Home Malware Programs Rogue Anti-Spyware Programs AV Guard Online

AV Guard Online

Posted: October 5, 2011

Threat Metric

Threat Level: 10/10
Infected PCs: 47
First Seen: October 5, 2011
Last Seen: August 17, 2022
OS(es) Affected: Windows

AV Guard Online Screenshot 1AV Guard Online is another fake anti-virus product that hails from the line of other infamous security programs from the FakeScanti family and like it's ancestors, AV Guard Online has been confirmed to utilize fake errors and alerts as scarecrows, to make you want to shell out money to bring these alarming warnings to an end. However, SpywareRemove.com malware researchers advise against buying AV Guard Online, since, as a rogue anti-virus program, AV Guard Online lacks any real anti-virus features and can even harm your PC by blocking your security software or hijacking your browser. You can remove AV Guard Online with any suitably-robust anti-malware application, and it's suggested that you do just that, if you want your PC to be secure against viruses, Trojans and other PC threats.

The Empty Features Inside of AV Guard Online's Professional-Looking Package

AV Guard Online is marketed in the form of an anti-virus and general security program, but SpywareRemove.com malware researchers haven't seen any sign of AV Guard Online being able to find or remove any kind of genuine PC threat. What AV Guard Online has been confirmed to be able to do, however, is display errors that are unrelated to your computer's health or integrity. Common error messages may announce that your operating system is damaged, that certain programs are inaccessible or that a dangerous infection (such as a banking keylogger) is on your PC.

If your PC has been infected by AV Guard Online, you should avoid clicking on AV Guard Online's error messages or following AV Guard Online's instructions, since the only thing that AV Guard Online wants to do is make you spend money on AV Guard Online's nonsensical software package. Common errors that may also come along with AV Guard Online include the appearance of unusual shortcuts, a locked desktop image, browser redirects that force you to an AV Guard Online-related website and software instability.

AV Guard Online: A Jealous Guard Against Real Security

The easiest way to put a halt to AV Guard Online's colorful series of fake security features is to delete AV Guard Online with a good anti-malware program, although AV Guard Online itself will try to prevent this. If you try to delete AV Guard Online without shutting AV Guard Online down first, you may experience errors that block you from using anti-malware scanners. Standard error messages that AV Guard Online can cause during an anti-malware scan include:

"An unexpected problem occurred with your scan."

"Windows cannot access the specified device, path, or file. You may not have the appropriate permissions to access the item."

However, you shouldn't try to remove AV Guard Online or its clones by yourself when it can be avoided, since they hide their files in the Windows folder and can harm your PC if removed in an incomplete or improper fashion. To work around these problems and remove AV Guard Online, switch to Safe Mode, which any Windows PC can access, and then scan your computer for AV Guard Online's files.
AV Guard Online's family members include Security Guard, Sysinternals Antivirus, WireShark Antivirus, Milestone Antivirus, BlueFlare Antivirus, Wolfram Antivirus, OpenCloud Antivirus, OpenCloud Security, Data Restore, OpenCloud AV, Security Guard 2012, Cloud Protection, AV Protection Online, System Protection 2012, AV Security 2012, Sphere Security 2012, AV Protection 2011 and Super AV 2013.

AV Guard Online Automatic Detection Tool (Recommended)

Is your PC infected with AV Guard Online? AV Guard Online randomly changes it files and blocks all .exe files from executing on your computer. If AV Guard Online prevents virtually every program you try to run, including legitimate anti-malware software, we recommend you use this special downloader that will kill all processes. WARNING: This special downloader will kill all non-essential processes but keep the core processes intact.

<!--
document.write('');
-->

<!--
document.write('');
-->

AV Guard Online Screenshot 2AV Guard Online Screenshot 3AV Guard Online Screenshot 4AV Guard Online Screenshot 5

Technical Details

File System Modifications

Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.

