cancel
Showing results for 
Search instead for 
Did you mean: 

Guard Online Virus - help

I have fallen victem to the guard online virus - its of the fake alert variety, where there is a big pop up with all this doom and gloom about how my computer is infected and that I need to purchase some scan thing.  Obviously I'm a little annoyed (really annoyed actually) in that I have McCaffe AT and T internet security suite.  It is now disabled as part of the virus, I can turn it on in safe mode but it does not detect anything.

The next thing I did was download the fake scan stinger.  I was able to get it to work but it detects nothing.  

I then used a few itger free ware scans, they all detected stuff and removed it but the virus remains.

Does anyone have any clues on how to get rid of this virus?  I'm using my work computer right now, and need my personal to do school work and what not.  Thanks

13 Replies
newjack
Level 12
Report Inappropriate Content
Message 2 of 14

Re: Guard Online Virus - help

Here is the full removal guide from Bleeping computer.Basically you will need to download Rkill and Malwarebytes.Here is the link.

http://www.bleepingcomputer.com/virus-removal/remove-av-guard-online       First run rkill then Malwarebytes.Read instructions first.Good luck

Message was edited by: newjack on 10/8/11 2:23:18 PM EDT

Re: Guard Online Virus - help

I suppose you've got the newest version of this scareware called "Guard Online" and not the previous one "AV Guard Online". Anyway, Bleepingcomputer's guide should work just fine. They are almost identical except the GUI. The new one looks like an iPad In short, clikc to register the rogue and enter this code: 9992665263. It's a kill code. Then run any removal tool you like. Please note that this rogue drops a TDL4 rookit. You should remove it too; otherwise the rogue may return. 

http://deletemalware.blogspot.com/2011/10/how-to-remove-guard-online-uninstall.html

http://oi54.tinypic.com/2ikfv36.jpg

Message was edited by: techrumy on 10/8/11 1:44:04 PM CDT

Message was edited by: techrumy on 10/8/11 1:47:34 PM CDT
Reliable Contributor exbrit
Reliable Contributor
Report Inappropriate Content
Message 4 of 14

Re: Guard Online Virus - help

Moved to Malware Discussions > Home User Assistance as a more appropriate spot.

Reliable Contributor Hayton
Reliable Contributor
Report Inappropriate Content
Message 5 of 14

Re: Guard Online Virus - help

According to a malware expert from another forum, AV Guard is a renamed variant of Open Cloud Security. The screenshot of this Fake AV looks very similar to both of those, so it's probably related - another variant. If that's the case, this thread should be in Top Threats along with the OCS discussions so I'm moving it there.

Reliable Contributor exbrit
Reliable Contributor
Report Inappropriate Content
Message 6 of 14

Re: Guard Online Virus - help

Thanks...it was in VirusScan originally.

Highlighted
Reliable Contributor Hayton
Reliable Contributor
Report Inappropriate Content
Message 7 of 14

Re: Guard Online Virus - help

@techrumy : confirmed. This is from the same family of malware as Open Cloud Security and is associated with the Zero Access rootkit, which is the subject of discussions in other threads.

There is a description of this malware and a removal guide (with the proviso that if a rootkit is also installed the fix will not work) at BleepingComputer HERE.

The relevant part of the description follows -

Some installations of the Rogue.WinAVPro family may be bundling the ZeroAccess rootkit along with the rogue. This rootkit will terminate any process that scans one of the items it is protecting in the Windows Registry or the file system. It will then change the permissions on that program so that when you attempt to run it again you will receive an access denied message. If you are infected with this Rootkit, then the following guide will not be able to remove the infection unless you first remove the rootkit. You can attempt to remove the rootkit using TDSSKiller ...

pcchick
Level 7
Report Inappropriate Content
Message 8 of 14

Re: Guard Online Virus - help

Hi I'm new here... Looks like everyone is giving great advice on removing Guard online. I work for a local virus removal company and I usually MBAM to remove most infections (thats the recommeded software on bleepingcomputer.)

However, Guard online is very similar to open clud virus and av guard virus and lust like with those infections every now and then we find that malwarebytes will not work to remove it.

If that is the case for anyone reading this and has already tried MBAM and it did not work, this is what we have been following in those instances. This site has a pretty good alternative to remove Guard online virus when MBAM doesn't work: http://www.ihowtoremove.com/guard-online-virus/

Also, I have not had to use RKILL once when removing Guard Online in safe mode. I know the instructions on bleep say to use it but you can easily skip that step as the virus is pretty nonexistant in safe mode.

Hope it helps!

newjack
Level 12
Report Inappropriate Content
Message 9 of 14

Re: Guard Online Virus - help

Actually from what I read in the removal guide.They say there is a good possiblity of a rootkit or other malware being installed.I would go through the entire guide and after removal.You may still want to start a post at bleeping computer or on of the others listed here at the bottom.Post at links below Hijack this to play it safe.

https://community.mcafee.com/docs/DOC-2168

Message was edited by: newjack on 10/9/11 3:26:04 PM EDT

Re: Guard Online Virus - help

New name: Cloud Protection. Everything else just stays the same. Sample submited to McAfee. Cheers!

http://deletemalware.blogspot.com/2011/10/how-to-remove-cloud-protection.html

Cloud_Protection.jpg

Message was edited by: techrumy on 10/10/11 3:57:13 PM CDT

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community