Vista Guardian is a malware that belongs to a family of rogue who has the tendency to rename itself depending on the infected computer’s operating system. In this case, Vista Guardian targets Vista systems. Other version of this malicious software includes Win7 Guardian and XP Guardian. The malware always incorporate the OS name to its activities for deceptive purposes. This will make the unwanted program to convince user that it is a legit component of Microsoft Windows. More than that, Vista Guardian will disguise as an anti-virus program that will remove threats and protect computer from viruses.
Vista Guardian, XP Guardian and Win 7 Guardian commonly arrive on computer as a Trojan component. It will modify system settings and hijacked Internet browser to a fake security web sites. On similar web site, malicious Java Script file is hosted and waiting to be downloaded and run on visitor’s PC. Vista Guardian silently loads into the system via drive-by-download method. Without any complicated process, this fake antivirus will take control of the system. It is configured in the manner that removing will be enormously difficult for the user.
Alias: Vista Guardian 2010, XP Guardian 2010, Win 7 Guardian 2010
Technical Details and Additional Information:
Damage Level: Medium
Systems Affected: Windows 9x, 2000, XP, Vista, Windows 7
Vista Guardian, XP Guardian and Win 7 Guardian are fake anti-virus applications. Unlike Trojans and viruses, these applications do not reproduce once it enters the system. They usually propagate by means of another infection. Once inside the computer, it generates some changes to Internet browser and registry. Rogue program process an attempts to call itself on every Windows boot-up by placing an entry on Windows registry. A more sophisticated rogue programs can halt security application by ending relevant process.
While Vista Guardian, XP Guardian or Win 7 Guardian runs inside the affected machine, it will display fake warnings on possible virus infections on the computer that will have message similar to this:
Vista Guardian 2010 Firewall Alert!
Vista Guardian 2010 has blocked a program from accessing the Internet
Internet Explorer is infected with Trojan-BNK.Win32-Keylogger.gen
Private data can be stolen by third parties, including credit card details and passwords.
Win 7 Guardian Removal Procedures
Systematic procedures to get rid of the threat are presented on this section. Make sure to scan the computer with suggested tools and scanners.
NOTE: It is recommended to PRINT or BOOKMARK this instruction because we need to restart Windows during the virus removal process.
Step 1 : Uninstall Win 7 Guardian from Windows
1 On Windows Start menu, type Uninstall on Search field. Select Apps & Features on the list. For lower version of Windows, please choose Program and Features. You can uninstall or modify any installed application using this feature.
2 On next window, look for the item "Win 7 Guardian" from the list and then, click on Uninstall button.
3 When it prompts for confirmation, please click Uninstall to start deleting Win 7 Guardian from Windows operating system.
Step 2 : Remove Win 7 Guardian remaining items with this tool
This guide requires a tool called Malwarebytes' Anti-Malware. It is a free tool designed to eradicate various computer infections including Win 7 Guardian. MBAM scanner and malware removal tool is distributed for free.
4 In order to completely remove Win 7 Guardian, it is best to download and run the recommended tool. Please click the button below to begin the download process.
5 After downloading, right-click on the file mb3-setup-consumer-[version].exe and select Run as Administrator to install the application.
6 Follow the prompts and install with dafault settings. There are no changes needed during the installation process.
7 Malwarebytes Anti-Malware will launch for the first time. If it prompts for database update, it is necessary proceed with this step.
8 Click on Scan Now button on scanner's console to ensure that it thoroughly check the PC for any presence of Win 7 Guardian and other forms of threats.
9 Once the scan has completed, Malwarebytes Anti-Malware will issue a list of identified threats. Mark all threats and remove them from the computer.
10 If it prompts to restart the computer, please reboot Windows normally.
Step 3 : Double-check if Win 7 Guardian still exists
11 Click on the button below to download Norton Power Eraser from official web site. File will be save on your Windows Downloads folder.
12 After downloading, navigate its location and double-click on the NPE.exe file to launch the program.
13 Norton Power Eraser will run. If it prompts for End User License Agreement, please click on Accept to proceed.
14 On NPE main window, click on Unwanted Application Scan to quickly check the computer for malicious programs including Win 7 Guardian.
Step 4 : Run Additional Scanner to Ensure that Win 7 Guardian is Totally Deleted
Online Virus Scanner:
Another way to remove a virus without the need to install additional anti-virus software is to perform a thorough scan with free Online Virus Scanner. Browse this page to see a list of free services from specific anti-virus and security company.
Alternative Removal Procedures for Win 7 Guardian
Use Windows System Restore to return Windows to previous state
During an infection, Win 7 Guardian drops various files and registry entries. The threat intentionally hides system files by setting options in the registry. With these rigid changes, the best solution is to return Windows to previous working state is through System Restore.
To verify if System Restore is active on your computer, please follow the instructions below.
1 On Windows Start menu, type RSTRUI on search field. Then, click the item or press Enter on keyboard.
2 "Restore system files and settings" window will appear. Click Next button to see the list of active restore points.
3 Select the most recent one prior to having Win 7 Guardian infection. Click Next to restore Windows to previous working and clean state.
4 It may take a while to fully restore back-up files. Restart Windows when done.
Optional : Win 7 Guardian manual uninstall guide
IMPORTANT! Manual removal of Win 7 Guardian requires technical skills. Deleting system files and registry entries by mistake may result to total disability of Windows system. We advise you to perform a backup of registry before proceeding with this guide.
1. Kill any running process that belongs to Win 7 Guardian.
- Press Ctrl+Alt+Del on your keyboard.
- When Windows Task Manager appears, look for Win 7 Guardian files (refer to Technical Reference) and click End Process.
2. Delete all registry entries that belong to this malware.
- Press [Windows Key]+R on your keyboard.
- In the 'Open' dialog box, type regedit and press Enter. This will open registry editor.
- Find and delete registry entries as mentioned in Technical Reference section.
- Close registry editor. Changes made will be saved automatically.
3. Scan the computer with antivirus program.
- Connect to Internet and open your antivirus software. Please update to obtain the latest database and necessary files.
- Restart the computer in Safe Mode.
- Just before Windows logo begins to load press F8 on your keyboard.
- On Windows Advanced Boot Options, select Safe Mode and press Enter.
- Thoroughly scan the computer with your updated antivirus software.
4. Delete all files dropped by Win 7 Guardian.
- While still in Safe Mode, search and delete malicious files. Please refer to 'Technical Reference'. Make sure that you execute 'End Task' first before deleting the file. Otherwise, the system will not let you perform this action.