Guard Online

Guard Online Description

Screenshot

Guard Online – A Fake Security Program from the WinAVPro Family

Guard Online is a rogue anti-spyware program that is part of a well-known computer scam. Guard Online belongs to a large family of fake anti-spyware programs known as the WinAVPro family of rogue security programs. Rogue security programs in this family, such as OpenCloud Security and OpenCloud Antivirus, are closely related to the ZeroAccess rootkit, something that makes them particularly dangerous. Typically, Guard Online is distributed through attack websites, which take advantage of security vulnerabilities in your Internet browser or operating system in order to force your computer system to download and install a Trojan infection. If your computer system has become infected with Guard Online, ESG PC security researchers strongly recommend ignoring all of this programs security alerts and error messages. Guard Online is not a real security program; Guard Online is designed to steal your money and cause problems on your computer system. ESG malware analysts recommend removing Guard Online with a real anti-malware application.
 

Guard Online and the ZeroAccess Rootkit

It is not uncommon for Guard Online to be bundled with rootkits, particularly the ZeroAccess rootkit as well as some releases of the TDSS rootkit. Rootkits associated with Guard Online are designed to help protect and hide this fake security application. This means that it will not be easy to remove Guard Online, unless you take care of the rootkit infection beforehand. Some ways in which the ZeroAccess rootkit protects Guard Online include hiding Guard Online's malicious file processes in the Windows Task Manager, blocking any legitimate security programs that would remove Guard Online and allowing malicious components to start up even if your operating system is starting up in Safe Mode. To remove any rootkits associated with Guard Online, ESG PC security researchers strongly recommend using a specialized rootkit removal tool or a particularly strong anti-malware application. Rootkits are malware infections that are notoriously difficult to remove; in some cases, expert assistance may be required.
 

Do Not Fall for the Guard Online Scam

Guard Online is part of a scam to steal your money. This fake security program will do everything possible to convince you that your computer system is infected with severe malware problems. It will pester you with constant error messages, fake security alerts, and genuine-looking system scans. Your computer will also be slower and more unstable, which adds to the illusion. However, you should not forget that the actual problem is Guard Online itself.[tem

Aliases: W32/Kryptik.ISS!tr [Fortinet], Trojan.SuspectCRC [Ikarus], Trojan/Win32.Jorik [AhnLab-V3], Rogue:Win32/FakeScanti [Microsoft], Trojan.SuspectCRC!IK, Trojan.DownLoader5.1792 [DrWeb], Heur.Suspicious [Comodo], Mal/FakeAV-IS [Sophos], Trojan.Generic.KD.373094 [BitDefender], Trojan-FakeAV.Win32.Agent.bdy [Kaspersky], Win32:Cycbot-MX [Trj] [Avast], a variant of Win32/Kryptik.TSA [NOD32], Trojan [K7AntiVirus], Artemis!23C1A4B28EA2 [McAfee] and Gen:Variant.Kazy.39582.

Technical Information

Screenshots & Other Imagery

Guard Online Image 1 Guard Online Image 2 Guard Online Image 3 Guard Online Image 4 Guard Online Image 5 Guard Online Image 6

File System Details

Guard Online creates the following file(s):
# File Name Size MD5 Detection Count
1 %WINDIR%\TEMP\DX8FB1.tmp.exe 69,120 873f5a2a8e002a678a2618fc9e003cee 1
2 %System%\[RANDOM CHARACTERS].exe N/A
3 %AppData%\[RANDOM CHARACTERS]\ N/A
4 %StartMenu%\Programs\Guard Online\ N/A
5 %AppData%\[RANDOM CHARACTERS] Guard Online.ico N/A
6 %UserProfile%\Desktop\Guard Online.lnk N/A
7 %AppData%\ldr.ini N/A
8 %StartMenu%\Programs\Guard Online\Guard Online.lnk N/A
9 %WINDIR%\system32\iYCekIBrzN.exe 3,032,064 23c1a4b28ea252dd2dd1cd73c57eb7a9 0

Registry Details

Guard Online creates the following registry entry or registry entries:
RegistryKey
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "[RANDOM CHARACTERS]"

More Details on Guard Online

The following messages associated with Guard Online were found:
Security Warning
Malicious programs that may steal your private information and prevent your system from working properly are detected on your computer.
Click here to clean your PC immediately.
Security Warning
There are critical system files on your computer that were modified by malicious software.
It may cause permanent data loss.
Click here to remove malicious software.
Security Warning
Your computer continues to be infected with harmful viruses. In order to prevent permanent loss of your information and credit card data theft please activate your antivirus software. Click here to enable protection.
svchost.exe
svchost.exe was replaced with unauthorized program.
It has encountered a problem and needs to close.
If you were in the middle of something, the information you were working on might be lost.
Please tell Microsoft about this problem.
We have created an error report that you can send to us. We will treat this report as confidential and anonymous.
Warning!
The file "firefox.exe" is infected. Running of application is impossible.
Please activate your antivirus software.
Warning! Infection found
Unauthorized sending E-MAIL with subject "RE:" to [FAKE EMAIL GOES HERE] was CANCELLED.
Warning! Infection found
Unwanted software (malware) or tracking cookies have been found during last scan. It is highly recommended to remove it from your computer.
Keylogger Zeus was detected and put in quarantine.
Keylogger Zeus is a very dangerous software used by criminals to steal personal data such as credit card information, access to banking accounts, passwords to social networks and e-mails.
Warning: Infection is Detected
Windows has found spyware infection on your computer!
Click here to update your Windows antivirus software
Warning: Spyware Detected
Windows has found spy programs running on your computer!
Click here to update your Windows antivirus software
Windows Security Alert
To help protect your computer, Windows Firewall has blocked some features of this program.
Do you want to keep blocking this program?
Name: Zeus Trojan
Publisher: Unauthorized
Windows Security Center
Serious security vulnerabilities were detected on this computer. Your privacy and personal data may be unsafe. Do you want to protect your PC?

Related Posts

Site Disclaimer

Enigmasoftware.com is not associated, affiliated, sponsored or owned by the malware creators or distributors mentioned on this article. This article should NOT be mistaken or confused in being associated in any way with the promotion or endorsement of malware. Our intent is to provide information that will educate computer users on how to detect, and ultimately remove, malware from their computer with the help of SpyHunter and/or manual removal instructions provided on this article.

This article is provided "as is" and to be used for educational information purposes only. By following any instructions on this article, you agree to be bound by the disclaimer. We make no guarantees that this article will help you completely remove the malware threats on your computer. Spyware changes regularly; therefore, it is difficult to fully clean an infected machine through manual means.

One Comment

Leave a Reply

Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.