Vista Guardian, XP Guardian and Win 7 Guardian
Vista Guardian is a malware that belongs to a family of rogue who has the tendency to rename itself depending on the infected computer’s operating system. In this case, Vista Guardian targets Vista systems. Other version of this malicious software includes Win7 Guardian and XP Guardian. The malware always incorporate the OS name to its activities for deceptive purposes. This will make the unwanted program to convince user that it is a legit component of Microsoft Windows. More than that, Vista Guardian will disguise as an anti-virus program that will remove threats and protect computer from viruses.
Vista Guardian, XP Guardian and Win 7 Guardian commonly arrive on computer as a Trojan component. It will modify system settings and hijacked Internet browser to a fake security web sites. On similar web site, malicious Java Script file is hosted and waiting to be downloaded and run on visitor’s PC. Vista Guardian silently loads into the system via drive-by-download method. Without any complicated process, this fake antivirus will take control of the system. It is configured in the manner that removing will be enormously difficult for the user.
Alias: Vista Guardian 2010, XP Guardian 2010, Win 7 Guardian 2010
Screen Shot Image:
Technical Details and Additional Information:
Damage Level: Medium
Systems Affected: Windows 9x, 2000, XP, Vista, Windows 7
Characteristics (Analysis)
Vista Guardian, XP Guardian and Win 7 Guardian are fake anti-virus applications. Unlike Trojans and viruses, these applications do not reproduce once it enters the system. They usually propagate by means of another infection. Once inside the computer, it generates some changes to Internet browser and registry. Rogue program process an attempts to call itself on every Windows boot-up by placing an entry on Windows registry. A more sophisticated rogue programs can halt security application by ending relevant process.
Malware Behavior
While Vista Guardian, XP Guardian or Win 7 Guardian runs inside the affected machine, it will display fake warnings on possible virus infections on the computer that will have message similar to this:
Added Registry Entries:Vista Guardian 2010 Firewall Alert!
Vista Guardian 2010 has blocked a program from accessing the Internet
Internet Explorer is infected with Trojan-BNK.Win32-Keylogger.gen
Private data can be stolen by third parties, including credit card details and passwords.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center “AntiVirusOverride” = “1? HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center “FirewallOverride” = “1? HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command “(Default)” = “av.exe” /START “%1? %* HKEY_CURRENT_USER\Software\Classes\secfile\shell\open\command “(Default)” = “av.exe” /START “%1? %* HKEY_CLASSES_ROOT\.exe\shell\open\command “(Default)” = “av.exe” /START “%1? %* HKEY_CLASSES_ROOT\secfile\shell\open\command “(Default)” = “av.exe” /START “%1? %* HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command “(Default)” = “av.exe” /START “firefox.exe” HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command “(Default)” = “av.exe” /START “firefox.exe” -safe-mode HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command “(Default)” = “av.exe” /START “iexplore.exe”Associated Files and Folders:
%Documents and Settings%\[UserName]\Application Data\av.exe %Documents and Settings%\[UserName]\Application Data\[random characters]
How to Remove Vista Guardian, XP Guardian and Win 7 Guardian
Boot Windows in Safe Mode With Networking
1. First thing to do is to reboot the computer in Safe Mode with Networking to avoid Vista Guardian, XP Guardian and Win 7 Guardian from loading at start-up. You may want to print this procedure as we have to restart the computer to complete the removal process.
- Restart the computer.
- Before Windows begins to load, press F8 on your keyboard.
- It will display an Advanced Boot Options menu. Please select Safe Mode with Networking.
- Windows will now start in Safe Mode.
Remove Vista Guardian, XP Guardian and Win 7 Guardian with MalwareBytes' Anti-Malware
2. Download removal tool from this page and save it on your Desktop or any location on your PC.
3. When finish downloading, double-click on the file to install the application.
4. Follow the prompts and install with default configuration.
5. Before the installation completes, you need to update the database.
6. Click Finish. Program will run automatically and you will be prompt to update the program before doing a scan. Please update.
7. When finished updating, the tool will run. Select Perform full scan on main screen to check your computer thoroughly.
8. When scanning is finished click on Show Results.
9. Make sure that all detected threats are checked, click on Remove Selected. This will delete all files and registry entries that belongs to Vista Guardian, XP Guardian and Win 7 Guardian.
10. Restart your computer.
Note: If Vista Guardian, XP Guardian and Win 7 Guardian prevents mbam-setup.exe from downloading. Download the software from another computer. Renaming it to something like 'anything.exe' can help elude the malware.
Dr.manoj
Feb 12, 2010 @ 01:05:51
My guardianantivirus key 03914-1b803-0963f-86776. I changed from win vista to win7. Unable to register it. Activation no.F352341019. Kindly help me out.i am from jammu.
Tony
Feb 25, 2010 @ 05:38:06
How do I install Malwarebytes when Vista Guardian prevents me from launching Internet Explore. Can I instll and run the Malware . . . in Safe Mode?
Alaska Man 101
Mar 02, 2010 @ 06:43:02
Hey tony,
Something you need to do is go to accesories then click system tools and click on internet explore no add ons. 10 to 1 you need to download that program on a disk from another computer then put it in drive and download it that way.
bill
Mar 08, 2010 @ 15:16:23
how do you put the malware on a cd?
Anthony
Mar 09, 2010 @ 03:46:58
Error Msg: This file does not have a program associated with it for performing this action. Create an association in the set associations control panel
I started getting this error after removing a few registry entries on advice from 2-viruses.com/remove-vista-guardian-2010 on how to get rid of that virus. Here are the entries that were advised to be delete:
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command “(Default)” = “av.exe” /START “%1? %*
HKEY_CURRENT_USER\Software\Classes\secfile\shell\open\command “(Default)” = “av.exe” /START “%1? %*
HKEY_CLASSES_ROOT\.exe\shell\open\command “(Default)” = “av.exe” /START “%1? %*
HKEY_CLASSES_ROOT\secfile\shell\open\command “(Default)” = “av.exe” /START “%1? %*
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command “(Default)” = “av.exe” /START “firefox.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command “(Default)” = “av.exe” /START “firefox.exe” -safe-mode
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command “(Default)” = “av.exe” /START “iexplore.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center “AntiVirusOverride” = “1?
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center “FirewallOverride” = “1?
I first noticed the issue when I tried running the task manager(taskmgr.exe). Trying to run it from the Start Menu, run box, or right clicking the task bar gives the same error. This happens with Firefox, Opera, Unreal, IE, and Im sure many others.
I am familiar with how to associate file types with programs, but how do i reassociate the task manager with itself aside from a repair installation. I even tried to run the opera installer and I get the same error. ?
Alicia P.
Mar 10, 2010 @ 19:12:26
I have a Dell and Im tring to remove this Vista Guardian Program from my laptop…SOMEONE PLEASE HELP!
anjum
Mar 11, 2011 @ 14:35:59
hi…….i want to gardian antivirus 2011 in my virus infected computer………what will be do?and my os is window vista and temprary antivirus alo install