XP Guardian Removal Instructions
XP Guardian (XPGuardian) is a Windows Shield fake antispyware. Windows Shield is a logo that you have seen many times, even if you do not remember that precisely. It is official symbol of Microsoft products, now used by hackers to make their scams look more trustworthy. XP Guardian is a clone of Antivirus Vista 2010, XP Internet Security 2010 and a dozen of other counterfeits, which do not differ much neither in skins, in which Windows Shield is used, nor in the executables.
Remove XP Guardian for the following reasons:
- it is annoying: it shows various alerts and fake scan window at variable frequency. Those alerts and scan windows are classified as annoying and misleading advertisement;
- it is installed as removal-proof executables of extended and can block other executables;
- in addition, it will try to manage your web-browser in order to ban websites providing reliable antispyware to remove XP Guardian.
In order to get rid of XP Guardian and any accompanying infections and other rogue residents of your PC found during free scan, click here to download XP Guardian removal tool (StopZilla!).
Automatic removal of XP Guardian:
Malware is likely to be accomponied by a group of numerous relatives and assisting programs. That is why we recomend to scan computer for malware and viruses if XP Guardian is your computer resident. The scan is 100% free. After the scan, you can remove XP Guardian in a safe mode as fast as your PC perfomance permits. Click the link below to scan your computer for free and get rid of XP Guardian.
Download StopZilla! to remove XP Guardian malware
Manual removal of XP Guardian:
XP Guardian manual removal means that you have relevant skills for managing .dll files and PC registry. After you remove XP Guardian manually, we still highly recommend you due to the reasons explained above to perform free scan for malware. Follow the relevant link above to start free scan (click on “Download StopZilla! to remove XP Guardian malware”).
Delete XP Guardian files:
av.exe
WRblt8464P
Delete XP Guardian registry entries:
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command “(Default)” = “av.exe” /START “%1? %
HKEY_CURRENT_USER\Software\Classes\secfile\shell\open\command “(Default)” = “av.exe” /START “%1? %
HKEY_CLASSES_ROOT\.exe\shell\open\command “(Default)” = “av.exe” /START “%1? %
HKEY_CLASSES_ROOT\secfile\shell\open\command “(Default)” = “av.exe” /START “%1? %
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command “(Default)” = “av.exe” /START “firefox.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command “(Default)” = “av.exe” /START “firefox.exe” -safe-mode
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command “(Default)” = “av.exe” /START “iexplore.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center “AntiVirusOverride” = “1?
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center “FirewallOverride” = “1?
Did you enjoy this post? Why not leave a comment below and continue the conversation,
or subscribe to my feed and get articles like this delivered automatically to your feed reader.
Comments
**Note to all when removing these keys from the registry don’t delete the “%1″ %* from end, you will wind up with an error when trying to lauch all .exe programs. The error that appears is “this file does not have a program associated with it for performing this action”
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command “(Default)” = “av.exe” /START “%1? %
HKEY_CURRENT_USER\Software\Classes\secfile\shell\open\command “(Default)” = “av.exe” /START “%1? %
HKEY_CLASSES_ROOT\.exe\shell\open\command “(Default)” = “av.exe” /START “%1? %
HKEY_CLASSES_ROOT\secfile\shell\open\command “(Default)” = “av.exe” /START “%1? %
You have been warned. I have just spent the best part of 2 hours giving a user local admin rights and editing the registry trying to fix this.
To bad the virus Program isn’t 100% free, maybe the time I wasted downloading it and running the “free” scan but to delete or fix the files you need to purchase it.. Nice.
for better help go here
http://www.myantispyware.com/2010/01/28/how-to-remove-xp-internet-security-2010-xp-guardian-antivirus-xp-2010/
TO BE MORE CLEAR
Stop and remove XP Guardian processes:
======================================
av.exe
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command “(Default)” = “%UserProfile%\Local Settings\Application
Data\av.exe” /START “%1″ %*
=========================
!!! “%1″ %* MUST STAY !!!
=========================
HKEY_CURRENT_USER\Software\Classes\secfile\shell\open\command “(Default)” = “%UserProfile%\Local Settings\Application
Data\av.exe” /START “%1″ %*
=========================
!!! “%1″ %* MUST STAY !!!
