Windows Be-on-Guard Edition

Windows Be-on-Guard Edition Description

Type: Possibly Unwanted Program

ScreenshotDespite its name, Windows Be-on-Guard Edition is not associated with Microsoft and is also not an actual security program. Windows Be-on-Guard Edition belongs to a large family of fake security programs known as Rogue:FakeVimes. Malware programs in the FakeVimes family have infected computers since 2009, carrying out a common online scam that consists in trying to persuade PC users that they must purchase useless fake security programs. While most reliable anti-malware programs can remove Windows Be-on-Guard Edition and other threats in the FakeVimes family without too many problems, bogus security software in this family that have been released in 2012 will often include a rootkit component that is difficult to remove. This rootkit component also makes Windows Be-on-Guard Edition more difficult to remove than normal.

There are dozens of clones of Windows Be-on-Guard Edition that have been released in 2012, including such fake security programs as Virus Melt, Presto TuneUp, Fast Antivirus 2009, Extra Antivirus, Windows Security Suite, Smart Virus Eliminator, Packed.Generic.245, Volcano Security Suite, Windows Enterprise Suite, Enterprise Suite, Additional Guard, PC Live Guard, Live PC Care, Live Enterprise Suite, Security Antivirus, My Security Wall, CleanUp Antivirus, Smart Security, Windows Protection Suite, Windows Work Catalyst.

How Criminals Try to Steal Your Money Using Windows Be-on-Guard Edition

Criminals use fake security programs like Windows Be-on-Guard Edition in order to try to gain access to your credit card information by convincing you to purchase a useless fake security program. To do this, Windows Be-on-Guard Edition is designed to make you believe that your computer system is the victim of a severe malware attack – other than at the hands of Windows Be-on-Guard Edition and its associated malware, of course. Windows Be-on-Guard Edition displays a fake system scan claiming to have found a large number of virus and Trojan infections. It will also display a constant stream of alarming error messages, some of which appear to come from Windows itself. In addition to these tactics, Windows Be-on-Guard Edition can also cause browser redirects, block access to the victim's files, and negatively affect the infected computer system's performance.

Dealing with a Windows Be-on-Guard Edition Infection

ESG malware analysts strongly recommend that you avoid paying for Windows Be-on-Guard Edition. The proper course of action is to erase Windows Be-on-Guard Edition with a reliable anti-malware application. Because Windows Be-on-Guard Edition is often associated with a rootkit infection, a specialized anti-rootkit tool may be necessary to deal with this threat. You can make Windows Be-on-Guard Edition stop displaying most of its error messages with the registration code 0W000-000B0-00T00-E0020. However, this code will only stop some of Windows Be-on-Guard Edition's symptoms; this fake security program will remain on the infected computer system until Windows Be-on-Guard Edition is removed with a reliable anti-malware program.ScreenshotScreenshotScreenshotScreenshotScreenshotScreenshotScreenshotScreenshotScreenshotScreenshotScreenshotScreenshot

Technical Information

Screenshots & Other Imagery

Windows Be-on-Guard Edition Video

Tip: Turn your sound ON and watch the video in Full Screen mode.

File System Details

Windows Be-on-Guard Edition creates the following file(s):
# File Name Detection Count
1 %AppData%\Protector-[RANDOM 4 CHARACTERS].exe N/A
2 %AppData%\Protector-[RANDOM 3 CHARACTERS].exe N/A
3 %AppData%\NPSWF32.dll N/A
4 %CommonStartMenu%\Programs\Windows Be-on-Guard Edition.lnk N/A
5 %Desktop%\Windows Be-on-Guard Edition.lnk N/A
6 %AppData%\result.db N/A

Registry Details

Windows Be-on-Guard Edition creates the following registry entry or registry entries:
Registry key
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableTaskMgr" = 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system "ConsentPromptBehaviorUser" = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings "net" = "2012-5-12_7"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\emsw.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\patch.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mscache.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableRegistryTools" = 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system "ConsentPromptBehaviorAdmin" = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "Inspector"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bisp.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tfak5.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableRegedit" = 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system "EnableLUA" = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "WarnOnHTTPSToHTTPRedirect" = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings "UID" = "ypjcmvvgbv"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\init.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rwg.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AluSchedulerSvc.exe

More Details on Windows Be-on-Guard Edition

The following messages associated with Windows Be-on-Guard Edition were found:
Attempt to modify Registry key entries detected.
Registry entry analysis recommended.
Trojan activity detected. System data security is at risk. It is recommended to activate protection and run a full system scan.
Firewall has blocked a program from accessing the Internet
C:\program files\internet explorer\iexplore.exe
is suspected to have infected your PC. This type of virus intercepts entered data and transmits them to a remote server.
Firewall has blocked a program from accessing the Internet
C:program filesinternet exploreriexplore.exe
is suspected to have infected your PC. This type of virus intercepts entered data and transmits them to a remote server.

Site Disclaimer is not associated, affiliated, sponsored or owned by the malware creators or distributors mentioned on this article. This article should NOT be mistaken or confused in being associated in any way with the promotion or endorsement of malware. Our intent is to provide information that will educate computer users on how to detect, and ultimately remove, malware from their computer with the help of SpyHunter and/or manual removal instructions provided on this article.

This article is provided "as is" and to be used for educational information purposes only. By following any instructions on this article, you agree to be bound by the disclaimer. We make no guarantees that this article will help you completely remove the malware threats on your computer. Spyware changes regularly; therefore, it is difficult to fully clean an infected machine through manual means.