How to remove XP Guardian?
What is XP Guardian?
Stay clear of XP Guardian application. It is the same program like XP Internet Security 2010 and Antivirus XP 2010 and differs only in name and the version of Operating System it runs on. XP Guardian is a rogue security program that is distributed through Trojans and installed imitating Windows automatic update.
Once inside, XP Guardian blocks any security application that is used on a computer and in this way protects itself from being removed. The program also limits the ability to run any other program by making some modifications in Windows Registry. When XP Guardian is started, it first runs the scanner on the targeted computer and displays numerous infections. No matter what XP Guardian states, these infections are not real. So they can be simply ignored. However, XP Guardian will insist to remove them by purchasing a full version of the program.
Browser hijacking is another feature of XP Guardian. Whenever you will try to visit some Internet it will redirect you to a website where you can make a payment for XP Guardian. XP Guardian will also generate fake security alerts titled “Spyware infection has been found!”, “Tracking software found!” or similar.
As you see, Guardian XP is designed only on one purpose – to steal money from computer users and it is ready to do anything in order to reach it. If your system was infected with this malicious software, please remove XP Guardian consulting a removal instruction that you will find below.
XP Guardian is Extremely dangerous
XP Guardian is a corrupt Anti-Spyware program XP Guardian may spread via Trojans XP Guardian may display fake security messages XP Guardian may install additional spyware to your computer XP Guardian may repair its files, spread or update by itself XP Guardian violates your privacy and compromises your security
for XP Guardian detection
Note: Spyware Doctor trial provides detection of parasite like XP Guardian and assists in its removal for free. You can remove detected files, processes and registry entries yourself or purchase a full version.
XP Guardian screenshots
Manual XP Guardian removal
Important Note: Although it is possible to manually remove XP Guardian, such activity can permanently damage your system if any mistakes are made in the process, as advanced spyware parasites are able to automatically repair themselves if not completely removed. Thus, manual spyware removal is recommended for experienced users only, such as IT specialists or highly qualified system administrators. For other users, we recommend using Spyware Doctor or other malware and spyware removal applications found on 2-viruses.com.
Stop these XP Guardian processes:
Remove these XP Guardian Registry Entries:
Remove these XP Guardian files:
It is impossible to list all file names and locations of modern parasites. You can identify remaining parasites, other XP Guardian infected files and get help in XP Guardian removal by using free Spyware Doctor scanner. It comes with free real-time protection module that helps preventing XP Guardian and similar threats.
XP Guardian is classified as Rogue Anti-Spyware. After infecting a user’s system, it proceeds to scare its victim into buying the “product” by displaying fake security messages, stating that your computer is infected with spyware and only XP Guardian can help you to remove it after you download the trial version. As soon as the victim downloads XP Guardian trial version, it pretends to scan your computer and shows a grossly exaggerated amount of non-existent errors. Then, XP Guardian offers to buy the full version to fix these false errors. If the user agrees, XP Guardian does not only fix the errors, but it also takes the user’s money and may even install additional spyware into the victim’s computer.
Some Rogue Anti-Spyware, such as XP Guardian, may offer users to buy it after the victim clicks on a banner or a pop-up while surfing the internet. Usually, a Trojan is installed to a victim’s computer after clicking on the advertisement. It then proceeds to download or even install XP Guardian, which is another way for Rogue Anti-Spyware to spread itself.
Most of rogue Anti-Spyware, such as XP Guardian, is nearly impossible to remove manually.
My fiancee has this virus. I removed everything as stated from registry, and now when I try to restore my computer or edit my registry, It tells me that
“This file does not have a program associated wit it for performing this action. Create an association in the folder options control panel”
So now I can’t access the registry b/c when I run regedit I get the above message.
I CAN get online now, the messages are gone. I can run everything so far. But I cannot associate with them. I had to create an association for a lot of other shortcuts, like my control panel, and firefox and IE, but I was able to do so. PLEASE advise! Thanks
**Note to all when removing these keys from the registry don’t delete the “%1″ %* from end, you will wind up with an error when trying to lauch all .exe programs. The error that appears is “this file does not have a program associated with it for performing this action”
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command “(Default)” = “av.exe” /START “%1? %
HKEY_CURRENT_USER\Software\Classes\secfile\shell\open\command “(Default)” = “av.exe” /START “%1? %
HKEY_CLASSES_ROOT\.exe\shell\open\command “(Default)” = “av.exe” /START “%1? %
HKEY_CLASSES_ROOT\secfile\shell\open\command “(Default)” = “av.exe” /START “%1? %
You have been warned. I have just spent the best part of 2 hours giving a user local admin rights and editing the registry trying to fix this.
E Genna: If you have local admin rights you can download and run this file http://www.winhelponline.com/exefix_xp.com to automatically fix the problem. If you want to manually correct the issue then use the following Start->Run “regedit.cm” This will get you into the registry to correct the keys.
Thanks Rob, I will try to fix it with the download. You’re right, I got rid of the “%1″ %* Unfortunately I cannot open regedit when I go to run b/c I get the same can’t open message. will let you know.
Rob when I got to the link, I run it and it takes me to the homepage where it doesn’t run. Any advice?
