Vista Guardian, XP Guardian and Win 7 Guardian

Vista Guardian is a malware that belongs to a family of rogue who has the tendency to rename itself depending on the infected computer’s operating system. In this case, Vista Guardian targets Vista systems. Other version of this malicious software includes Win7 Guardian and XP Guardian. The malware always incorporate the OS name to its activities for deceptive purposes. This will make the unwanted program to convince user that it is a legit component of Microsoft Windows. More than that, Vista Guardian will disguise as an anti-virus program that will remove threats and protect computer from viruses.

Vista Guardian, XP Guardian and Win 7 Guardian commonly arrive on computer as a Trojan component. It will modify system settings and hijacked Internet browser to a fake security web sites. On similar web site, malicious Java Script file is hosted and waiting to be downloaded and run on visitor’s PC. Vista Guardian silently loads into the system via drive-by-download method. Without any complicated process, this fake antivirus will take control of the system. It is configured in the manner that removing will be enormously difficult for the user.

Alias: Vista Guardian 2010, XP Guardian 2010, Win 7 Guardian 2010

Screenshot Image:

Vista Guardian

Technical Details and Additional Information:

Damage Level: Medium

Systems Affected: Windows 9x, 2000, XP, Vista, Windows 7

Characteristics (Analysis)
Vista Guardian, XP Guardian and Win 7 Guardian are fake anti-virus applications. Unlike Trojans and viruses, these applications do not reproduce once it enters the system. They usually propagate by means of another infection. Once inside the computer, it generates some changes to Internet browser and registry. Rogue program process an attempts to call itself on every Windows boot-up by placing an entry on Windows registry. A more sophisticated rogue programs can halt security application by ending relevant process.

Malware Behavior
While Vista Guardian, XP Guardian or Win 7 Guardian runs inside the affected machine, it will display fake warnings on possible virus infections on the computer that will have message similar to this:

Vista Guardian 2010 Firewall Alert!
Vista Guardian 2010 has blocked a program from accessing the Internet
Internet Explorer is infected with Trojan-BNK.Win32-Keylogger.gen
Private data can be stolen by third parties, including credit card details and passwords.

Win 7 Guardian Removal Procedures

Systematic procedures to get rid of the threat are presented on this section. Make sure to scan the computer with suggested tools and scanners.

NOTE: It is recommended to PRINT or BOOKMARK this instruction because we need to restart Windows during the virus removal process.

Step 1 : Uninstall Win 7 Guardian from Windows

1 On Windows Start menu, type Uninstall on Search field. Select Apps & Features on the list. For lower version of Windows, please choose Program and Features. You can uninstall or modify any installed application using this feature.

Program and Features

2 On next window, look for the item "Win 7 Guardian" from the list and then, click on Uninstall button.

Remove Malicious Apps

3 When it prompts for confirmation, please click Uninstall to start deleting Win 7 Guardian from Windows operating system.

Step 2 : Remove Win 7 Guardian remaining items with this tool

This guide requires a tool called Malwarebytes' Anti-Malware. It is a free tool designed to eradicate various computer infections including Win 7 Guardian. MBAM scanner and malware removal tool is distributed for free.

4 In order to completely remove Win 7 Guardian, it is best to download and run the recommended tool. Please click the button below to begin the download process.

Download Tool

5 After downloading, right-click on the file mb3-setup-consumer-[version].exe and select Run as Administrator to install the application.

6 Follow the prompts and install with dafault settings. There are no changes needed during the installation process.

7 Malwarebytes Anti-Malware will launch for the first time. If it prompts for database update, it is necessary proceed with this step.

8 Click on Scan Now button on scanner's console to ensure that it thoroughly check the PC for any presence of Win 7 Guardian and other forms of threats.

Scan Now

9 Once the scan has completed, Malwarebytes Anti-Malware will issue a list of identified threats. Mark all threats and remove them from the computer.

10 If it prompts to restart the computer, please reboot Windows normally.

Step 3 : Double-check if Win 7 Guardian still exists

11 Click on the button below to download Norton Power Eraser from official web site. File will be save on your Windows Downloads folder.

NPE Download

12 After downloading, navigate its location and double-click on the NPE.exe file to launch the program.

13 Norton Power Eraser will run. If it prompts for End User License Agreement, please click on Accept to proceed.

14 On NPE main window, click on Unwanted Application Scan to quickly check the computer for malicious programs including Win 7 Guardian.

Norton Power Eraser

15 NPE will proceed with the scan. It will search for Trojans, viruses, and malware like Win 7 Guardian. This may take some time, depending on the number of files currently stored on the computer.

Step 4 : Run Additional Scanner to Ensure that Win 7 Guardian is Totally Deleted

Online Virus Scanner:
Another way to remove a virus without the need to install additional anti-virus software is to perform a thorough scan with free Online Virus Scanner. Browse this page to see a list of free services from specific anti-virus and security company.

