Windows Guard Pro
Another new potentially unwanted program needs to be removed from system is called Windows Guard Pro. It is being propagated using scam websites that employs drive-by-download method. It only means that the website will download a copy of Windows Guard Pro on visitor’s PC without requesting any permission. Visitors may not know that using an outdated Internet browser as a tunnel can execute malware on their PC. An activated Windows Guard Pro will attempt to get user’s attention by displaying fake pop-up alerts and warning messages.
In return, innocent victims may think that Trojans, viruses and malware are occupying the system. Thus, removal of threats using rogue program’s procedure will commence. Obviously, with rogue program on the lead, first step is the acquisition of Windows Guard Pro through their payment-processing web site. It will first steal money from victims before leaving the computer unresolved. Keep in mind that rogue software has an objective of selling itself using unfair marketing approach. It does not have any capability to remove a virus neither protect the system against attack. So spending a penny for this program is unnecessary.
Screen Shot Images:
Technical Details and Additional Information:
Damage Level: Medium
Systems Affected: Windows 9x, 2000, XP, Vista, Windows 7
Characteristics (Analysis)
Malware Behavior
After installation, the malware will immediately produce fake alert message that contains the following text:
Warning! Your computer is infected
Warning!Trojan Found!
Threat detected: Trojan
File name: eb.exe
Threat name: Trojan-Spy.HTML.Bayfraud.hn
Recommended: Please click “Remove all” to eliminate all possible threats and protect Your PC.
It also blocks Internet access on the compromised machine by modifying various configurations on Internet browser. When there is an Internet request, the rogue program will display this fake error page:
Insecure Internet activity. Threat of virus attack
Due to Internet browsing your PC can easily get infected with viruses, worms, and Trojans without your knowledge, and that can lead to system slowdown, freezes and crashes. Also insecure Internet activity can result in revealing your personal information. To get full advanced real-time protection your PC ant Internet activity, install an antivirus and antispyware software. We recommend you to protect your PC now and continue safe Internet browsing.
Aside from fake error web page, Windows Guard Pro may redirect Internet search result link to the following predefined URL:
- getantivirusplusnow.com
- secure-plus-payments.com
- getavplusnow.com
- securesoftwarebill.com
- secure.paysecuresystem.com
- 4-open-davinci.com
- securitysoftwarepayments.com
- privatesecuredpayments.com
- secure.privatesecuredpayments.com
- getantivirusplusnow.com
- secure-plus-payments.com
- paysoftbillsolution.com
HKCU\Software\Microsoft\Windows\CurrentVersion\Run "Windows Guard Pro"
HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Windows Guard Pro
HKCR\CLSID\{3F2BBC05-40DF-11D2-9455-00104BC936FF}
HKCR\WindowsGP.DocHostUIHandler
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes "URL" => "http://search-gala.com/?&uid=7&q={searchTerms}"
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform "787917903"
Associated Files and Folders:%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Guard Pro.lnk %UserProfile%\Application Data\Windows Guard Pro %UserProfile%\Application Data\Windows Guard Pro\cookies.sqlite %UserProfile%\Desktop\Windows Guard Pro.lnk %UserProfile%\Start Menu\Windows Guard Pro.lnk %UserProfile%\Start Menu\Programs\Windows Guard Pro.lnk C:\Program Files\Mozilla Firefox\searchplugins\search.xml C:\Documents and Settings\All Users\Application Data\5137 C:\Documents and Settings\All Users\Application Data\5137\3187.mof C:\Documents and Settings\All Users\Application Data\5137\mozcrt19.dll C:\Documents and Settings\All Users\Application Data\5137\sqlite3.dll C:\Documents and Settings\All Users\Application Data\5137\unins000.dat C:\Documents and Settings\All Users\Application Data\5137\WindowsGP.exe C:\Documents and Settings\All Users\Application Data\WINGPSys C:\Documents and Settings\All Users\Application Data\WINGPSys\winpg.cfg
How to Remove Windows Guard Pro
1. Temporarily Disable System Restore (Windows Me/XP). [how to]
2. Open your antivirus application and update the virus definition file. This method ensures that your antivirus program can detect even newer variants of Windows Guard Pro
3. Start Windows in Safe Mode with Networking.
- From a power-off state, turn on the computer and press F8 on your keyboard repeatedly.
- Your computer will display Windows Advanced Boot Options menu. Please select Safe Mode with Networking.
- The system will now boot Windows and loads only necessary drivers and files.
4. Open your antivirus program and run a full system scan. After the scan, delete all infected items. If unable, better place them in quarantine. Once the scan is complete, please proceed with the next step.
Online Virus Scanner:
Another way to remove Windows Guard Pro without the need to install additional antivirus application is to perform a thorough scan with free online virus scanner that can be found here or on websites of legitimate anti-virus and security provider.
5. Go to Online Virus Scanner list and run a virus scan. This may require plug-ins, add-on or Activex object, please install if you want to proceed with scan.
6. After completing the necessary download, your system is now ready for online virus scanning.
7. Select an option in which you can thoroughly scan the computer to make sure that it will find and delete entirely all infections not detected on previous scan.
8. Remove or delete all detected items.
9. When scanning is finished you may now restart the computer in normal mode.
Comments and Suggestions
On this area you can find Visitor's personal suggestions. We cannot control and evaluate each recommended procedure from visitors so please use it at your own risks. If your inquiry pertains to Windows Guard Pro payment refund or lost serial key, kindly check the FAQ for rogue program first.
Disclaimer:
Read our article disclaimer about Windows Guard Pro.