Well, it would have been nice if the warning was posted in the beginning of this fix. I deletec the values, so I can fix this by adding this back in those keys?
“%1″ %*
I read that as quote percent one quote space percent asterix
is that correct? Thanks
Rob, I used the exefix solution, found a confirming message here http://www.computing.net/answers/digitalphoto/computer-cant-run-any-files/2005.html
seems to have worked, thanks
First sign I had the virus was last night when it popped up.
It must have been running stealth for awhile though because it has already halted many processes. I cannot bring up explorer on that comp at all. It asks me what I want to run the program with. If I tell it the ie exe it comes back and tells me that rundll32 is missing or corrupt. Its blocking malware editors, nortons, etc.. and I can’t even get into my computer.
TO BE MORE CLEAR
Stop and remove XP Guardian processes:
======================================
av.exe
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command “(Default)” = “%UserProfile%\Local Settings\Application
Data\av.exe” /START “%1″ %*
=========================
!!! “%1″ %* MUST STAY !!!
=========================
HKEY_CURRENT_USER\Software\Classes\secfile\shell\open\command “(Default)” = “%UserProfile%\Local Settings\Application
Data\av.exe” /START “%1″ %*
=========================
!!! “%1″ %* MUST STAY !!!
=========================
HKEY_CLASSES_ROOT\.exe\shell\open\command “(Default)” = “%UserProfile%\Local Settings\Application Data\av.exe” /START “%1″
%*
=========================
!!! “%1″ %* MUST STAY !!!
=========================
HKEY_CLASSES_ROOT\secfile\shell\open\command “(Default)” = “%UserProfile%\Local Settings\Application Data\av.exe” /START
“%1″ %*
=========================
!!! “%1″ %* MUST STAY !!!
=========================
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command “(Default)” = “%UserProfile%\Local
Settings\Application Data\av.exe” /START “C:\Program Files\Mozilla Firefox\firefox.exe”
================================================================
!!! “C:\Program Files\Mozilla Firefox\firefox.exe” MUST STAY !!!
================================================================
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command “(Default)” = “%UserProfile%\Local
Settings\Application Data\av.exe” /START “C:\Program Files\Mozilla Firefox\firefox.exe” -safe-mode
===========================================================================
!!! “C:\Program Files\Mozilla Firefox\firefox.exe” -safe-mode MUST STAY !!!
===========================================================================
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command “(Default)” = “%UserProfile%\Local
Settings\Application Data\av.exe” /START “C:\Program Files\Internet Explorer\iexplore.exe”
===================================================================
!!! “C:\Program Files\Internet Explorer\iexplore.exe” MUST STAY !!!
===================================================================
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center “AntiVirusOverride” = “1″
================
!!! SET TO 0 !!!
================
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center “FirewallOverride” = “1″
================
!!! SET TO 0 !!!
================
Detect and delete other XP Guardian files:
==========================================
%UserProfile%\Local Settings\Application Data\av.exe
%UserProfile%\Local Settings\Application Data\WRblt8464P
Don’t remove the entries, modify them.
Where do you put all this code ?
So, I deleted all the XP Guardian registry entries as defined in the information above…only to read the reviews/help AFTER deleting INSTEAD of EDITING. I am on a company laptop so I don’t have access to everything, most likely. Any advice on how to correct the problem, as I can’t run the “regedit” any longer…PLEASE HELP!
JBRO : Try downloading and using this fix. Unzip on another PC and right-click on that file : http://www.dougknox.com/xp/fileassoc/xp_exe_fix.zip
press CTRL-ALT-DEL and open Task Manager. Once there, click File, then hold down the CTRL key and click New Task (Run). This will open a Command Prompt window. Enter REGEDIT.EXE and press Enter.
much appreciated everyone!
admin & JBRO: I did not need to download the .zip file, only to open the Task Manager, open the File menu, hold the CTRL key and select New Task (Run) – that got me into the registry where I could restore the correct values to all the keys I just deleted.
thanks again, everyone!
So I got XP guardian like 2 days ago and tried malware to get rid of it and did not work so I tried a couple of other programs and this one found it and got rid of XP guardian (SUPERAntiSpy). When it found the trojans it made my computer restart then when I got back on I did not see XP Guardian but when I try to open a program I get a box saying ” Open with ” ^^^^(what others said above I think)^^^^. So a couple of questions I guess do I still have XP guardian and how can I fix this I can’t even system restore or DL anything without an error message or the open box but I can access the internet when I get the open box and it gives me and option to look on the web for an appropriate program.
Neophites should NEVER go into the Registry for any reason! Leave it to the Pros. I’m an MCSA and tell all users to save this kind of work for those of us who do IT work for a living.
Hey new update I finally got in safe mode and did a system restore back to feb 21st and everything is looking good running scans and stuff I might be out of the hook hopefully if you think otherwise I would love to hear!
hey ive been doing the removal of registry items but instead of av. mine always says MSASCui. just thought id mention the difference
hola intente hacer lo que ustedes mencionan pero no me funciono esq yo tengo un ciber y la verdad si me urge una solucion porfis