AV Guard Online
Posted: October 5, 2011
Threat Metric
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
| Threat Level: | 10/10 |
|---|---|
| Infected PCs: | 47 |
| First Seen: | October 5, 2011 |
|---|---|
| Last Seen: | August 17, 2022 |
| OS(es) Affected: | Windows |
AV Guard Online is another fake anti-virus product that hails from the line of other infamous security programs from the FakeScanti family and like it's ancestors, AV Guard Online has been confirmed to utilize fake errors and alerts as scarecrows, to make you want to shell out money to bring these alarming warnings to an end. However, SpywareRemove.com malware researchers advise against buying AV Guard Online, since, as a rogue anti-virus program, AV Guard Online lacks any real anti-virus features and can even harm your PC by blocking your security software or hijacking your browser. You can remove AV Guard Online with any suitably-robust anti-malware application, and it's suggested that you do just that, if you want your PC to be secure against viruses, Trojans and other PC threats.
The Empty Features Inside of AV Guard Online's Professional-Looking Package
AV Guard Online is marketed in the form of an anti-virus and general security program, but SpywareRemove.com malware researchers haven't seen any sign of AV Guard Online being able to find or remove any kind of genuine PC threat. What AV Guard Online has been confirmed to be able to do, however, is display errors that are unrelated to your computer's health or integrity. Common error messages may announce that your operating system is damaged, that certain programs are inaccessible or that a dangerous infection (such as a banking keylogger) is on your PC.
If your PC has been infected by AV Guard Online, you should avoid clicking on AV Guard Online's error messages or following AV Guard Online's instructions, since the only thing that AV Guard Online wants to do is make you spend money on AV Guard Online's nonsensical software package. Common errors that may also come along with AV Guard Online include the appearance of unusual shortcuts, a locked desktop image, browser redirects that force you to an AV Guard Online-related website and software instability.
AV Guard Online: A Jealous Guard Against Real Security
The easiest way to put a halt to AV Guard Online's colorful series of fake security features is to delete AV Guard Online with a good anti-malware program, although AV Guard Online itself will try to prevent this. If you try to delete AV Guard Online without shutting AV Guard Online down first, you may experience errors that block you from using anti-malware scanners. Standard error messages that AV Guard Online can cause during an anti-malware scan include:
"An unexpected problem occurred with your scan."
"Windows cannot access the specified device, path, or file. You may not have the appropriate permissions to access the item."
However, you shouldn't try to remove AV Guard Online or its clones by yourself when it can be avoided, since they hide their files in the Windows folder and can harm your PC if removed in an incomplete or improper fashion. To work around these problems and remove AV Guard Online, switch to Safe Mode, which any Windows PC can access, and then scan your computer for AV Guard Online's files.
AV Guard Online's family members include Security Guard, Sysinternals Antivirus, WireShark Antivirus, Milestone Antivirus, BlueFlare Antivirus, Wolfram Antivirus, OpenCloud Antivirus, OpenCloud Security, Data Restore, OpenCloud AV, Security Guard 2012, Cloud Protection, AV Protection Online, System Protection 2012, AV Security 2012, Sphere Security 2012, AV Protection 2011 and Super AV 2013.
AV Guard Online Automatic Detection Tool (Recommended)
<!--
document.write('
');
-->
<!--
document.write('
');
-->
Technical Details
File System Modifications
Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.
