OnlineGuard

Updated: April 2, 2013 Unwanted Program 0 Comment

OnlineGuard is a misleading security application that can be installed on computer without users approval. Also called as Online Guard 2.1, this rogue software pretends to effectively guard computer and remove any form of threats and viruses. In reality, this software will provide nothing but fake virus scan results and false security alert messages. This scare tactics is utilized as marketing strategy not only for OnlineGuard but to all fake anti-virus programs widely spread on the Internet.

OnlineGuard will alter system settings to include itself on start-up items. This useless software can afford to automatically start without user’s execution and immediately run a virus scan, succeeding identification for multiple instances of Trojan VX Downloader and Trojan VX 12 follows. The whole process may seem legitimate but the two detected malware do not really infect the system.

Do not download or buy this worthless product.

Screenshot Image:

Damage Level: Medium

Systems Affected: Windows 9x, 2000, XP

OnlineGuard Removal Procedures

OnlineGuard REMOVAL TOOL:
Remove OnlineGuard efectively with Malwarebytes Anti-Malware. Free version is enough to eliminate OnlineGuard. Though full version with real-time protection is recommended to help protect the system against future infection.
MANUAL REMOVAL:
1. Unload any running OnlineGuard process by pressing Ctrl+Alt+Del on your keyboard. This will open Task Manager. Look for the following process and click “End Process”:
OnlineGuard.exe

2. If antivirus program Is installed, connect to Internet and update it to have the latest database and pattern files.
3. Thoroughly scan the computer and clean/delete all infected files. See lists of OnlineGuard associated files below.
4. Edit Windows registry and delete malicious entries as stated below. [how to edit registry]
5. Close registry editor, changes will be save automatically.
6. Remove OnlineGuard start-up entry by going to Start > Run, type msconfig on the “Open” dialog box. System Configuration Utility will open. Go to Startup tab and uncheck the following Startup item(s):
OnlineGuard.exe

7. Click on Apply and reboot the computer for changes to take effect.

Additional Useful Tools

Using Portable SuperAntiSpyware:
To thoroughly remove the virus, it is best to do a separate scan of another security program so that other infected files not detected by anti-virus application can be get rid as well. Click here to download and run SAS Portable Scanner.

Technical Details and Additional Information:

Aside from dropping files, OnlineGuard also alters Windows registry to execute itself when the system is started. It does not provide components on Add/Remove program of Windows so removing it from the Control Panel is unavailable.

Malicious Files Added by OnlineGuard
%UserProfile%\Desktop\OnlineGuard.lnk
%UserProfile%\Start Menu\Programs\OnlineGuard\OnlineGuard.lnk
%UserProfile%\Start Menu\Programs\OnlineGuard\Uninstall.lnk
%ProgramFiles%\OnlineGuard\OnlineGuard.exe
%ProgramFiles%\OnlineGuard\OnlineGuard.lic
%ProgramFiles%\OnlineGuard\OnlineGuard0.dll
%ProgramFiles%\OnlineGuard\OnlineGuard0.og
%ProgramFiles%\OnlineGuard\OnlineGuard1.dll
%ProgramFiles%\OnlineGuard\OnlineGuard1.og
%ProgramFiles%\OnlineGuard\OnlineGuard3.dll
%ProgramFiles%\OnlineGuard\Uninstall.exe

OnlineGuard Registry Entries:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\”OnlineGuard” = “%ProgranFiles%\OnlineGuard\OnlineGuard.exe”