered a rogue rather than a real security application:

  1. AV Guard Online is installed through deceptive or even criminal means. There are two main ways that AV Guard Online can enter a computer system: it can be either installed with the help of a Trojan infection, or directly by the victim. There are several Trojans that are associated with rogue anti-spyware programs like AV Guard Online. Some examples of these include the Vundo Trojan, the Zlob Trojan, and the Fake Microsoft Security Essentials Alert Trojan. Other rogue anti-spyware programs similar to AV Guard Online are Security Sphere 2012, Data Restore, Data Recovery, Fake System Restore, Cloud Protection, OpenCloud AV, OpenCloud Security and OpenCloud Antivirus. An inexperienced computer user, taken in by deceptive marketing, may also directly download and install AV Guard Online.
  2. AV Guard Online makes harmful changes to the Windows Registry and to a computer system's settings. These changes allow it to start up and run in the background with the user's authorization. They also allow AV Guard Online to block certain applications (mainly legitimate security programs) and access to the Internet. These changes to the Windows Registry also allow AV Guard Online to display constant fake security alerts in an attempt to convince the victim to purchase a useless "full version" of this rogue.
  3. A computer system infected with AV Guard Online will quickly become unstable and show a marked decrease in performance. This is due to the fact that AV Guard Online hogs up system resources, also conflicting with many legitimate Windows components and applications.

Technical Information

Screenshots & Other Imagery

AV Guard Online Video

Tip: Turn your sound ON and watch the video in Full Screen mode.

AV Guard Online Screenshots

File System Details

AV Guard Online creates the following file(s):
# File Name MD5 Detection Count
1 c5aQJ6dEKfZhXjV.exe cf9e5ae469561b8bce223eb8496a005c 2
2 %AppData%\conhost.exe %AppData%\csrss.exe N/A
3 %SystemRoot%\system32\[random].exe N/A
4 %Windows%\system32\[random].exe N/A
5 %AppData%\Microsoft\csrss.exe N/A
6 %SystemRoot%\system32\[random].exe %AppData%\[random]EAV Guard Online.ico N/A
7 %Temp%\54.tmp %Temp%\55.tmp N/A
8 %Documents and Settings%\[UserName]\Desktop\AV Guard Online.lnk N/A
9 %UserProfile%\Desktop\AV Guard Online.lnk %Temp%\4F.tmp %Temp%\53.tmp N/A
10 %Documents and Settings%\[UserName]\Local Settings\Temp\[random].tmp N/A
11 %AppData%\E84E.1B6 %AppData%\ldr.ini %AppData%\[random]\ %AppData%\[random]\ %AppData%\[random]\ N/A
12 %UserProfile%\Start Menu\Programs\AV Guard Online\ %UserProfile%\Start Menu\Programs\AV Guard Online\AV Guard Online.lnk N/A

Registry Details

AV Guard Online creates the following registry entry or registry entries:
RegistryKey
HKEY_CURRENT_USER\software\Microsoft\Windows\CurrentVersion\Internet Settings "ProxyEnable=00000001"
HKEY_CURRENT_USER\software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections "SavedLegacySettings=3C0000006B0000000…"
HKEY_CURRENT_USER\software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell=explorer.exe,%AppData%\conhost.exe"
HKEY_LOCAL_MACHINE\system\CurrentControlSet\Hardware Profiles\0001\Software\Microsoft\windows\CurrentVersion\Internet Settings "ProxyEnable=00000001"
HKEY_CURRENT_USER\software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections "DefaultConnectionSettings=3C0000000B0000000…"
HKEY_CURRENT_USER\software\Microsoft\Windows NT\CurrentVersion\Windows "Load=%SystemRoot%\system32\lvvm.exe"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce "AV Guard Online"
HKEY_CURRENT_USER\software\Microsoft\Windows\CurrentVersion\Internet Settings "ProxyServer=http=127.0.0.1:53717"
HKEY_CURRENT_USER\software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run "%RANDOM%=%AppData%\csrss.exe"
HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Run "gTZqjYCkIrOyAuS8234A=%SystemRoot%\system32\[random]"

More Details on AV Guard Online

The following messages associated with AV Guard Online were found:
Security Warning
There are critical system files on your computer that were modified by malicious software.
It may cause permanent data loss.
Click here to remove malicious software.
Windows Security Alert
To help protect your computer, Windows Firewall has blocked some features of this program.
Do you want to keep blocking this program?
Name: Zeus Trojan Publisher: Unauthorized

Site Disclaimer

Enigmasoftware.com is not associated, affiliated, sponsored or owned by the malware creators or distributors mentioned on this article. This article should NOT be mistaken or confused in being associated in any way with the promotion or endorsement of malware. Our intent is to provide information that will educate computer users on how to detect, and ultimately remove, malware from their computer with the help of SpyHunter and/or manual removal instructions provided on this article.

This article is provided "as is" and to be used for educational information purposes only. By following any instructions on this article, you agree to be bound by the disclaimer. We make no guarantees that this article will help you completely remove the malware threats on your computer. Spyware changes regularly; therefore, it is difficult to fully clean an infected machine through manual means.