Alternative Removal Procedures for Win 7 Guardian

Use Windows System Restore to return Windows to previous state

During an infection, Win 7 Guardian drops various files and registry entries. The threat intentionally hides system files by setting options in the registry. With these rigid changes, the best solution is to return Windows to previous working state is through System Restore.

To verify if System Restore is active on your computer, please follow the instructions below.

1 On Windows Start menu, type RSTRUI on search field. Then, click the item or press Enter on keyboard.

RSTRUI Command

2 "Restore system files and settings" window will appear. Click Next button to see the list of active restore points.

3 Select the most recent one prior to having Win 7 Guardian infection. Click Next to restore Windows to previous working and clean state.

4 It may take a while to fully restore back-up files. Restart Windows when done.

Optional : Win 7 Guardian manual uninstall guide

IMPORTANT! Manual removal of Win 7 Guardian requires technical skills. Deleting system files and registry entries by mistake may result to total disability of Windows system. We advise you to perform a backup of registry before proceeding with this guide.

1. Kill any running process that belongs to Win 7 Guardian.
- Press Ctrl+Alt+Del on your keyboard.
- When Windows Task Manager appears, look for Win 7 Guardian files (refer to Technical Reference) and click End Process.

End Task

2. Delete all registry entries that belong to this malware.
- Press [Windows Key]+R on your keyboard.
- In the 'Open' dialog box, type regedit and press Enter. This will open registry editor.
- Find and delete registry entries as mentioned in Technical Reference section.
- Close registry editor. Changes made will be saved automatically.

Run Regedit

3. Scan the computer with antivirus program.
- Connect to Internet and open your antivirus software. Please update to obtain the latest database and necessary files.
- Restart the computer in Safe Mode.
- Just before Windows logo begins to load press F8 on your keyboard.
- On Windows Advanced Boot Options, select Safe Mode and press Enter.
- Thoroughly scan the computer with your updated antivirus software.

4. Delete all files dropped by Win 7 Guardian.
- While still in Safe Mode, search and delete malicious files. Please refer to 'Technical Reference'. Make sure that you execute 'End Task' first before deleting the file. Otherwise, the system will not let you perform this action.

Associated Files and Folders:Added Registry Entries:
Avatar

About Marco Mathew

Marco Mathew works as Windows Network administrator before establishing precisesecurity.com. Now, Marco is dedicating full-time to help computer users' fight viruses, malware, trojan, worms, adware, and potentially unwanted programs.

7 Comments

  1. AvatarDr.manoj (Post author)

    My guardianantivirus key 03914-1b803-0963f-86776. I changed from win vista to win7. Unable to register it. Activation no.F352341019. Kindly help me out.i am from jammu.

  2. AvatarTony

    How do I install Malwarebytes when Vista Guardian prevents me from launching Internet Explore. Can I instll and run the Malware . . . in Safe Mode?

  3. AvatarAlaska Man 101

    Hey tony,
    Something you need to do is go to accesories then click system tools and click on internet explore no add ons. 10 to 1 you need to download that program on a disk from another computer then put it in drive and download it that way.

  4. Avatarbill

    how do you put the malware on a cd?

  5. AvatarAnthony

    Error Msg: This file does not have a program associated with it for performing this action. Create an association in the set associations control panel

    I started getting this error after removing a few registry entries on advice from 2-viruses.com/remove-vista-guardian-2010 on how to get rid of that virus. Here are the entries that were advised to be delete:

    HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command “(Default)” = “av.exe” /START “%1? %*
    HKEY_CURRENT_USER\Software\Classes\secfile\shell\open\command “(Default)” = “av.exe” /START “%1? %*
    HKEY_CLASSES_ROOT\.exe\shell\open\command “(Default)” = “av.exe” /START “%1? %*
    HKEY_CLASSES_ROOT\secfile\shell\open\command “(Default)” = “av.exe” /START “%1? %*
    HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command “(Default)” = “av.exe” /START “firefox.exe”
    HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command “(Default)” = “av.exe” /START “firefox.exe” -safe-mode
    HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command “(Default)” = “av.exe” /START “iexplore.exe”
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center “AntiVirusOverride” = “1?
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center “FirewallOverride” = “1?

    I first noticed the issue when I tried running the task manager(taskmgr.exe). Trying to run it from the Start Menu, run box, or right clicking the task bar gives the same error. This happens with Firefox, Opera, Unreal, IE, and Im sure many others.

    I am familiar with how to associate file types with programs, but how do i reassociate the task manager with itself aside from a repair installation. I even tried to run the opera installer and I get the same error. ?

  6. AvatarAlicia P.

    I have a Dell and Im tring to remove this Vista Guardian Program from my laptop…SOMEONE PLEASE HELP!

  7. Avataranjum

    hi…….i want to gardian antivirus 2011 in my virus infected computer………what will be do?and my os is window vista and temprary antivirus alo install

Leave a Comment

Your email address will not be published. Required fields are marked *