Tuesday, June 28, 2011

Remove Windows Microsoft Guardian virus

Windows Microsoft Guardian is a new fake security program from the same family of malware as Windows Rescue Center, Windows Risks Prevention, Windows Activity Inspector, Windows Power Expansion, Windows Simple Protector, Windows Background Protector, Windows Lowlevel Solution, Windows Support System, Windows Emergency System, etc. The program created to make troubles for a computer user and does not protect your machine in any way! Thus, never trust anything relate to Windows Microsoft Guardian.

What Windows Microsoft Guardian does

Windows Microsoft Guardian is promoted and distributed with the help of Microsoft Security Essentials Alert trojan. When the rogue is installed, it will register itself in the Windows registry to run automatically.

The program will perform a system scan and list a lot of trojans, viruses and other malicious programs. Of course, the scan and its results are a fake. The rogue uses the false scan results as method to trick you into purchase its full version. Thus, ignore all that Windows Microsoft Guardian will show you and remove it as soon as possible.

While Windows Microsoft Guardian is running, it will display various misleading notifications and fake security alerts from Windows taskbar. Some of the alerts are:

Microsoft Security Essentials Alert
Potential Threat Details
Microsoft Security Essentials detected potential threats that might compromise your private or damage your computer. Your access to these items may be suspended until you take an action. Click ‘show details’ to learn more.
Name: taskmgr.exe
Name: C:\WINDOWS\taskmgr.exe
Application that seems to be a key-logger is detected. System information security is at risk. It is recommended to enable the security mode and run total System scanning.

However, all of these alerts and notifications is a fake and like false scan result should be ignored.

As you can see, Windows Microsoft Guardian pretends to be a legitimate antivirus software but, in reality, it is a scam. You should remove this malware as soon as you notice it installed on the system.  Please use the steps below to remove this malware from your computer for free.

How to remove Windows Microsoft Guardian

Reboot your computer. When you will see a Windows Microsoft Guardian prompt, click OK and wait while it`s scanning your computer. Once the scan is complete click "Fix errors" button. Now you can close the rogue. Press ATL+F4 or "X" button at the top-right of Windows Rescue Center.

Click Start, type in search field
Press Enter.

It will open a contents of Roaming folder (Application Data for WINDOWS XP). Next, open Microsoft folder.

This malware hides its own files, so before next step you should enable "Show hidden files" option. Click Organize, next "Folder and search options”, next View tab. If you use Windows 2000/XP, open Tools, next Folder Options, next View tab.

Select “Show hidden files and folders” option and click OK button.

Now look for randomly named files, e.g lklklka.exe or lklklka, and rename them. Reboot your computer.

Download Malwarebytes Anti-malware. Double click mbam-setup.exe to install the application. When installation is complete, make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish. If an update is found, it will download and install the latest version.

Once the program has loaded you will see a screen like below.

Malwarebytes' Anti-Malware

Select "Perform Quick Scan", then click Scan. When the scan is done, click OK, then Show Results to view the results. You will see a list of malware that  Malwarebytes' Anti-Malware found on your computer. Note: list of malware may be different than what is shown in the screen below.

Malwarebytes' Anti-Malware - lists of malicious software

Make sure that everything is checked, and click Remove Selected. Once disinfection is finished, a log will open in Notepad and you may be prompted to Restart.

Your system should now be free of the Windows Microsoft Guardian malware.

No comments:

Post a Comment