=========================
HKEY_CLASSES_ROOT\.exe\shell\open\command “(Default)” = “%UserProfile%\Local Settings\Application Data\av.exe” /START “%1″
%*
=========================
!!! “%1″ %* MUST STAY !!!
=========================
HKEY_CLASSES_ROOT\secfile\shell\open\command “(Default)” = “%UserProfile%\Local Settings\Application Data\av.exe” /START
“%1″ %*
=========================
!!! “%1″ %* MUST STAY !!!
=========================
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command “(Default)” = “%UserProfile%\Local
Settings\Application Data\av.exe” /START “C:\Program Files\Mozilla Firefox\firefox.exe”
================================================================
!!! “C:\Program Files\Mozilla Firefox\firefox.exe” MUST STAY !!!
================================================================
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command “(Default)” = “%UserProfile%\Local
Settings\Application Data\av.exe” /START “C:\Program Files\Mozilla Firefox\firefox.exe” -safe-mode
===========================================================================
!!! “C:\Program Files\Mozilla Firefox\firefox.exe” -safe-mode MUST STAY !!!
===========================================================================
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command “(Default)” = “%UserProfile%\Local
Settings\Application Data\av.exe” /START “C:\Program Files\Internet Explorer\iexplore.exe”
===================================================================
!!! “C:\Program Files\Internet Explorer\iexplore.exe” MUST STAY !!!
===================================================================
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center “AntiVirusOverride” = “1″
================
!!! SET TO 0 !!!
================
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center “FirewallOverride” = “1″
================
!!! SET TO 0 !!!
================
Detect and delete other XP Guardian files:
==========================================
%UserProfile%\Local Settings\Application Data\av.exe
%UserProfile%\Local Settings\Application Data\WRblt8464P
Rob.L
I accidentally did this (I deleted the entire registry key HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command “(Default)” = “av.exe” /START “%1? %) and, though i restored my system to the way it was a few days ago, and my .exe files are now running, I can no longer find those registry entries. apparently, HKEY_CURRENT_USER\Software\Classes\.exe\shell doesn’t exist, so I can’t get any further down the filepath than .exe
is this terribly bad for my system? It seems to be running fine, malwarebytes removed any traces of the virus that I hadn’t caught myself, but this lack of registry keys is unnerving to say the least.
to fill you in a little better
HKEY_CLASSES_ROOT\secfile doesn’t exist
HKEY_CLASSES_ROOT\.exe\shell doesn’t exist
HKEY_CURRENT_USER\Software\Classes\.exe\shell doesn’t exist
HKEY_CURRENT_USER\Software\Classes\secfile doesn’t exist.
i can’t find these folders at all in my regedit
I messed up. I deleted instead of modified, and now I think I got rid of the “%1″ %* thing. PLEASE help me. I’ve got the trial version of Spyware Doctor keeping the most inconvenient piece if software at bay.
Unfortunately another user post from another site did not specify to modify rather than delete. So now although I have removed AV.exe from my computer I am unable to open any .exe extensions. “This file does not have a program associated with it for performing this action” appears, even when trying to open regedit, therefore I am unable to modify it correctly. The same holds true with system restore. Any suggestions to fix this problem would be greatly appreciated.
Hi Andrew,
Thanks to let us know how to fix the problem uninstalling the XP guardian removal. It works fine, by the way the last post to fix the .exe files it is a good tip. Thanks
chancuco.
@ Andrew I just wanted to thank you for you prompt and helpful response. The link you recommended for the vista fix worked instantly and definitely saved me a lot of headache. I now know to modify rather than delete as well. Haha. Once again thanks. -Erik
I did the same thing as Brayden. Another site told me to delete instead of modify and now I cannot run any exe files including cmd or regedit from the run window in my copy of XP. Does anyone know how I can get back into the registry to re-add the values correctly as mentioned on this page? I’ve read that you have to have admin rights which I do, but I don’t know what to do from there. Thank you for your help!
Andrew, your comment on March 1 fixed my problem:
“run the .exe file association fix on Doug Knox’s site:
http://www.dougknox.com/. Go to Win XP Fixes section, then File
Association Fixes, Exe File Association Fix.”
THANK YOU!!!!
Many thanks for a concise walk through on the repair steps for a relatively new issue, Props to Rob L for his comment. Helped repair a client’s PC.
Thanks for working tool and tips! Aren’t you going to make a report on XP Guardian removal problem to Microsoft and why they do not care of their logo misuse by criminals?