Guard Online

By Domesticus in Rogue Anti-Spyware Program

Threat Scorecard

Threat Level: 100 % (High)
Infected Computers: 14
First Seen: October 10, 2011
Last Seen: March 28, 2023
OS(es) Affected: Windows

Guard Online Image

Guard Online – A Fake Security Program from the WinAVPro Family

Guard Online is a rogue anti-spyware program that is part of a well-known computer scam. Guard Online belongs to a large family of fake anti-spyware programs known as the WinAVPro family of rogue security programs. Rogue security programs in this family, such as OpenCloud Security and OpenCloud Antivirus, are closely related to the ZeroAccess rootkit, something that makes them particularly dangerous. Typically, Guard Online is distributed through attack websites, which take advantage of security vulnerabilities in your Internet browser or operating system in order to force your computer system to download and install a Trojan infection. If your computer system has become infected with Guard Online, ESG PC security researchers strongly recommend ignoring all of this programs security alerts and error messages. Guard Online is not a real security program; Guard Online is designed to steal your money and cause problems on your computer system. ESG malware analysts recommend removing Guard Online with a real anti-malware application.

Guard Online and the ZeroAccess Rootkit

It is not uncommon for Guard Online to be bundled with rootkits, particularly the ZeroAccess rootkit as well as some releases of the TDSS rootkit. Rootkits associated with Guard Online are designed to help protect and hide this fake security application. This means that it will not be easy to remove Guard Online, unless you take care of the rootkit infection beforehand. Some ways in which the ZeroAccess rootkit protects Guard Online include hiding Guard Online's malicious file processes in the Windows Task Manager, blocking any legitimate security programs that would remove Guard Online and allowing malicious components to start up even if your operating system is starting up in Safe Mode. To remove any rootkits associated with Guard Online, ESG PC security researchers strongly recommend using a specialized rootkit removal tool or a particularly strong anti-malware application. Rootkits are malware infections that are notoriously difficult to remove; in some cases, expert assistance may be required.

Do Not Fall for the Guard Online Scam

Guard Online is part of a scam to steal your money. This fake security program will do everything possible to convince you that your computer system is infected with severe malware problems. It will pester you with constant error messages, fake security alerts, and genuine-looking system scans. Your computer will also be slower and more unstable, which adds to the illusion. However, you should not forget that the actual problem is Guard Online itself.ScreenshotScreenshotScreenshotScreenshotScreenshotScreenshot


15 security vendors flagged this file as malicious.

Anti-Virus Software Detection
Fortinet W32/Kryptik.ISS!tr
Ikarus Trojan.SuspectCRC
AhnLab-V3 Trojan/Win32.Jorik
Microsoft Rogue:Win32/FakeScanti
DrWeb Trojan.DownLoader5.1792
Comodo Heur.Suspicious
Sophos Mal/FakeAV-IS
BitDefender Trojan.Generic.KD.373094
Kaspersky Trojan-FakeAV.Win32.Agent.bdy
Avast Win32:Cycbot-MX [Trj]
NOD32 a variant of Win32/Kryptik.TSA
K7AntiVirus Trojan
McAfee Artemis!23C1A4B28EA2
Panda Trj/CI.A
Ikarus Trojan.Win32.Spy

SpyHunter Detects & Remove Guard Online

File System Details

Guard Online may create the following file(s):
# File Name MD5 Detections
1. crss.exe 873f5a2a8e002a678a2618fc9e003cee 5
2. bBtzPNycAuDoFpG.exe 23c1a4b28ea252dd2dd1cd73c57eb7a9 4
3. %System%\[RANDOM CHARACTERS].exe
5. %StartMenu%\Programs\Guard Online\
6. %AppData%\[RANDOM CHARACTERS] Guard Online.ico
7. %UserProfile%\Desktop\Guard Online.lnk
8. %AppData%\ldr.ini
9. %StartMenu%\Programs\Guard Online\Guard Online.lnk

Registry Details

Guard Online may create the following registry entry or registry entries:


The following messages associated with Guard Online were found:

Security Warning
Malicious programs that may steal your private information and prevent your system from working properly are detected on your computer.
Click here to clean your PC immediately.
Security Warning
There are critical system files on your computer that were modified by malicious software.
It may cause permanent data loss.
Click here to remove malicious software.
Security Warning
Your computer continues to be infected with harmful viruses. In order to prevent permanent loss of your information and credit card data theft please activate your antivirus software. Click here to enable protection.
The file "firefox.exe" is infected. Running of application is impossible.
Please activate your antivirus software.
Warning! Infection found
Unauthorized sending E-MAIL with subject "RE:" to [FAKE EMAIL GOES HERE] was CANCELLED.
Warning! Infection found
Unwanted software (malware) or tracking cookies have been found during last scan. It is highly recommended to remove it from your computer.
Keylogger Zeus was detected and put in quarantine.
Keylogger Zeus is a very dangerous software used by criminals to steal personal data such as credit card information, access to banking accounts, passwords to social networks and e-mails.
Warning: Infection is Detected
Windows has found spyware infection on your computer!
Click here to update your Windows antivirus software
Warning: Spyware Detected
Windows has found spy programs running on your computer!
Click here to update your Windows antivirus software
Windows Security Alert
To help protect your computer, Windows Firewall has blocked some features of this program.
Do you want to keep blocking this program?
Name: Zeus Trojan
Publisher: Unauthorized
Windows Security Center
Serious security vulnerabilities were detected on this computer. Your privacy and personal data may be unsafe. Do you want to protect your PC?
svchost.exe was replaced with unauthorized program.
It has encountered a problem and needs to close.
If you were in the middle of something, the information you were working on might be lost.
Please tell Microsoft about this problem.
We have created an error report that you can send to us. We will treat this report as confidential and anonymous.

1 Comment

A friend recommended me to your resource. Thnx for the details.

Related Posts


Most Viewed