Windows Guard Tools

From Wiki-Security, the free encyclopedia of computer security

Windows Guard Tools Information
Type: Spyware
Analysis: Installs & gathers info from a PC without user permission.
Infection: By downloading freeware & shareware.
Symptoms: Changes PC settings, excessive popups & slow PC performance.
Detection Tool: >>> Download SpyHunter's Spyware Scanner <<<
Notice:






SpyHunter's spyware scanner is intended to quickly scan and identify spyware on your PC. If you wish to eliminate spyware from your PC and prevent future spyware attacks, we recommend you buy SpyHunter's spyware removal tool, which includes full technical support and a Spyware HelpDesk to tackle spyware that is uniquely affecting your PC.
IE Alert:


If you are using Internet Explorer and can not download SpyHunter, please use a different browser like Firefox or Chrome.

One of the fake anti-spyware programs from the FakeVimes family of malware, Windows Guard Tools, functions in the same way as its predecessors and many of the rogue anti-spyware tools in operation today. While this rogueware may appear to be simply annoying at the outset, Windows Guard Tools may have the capability to make any infected PC system susceptible to more infections, especially if not eliminated on time. Members of the FakeVimes family and clones of Windows Guard Tools are many, and these include Windows Pro Safety, Windows Antivirus Rampart, HDD Rescue and several others. Windows Guard Tools will attempt to do two things.

First, Windows Guard Tools will scare you into thinking that your computer is infected with spyware, and second, attempt to gain your trust by claiming that Windows Guard Tools can solve the problem. Once Windows Guard Tools has succeeded in doing these, Windows Guard Tools will resort to various tactics and have you whip up your credit card and pay for the so-called software. Only that, this software which you paid handsomely for, will not really solve the problem.

Convincing, Conniving Strategies of Windows Guard Tools


Like the rest of its earliest versions, Windows Guard Tools, doesn't possess the kind of solution-providing functionality Windows Guard Tools claims to have, especially in terms of malware removal. To make up for this lack of capability, however, this rogue anti-spyware program will use convincing, conniving tactics in order to lure PC and web users into their well-designed trap. After being installed, either manually or through a drive-by download, Windows Guard Tools will start to generate a full scan that doesn't last more than a few seconds each time.

The scans will show how the PC is loaded down by viruses or how many security threats have been found. Several system alerts, which are a challenge to close, will also crop up, warning you of the compromised state of your computer. The strategies don't end with all these, however. In order to gain your trust, Windows Guard Tools will present itself as the solution – the only viable solution, in fact – and invite you to purchase a full version of the software.

Removing Windows Guard Tools


Needless to say, Windows Guard Tools is one of the many fake PC security programs that have crept into the web and jeopardized many a PC system. It must be removed at once, and completely. Since Windows Guard Tools has been known to slow down an infected computer and disallow the user from accessing various applications, the only way to deal with it is to eliminate Windows Guard Tools. As Windows Guard Tools usually resists removal attempts, it is important to use only legitimate security software so as to uninstall the malware completely.

Many types of rogueware have already been introduced into the web and installed in PCs in recent years, beginning the year 2008. While countermeasures have been made to deal with the cyber criminals behind these rogue anti-spyware programs, the growing sophistication of these rogue anti-spyware tools have made immediate detection highly difficult. As a responsible web and PC user nonetheless, you can do your share when handling these types of Internet scams. Be on guard; don't let Windows Guard Tools get the better of you!

To check your computer for Windows Guard Tools, download SpyHunter Spyware Detection Tool.

SpyHunter spyware detection tool is only a scanner meant to assist you in detecting Windows Guard Tools and other threats. If you detect the presence of Windows Guard Tools on your PC, you have the opportunity to purchase the SpyHunter removal tool to remove any traces of Windows Guard Tools.

Contents

Detection of Windows Guard Tools (Recommended)

Windows Guard Tools is difficult to detect and remove. Windows Guard Tools is not likely to be removed through a convenient "uninstall" feature. Windows Guard Tools, as well as other spyware, can re-install itself even after it appears to have been removed.

You also run the risk of damaging your computer since you're required to find and delete sensitive files in your system such as DLL files and registry keys. It is recommended you use a good spyware remover to remove Windows Guard Tools and other spyware, adware, trojans and viruses on your computer.

Run a Windows Guard Tools scan/check to successfully detect all Windows Guard Tools files with the SpyHunter Spyware Detection Tool. If you wish to remove Windows Guard Tools, you can either purchase the SpyHunter spyware removal tool to remove Windows Guard Tools or follow the Windows Guard Tools manual removal method provided in the "Remedies and Prevention" section.

Method of Infection

There are many ways your computer could get infected with Windows Guard Tools. Windows Guard Tools can come bundled with shareware or other downloadable software.

Another method of distributing Windows Guard Tools involves tricking you by displaying deceptive pop-up ads that may appear as regular Windows notifications with links which look like buttons reading Yes and No. No matter which "button" that you click on, a download starts, installing Windows Guard Tools on your system. Windows Guard Tools installs on your computer through a trojan and may infect your system without your knowledge or consent.