The following files were created in the system:%WINDIR%\system32\c5aQJ6dEKfZhXjV.exe
File name: c5aQJ6dEKfZhXjV.exeSize: 2.41 MB (2411520 bytes)
MD5: cf9e5ae469561b8bce223eb8496a005c
Detection count: 7
File type: Executable File
Mime Type: unknown/exe
Path: %WINDIR%\system32
Group: Malware file
Last Updated: August 17, 2022
%Windows%\system32\[random].exe
File name: %Windows%\system32\[random].exeFile type: Executable File
Mime Type: unknown/exe
Group: Malware file
%Documents and Settings%\[UserName]\Local Settings\Temp\[random].tmp
File name: %Documents and Settings%\[UserName]\Local Settings\Temp\[random].tmpFile type: Temporary File
Mime Type: unknown/tmp
Group: Malware file
%Documents and Settings%\[UserName]\Desktop\AV Guard Online.lnk
File name: %Documents and Settings%\[UserName]\Desktop\AV Guard Online.lnkFile type: Shortcut
Mime Type: unknown/lnk
Group: Malware file
%SystemRoot%\system32\[random].exe
File name: %SystemRoot%\system32\[random].exeFile type: Executable File
Mime Type: unknown/exe
Group: Malware file
%SystemRoot%\system32\[random].exe %AppData%\[random]EAV Guard Online.ico
File name: %SystemRoot%\system32\[random].exe %AppData%\[random]EAV Guard Online.icoMime Type: unknown/ico
Group: Malware file
%AppData%\conhost.exe %AppData%\csrss.exe
File name: %AppData%\conhost.exe %AppData%\csrss.exeFile type: Executable File
Mime Type: unknown/exe
Group: Malware file
%AppData%\E84E.1B6 %AppData%\ldr.ini %AppData%\[random]\ %AppData%\[random]\ %AppData%\[random]\
File name: %AppData%\E84E.1B6 %AppData%\ldr.ini %AppData%\[random]\ %AppData%\[random]\ %AppData%\[random]\Mime Type: unknown/ini %AppData%\[random]\ %AppData%\[random]\ %AppData%\[random]\
Group: Malware file
%AppData%\Microsoft\csrss.exe
File name: %AppData%\Microsoft\csrss.exeFile type: Executable File
Mime Type: unknown/exe
Group: Malware file
%UserProfile%\Desktop\AV Guard Online.lnk %Temp%\4F.tmp %Temp%\53.tmp
File name: %UserProfile%\Desktop\AV Guard Online.lnk %Temp%\4F.tmp %Temp%\53.tmpFile type: Temporary File
Mime Type: unknown/tmp
Group: Malware file
%Temp%\54.tmp %Temp%\55.tmp
File name: %Temp%\54.tmp %Temp%\55.tmpFile type: Temporary File
Mime Type: unknown/tmp
Group: Malware file
%UserProfile%\Start Menu\Programs\AV Guard Online\ %UserProfile%\Start Menu\Programs\AV Guard Online\AV Guard Online.lnk
File name: %UserProfile%\Start Menu\Programs\AV Guard Online\ %UserProfile%\Start Menu\Programs\AV Guard Online\AV Guard Online.lnkFile type: Shortcut
Mime Type: unknown/lnk
Group: Malware file
Registry Modifications
HKEY..\..\..\..{Subkeys}HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce "AV Guard Online"HKEY_LOCAL_MACHINE\system\CurrentControlSet\Hardware Profiles\0001\Software\Microsoft\windows\CurrentVersion\Internet Settings "ProxyEnable=00000001"HKEY_CURRENT_USER\software\Microsoft\Windows\CurrentVersion\Internet Settings "ProxyServer=http=127.0.0.1:53717"HKEY_CURRENT_USER\software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections "DefaultConnectionSettings=3C0000000B0000000…"HKEY_CURRENT_USER\software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections "SavedLegacySettings=3C0000006B0000000…"HKEY_CURRENT_USER\software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run "%RANDOM%=%AppData%\csrss.exe"HKEY_CURRENT_USER\software\Microsoft\Windows NT\CurrentVersion\Windows "Load=%SystemRoot%\system32\lvvm.exe"HKEY_CURRENT_USER\software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell=explorer.exe,%AppData%\conhost.exe"HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Run "gTZqjYCkIrOyAuS8234A=%SystemRoot%\system32\[random]"
Additional Information
| # | Message |
|---|---|
| 1 | Security Warning There are critical system files on your computer that were modified by malicious software. It may cause permanent data loss. Click here to remove malicious software. |
| 2 | Windows Security Alert To help protect your computer, Windows Firewall has blocked some features of this program. Do you want to keep blocking this program? Name: Zeus Trojan Publisher: Unauthorized |
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.