The following files were created in the system:



%WINDIR%\system32\c5aQJ6dEKfZhXjV.exe File name: c5aQJ6dEKfZhXjV.exe
Size: 2.41 MB (2411520 bytes)
MD5: cf9e5ae469561b8bce223eb8496a005c
Detection count: 7
File type: Executable File
Mime Type: unknown/exe
Path: %WINDIR%\system32
Group: Malware file
Last Updated: August 17, 2022
%Windows%\system32\[random].exe File name: %Windows%\system32\[random].exe
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
%Documents and Settings%\[UserName]\Local Settings\Temp\[random].tmp File name: %Documents and Settings%\[UserName]\Local Settings\Temp\[random].tmp
File type: Temporary File
Mime Type: unknown/tmp
Group: Malware file
%Documents and Settings%\[UserName]\Desktop\AV Guard Online.lnk File name: %Documents and Settings%\[UserName]\Desktop\AV Guard Online.lnk
File type: Shortcut
Mime Type: unknown/lnk
Group: Malware file
%SystemRoot%\system32\[random].exe File name: %SystemRoot%\system32\[random].exe
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
%SystemRoot%\system32\[random].exe %AppData%\[random]EAV Guard Online.ico File name: %SystemRoot%\system32\[random].exe %AppData%\[random]EAV Guard Online.ico
Mime Type: unknown/ico
Group: Malware file
%AppData%\conhost.exe %AppData%\csrss.exe File name: %AppData%\conhost.exe %AppData%\csrss.exe
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
%AppData%\E84E.1B6 %AppData%\ldr.ini %AppData%\[random]\ %AppData%\[random]\ %AppData%\[random]\ File name: %AppData%\E84E.1B6 %AppData%\ldr.ini %AppData%\[random]\ %AppData%\[random]\ %AppData%\[random]\
Mime Type: unknown/ini %AppData%\[random]\ %AppData%\[random]\ %AppData%\[random]\
Group: Malware file
%AppData%\Microsoft\csrss.exe File name: %AppData%\Microsoft\csrss.exe
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
%UserProfile%\Desktop\AV Guard Online.lnk %Temp%\4F.tmp %Temp%\53.tmp File name: %UserProfile%\Desktop\AV Guard Online.lnk %Temp%\4F.tmp %Temp%\53.tmp
File type: Temporary File
Mime Type: unknown/tmp
Group: Malware file
%Temp%\54.tmp %Temp%\55.tmp File name: %Temp%\54.tmp %Temp%\55.tmp
File type: Temporary File
Mime Type: unknown/tmp
Group: Malware file
%UserProfile%\Start Menu\Programs\AV Guard Online\ %UserProfile%\Start Menu\Programs\AV Guard Online\AV Guard Online.lnk File name: %UserProfile%\Start Menu\Programs\AV Guard Online\ %UserProfile%\Start Menu\Programs\AV Guard Online\AV Guard Online.lnk
File type: Shortcut
Mime Type: unknown/lnk
Group: Malware file

Registry Modifications

The following newly produced Registry Values are:

HKEY..\..\..\..{Subkeys}HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce "AV Guard Online"HKEY_LOCAL_MACHINE\system\CurrentControlSet\Hardware Profiles\0001\Software\Microsoft\windows\CurrentVersion\Internet Settings "ProxyEnable=00000001"HKEY_CURRENT_USER\software\Microsoft\Windows\CurrentVersion\Internet Settings "ProxyServer=http=127.0.0.1:53717"HKEY_CURRENT_USER\software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections "DefaultConnectionSettings=3C0000000B0000000…"HKEY_CURRENT_USER\software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections "SavedLegacySettings=3C0000006B0000000…"HKEY_CURRENT_USER\software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run "%RANDOM%=%AppData%\csrss.exe"HKEY_CURRENT_USER\software\Microsoft\Windows NT\CurrentVersion\Windows "Load=%SystemRoot%\system32\lvvm.exe"HKEY_CURRENT_USER\software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell=explorer.exe,%AppData%\conhost.exe"HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Run "gTZqjYCkIrOyAuS8234A=%SystemRoot%\system32\[random]"

Additional Information

The following messages's were detected:
# Message
1Security Warning
There are critical system files on your computer that were modified by malicious software. It may cause permanent data loss.
Click here to remove malicious software.
2Windows Security Alert
To help protect your computer, Windows Firewall has blocked some features of this program. Do you want to keep blocking this program?
Name: Zeus Trojan Publisher: Unauthorized

Loading...