If you think you may already be infected with Windows Guard Tools, use this SpyHunter Spyware dectection tool to detect Windows Guard Tools and other common Spyware infections. After detection of Windows Guard Tools, the next advised step is to remove Windows Guard Tools with the purchase of the SpyHunter Spyware removal tool.

Symptoms

Windows Guard Tools may attempt to change your computer's desktop, hijack your browser, monitor your Internet browsing activities, change system files, and can do this without your knowledge or permission. Therefore, it is strongly recommended to remove all traces of Windows Guard Tools from your computer.

Remedies and Prevention

Windows Guard Tools, as well as other Spyware, are constantly evolving and becoming more advanced to avoid detection. Windows Guard Tools along with its variants can install in different locations and even when you try to uninstall it you find they reappear when you reboot your computer.

Install a good anti-spyware software

When there's a large number of traces of Spyware, for example Windows Guard Tools, that have infected a computer, the only remedy may be to automatically run a Spyware scan from a good anti-spyware software designed to detect Windows Guard Tools and other types of spyware.

Remove Windows Guard Tools manually

Another method to remove Windows Guard Tools is to manually delete Windows Guard Tools files in your system. Detect and remove the following Windows Guard Tools files:

Processes

  • %AppData%\Windows Guard Tools\ScanDisk_.exe
  • %CommonAppData%\58ef5\SP98c.exe

Other Files

  • %AppData%\Microsoft\Internet Explorer\Quick Launch\Windows Guard Tools.lnk
  • %AppData%\Windows Guard Tools\Instructions.ini
  • %CommonAppData%\58ef5\SPT.ico
  • %CommonAppData%\SPUPCZPDET\SPABOIJT.cfg
  • %Desktop%\Windows Guard Tools.lnk
  • Programs%\Windows Guard Tools.lnk
  • %StartMenu%\Windows Guard Tools.lnk

Registry Keys

  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Activate Ultimate Protection\InstallLocation [unknown dir]
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Activate Ultimate Protection\Publisher UIS Inc.
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Activate Ultimate Protection\UninstallString “[unknown dir]\[unknown file name].exe” /del
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Activate Ultimate Protection\DisplayIcon [unknown dir]\[unknown file name].exe,0
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Activate Ultimate Protection\DisplayName Activate Ultimate Protection
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Activate Ultimate Protection\DisplayVersion 1.1.0.1010
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\Activate Ultimate Protection “%CommonAppData%\58ef5\SP98c.exe” /s /d
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Activate Ultimate Protection
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3F2BBC05-40DF-11D2-9455-00104BC936FF}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3F2BBC05-40DF-11D2-9455-00104BC936FF}\ Implements DocHostUIHandler
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3F2BBC05-40DF-11D2-9455-00104BC936FF}\LocalServer32
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3F2BBC05-40DF-11D2-9455-00104BC936FF}\LocalServer32\ [unknown dir]\[unknown file name].exe
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3F2BBC05-40DF-11D2-9455-00104BC936FF}\ProgID
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3F2BBC05-40DF-11D2-9455-00104BC936FF}\ProgID\ [unknown file name].DocHostUIHandler
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\FWCFG
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\FWCFG\ConsoleTracingMask -65536
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\FWCFG\EnableConsoleTracing 0
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\FWCFG\EnableFileTracing 0
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\FWCFG\FileDirectory %windir%\tracing
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\FWCFG\FileTracingMask -65536
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\FWCFG\MaxFileSize 1048576
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AAWTray.exe
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Dumped_.DocHostUIHandler
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Dumped_.DocHostUIHandler\ Implements DocHostUIHandler
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Dumped_.DocHostUIHandler\Clsid
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Dumped_.DocHostUIHandler\Clsid\ {3F2BBC05-40DF-11D2-9455-00104BC936FF}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVWEBGRD.EXE
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVWEBGRD.EXE\Debugger svchost.exe
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\About.exe
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\About.exe\Debugger svchost.exe
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Ad-Aware.exe
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AAWTray.exe\Debugger svchost.exe
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVCare.exe
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVCare.exe\Debugger svchost.exe
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVENGINE.EXE
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVENGINE.EXE\Debugger svchost.exe
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AlphaAV.exe
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AlphaAV.exe\Debugger svchost.exe
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AluSchedulerSvc.exe
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AluSchedulerSvc.exe\Debugger svchost.exe
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Ad-Aware.exe\Debugger svchost.exe
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AdwarePrj.exe
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AdwarePrj.exe\Debugger svchost.exe
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AlphaAV
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AlphaAV\Debugger svchost.exe

External links

Wiki-Security's RECOMMENDATION
Is your computer infected with spyware? Download SpyHunter's spyware detection tool to check for spyware on your PC.


Disclaimer Information
This website, its content or any portion of this website is NOT affiliated with, connected to, or sponsored by Windows Guard Tools or its creators in any way. This website does not advocate the actions or behavior of Windows Guard Tools and its creators. Our objective is to provide Internet users with the know-how to detect and remove Windows Guard Tools and other Internet threats.

The readers of this article should not mistake, confuse or associate this article to be an advertisement or a promotion of Windows Guard Tools in any way. The content provided on this website is intended for educational or informational purposes and is provided "AS IS" with no warranties, and confers no rights.
Views
Navigation