Your computer is infected with malicious software? Do you have popups on your PC?
If so, search this blog for removal instructions or find computer threats by category.

Thursday, April 24, 2014

How to Remove TR/BProtector.Gen2 (Uninstall Guide)

TR/BProtector.Gen2 is a Trojan horse that can download and install adware and potentially unwanted programs on your computer, take Optimizer Pro and ADWARE/bProtect.D, for instance. The detection routine was developed a month ago which means that this specific infection is new. Damage potential is low, however, distribution potential remains pretty high. Once installed, this Trojan horse will download and install addition adware and spyware components on your computer in the background without your permission and knowledge. It will then use rundll32.exe and other Windows system programs to finish the installation. Network traffic will increase significantly because usually this Trojan horse downloads multiple setup.exe files for different adware and PUPs and later connects to third-party servers to confirm successful installations. What is more, TR/BProtector.Gen2 installs malicious web browser extensions that can inject ads into pretty much any web page you visit and also display pop-up ads on your computer.

TR/BProtector.Gen2 detection
This Trojan horse is promoted through the use of fake Flash Player update websites and dodgy software download sites. It also comes bundled with other programs, mostly PUPs, toolbars, freeware and similar programs. TR/BProtector.Gen2 is pretested as an option software package or a special offer. It may even have a valid digital signature and of course it will be presented as a very useful tool that enhance your web browse capabilities. And indeed, some programs that this Trojan comes bundled with may be useful. However, considering the price you will have to pay for it later, I suggest to decline such software "offers". Unless, of course, you want to be flooded with never ending pop-ups ads and browser redirects to misleading websites.

It's very important to understand that this infection is usually installed together with other malware. In other words, if you've detected this infection on your computer then there's a good chance that your PC or laptop is infected with even more adware and PUPs or spyware. The first thing you should do is obviously get rid if TR/BProtector.Gen2. This can be done manually, but I recommend using anti-malware programs. Besides, since there's probably more than one adware/malware infection on your computer running full anti-malware scan is very important. Sadly, but most anti-virus programs cannot properly detect and remove this infection from the system. That's why I recommend anti-malware programs. To remove this Trojan horse from your computer, please follow the steps in the removal guide below. If you have any questions, please leave a comment below. Good luck and be safe online!

Written by Michael Kaur, http://deletemalware.blogspot.com


TR/BProtector.Gen2 removal instructions:

1. First of all, download recommended anti-malware software and run a full system scan. It will detect and remove this infection from your computer.





2. Download and run TDSSKiller. Press the button Start scan for the utility to start scanning.



3. Wait for the scan and disinfection process to be over. Then click Continue. Please reboot your computer after the disinfection is over.



Read more

Wednesday, April 23, 2014

How to Remove AtuZi (Uninstall Guide)

AtuZi is an adware application that installs as a browser plugin across all the browsers and places ads randomly on pages or hyperlinks random words. Whenever you click somewhere on the web page, it will open popup windows as well with ads by AtuZi. Furthermore, it will collect your browsing information and use it to display more relevant ads based on your searches and visited websites. So, it's not only adware but also spyware that may access certain information on all websites you visit. Needles to say, you should remove AtuZi from your computer. To do so, please follow the steps in the removal guide below.

Let's face it, we all run across unwanted situations in our lives but when that includes unwanted software this can be just another annoyance that you really don't have the time or the patience to deal with on top of everything else that your busy day is throwing at you. Potentially Unwanted Programs and adware like AtuZi usually appear without warning on your PC.

AtuZi 1.0.1
There are numerous different strains of AtuZi adware out there but they all fall under the same umbrella and all you really need to know is how they get on your machine in the first place and what you can do to protect yourself against these irritants.

But let's start from the beginning: what exactly is AtuZi and what effect does it have on your computer? Atuzi is designed to spam your PC with these aforementioned unwanted apps – such as a browser extension – as well as adware in the form of pop-up adverts. It can also install more potentially malicious software on your machine which will redirect you to websites of the publisher's choice which is frustrating and time consuming to deal with.

AtuZi is not categorized as a virus in the traditional sense but to you and me it may well be for it has some unpleasant and annoying traits. We've already briefly covered the browser hijacking capability – the reason you now have that unfamiliar and unwieldy new extension installed on your browser. But it can also affect your user experience thanks to the proliferation of pop-up advertisements and the constant redirection of your searches.

So why create such adware programs in the first place? Adware and similar PUPs are developed in order to increase advertising revenue. This one is not an exception. The reason many PUPs contain adware is so that the publishers can employ 'black hat' SEO (Search Engine Optimization) techniques to direct Internet traffic to their (or somebody who is paying them) websites, thus also helping them rank more highly in search engine results. All this means for you though, is that you'll end up with a headache when you're trying to browse the Internet or get some work done.

This begs the question of how the AtuZi got on your computer in the first place. In the majority of cases it will have been when you installed some free software (freeware). This could have been a download of a TV series, a PDF document creator or even a reputable tool such as Skype (from a dodgy download website). Adware programs are bundled into the installation and thereby sneak their way on to your computer.


Finally, how can you avoid installing it? The first and most important rule is to pay attention when you're downloading software and make sure you uncheck any boxes in the license agreement that says that 'special offer' or 'added extras' are included with the installation. Take a few moments to read this agreement and uncheck boxes accordingly – after all when it comes to your online safety prevention is better than cure.

Written by Michael Kaur, http://deletemalware.blogspot.com


AtuZi Removal Guide:

1. First of all, download anti-malware software and run a full system scan. It will detect and remove this infection from your computer. You may then follow the manual removal instructions below to remove the leftover traces of this malware. Hopefully you won't have to do that.





2. Remove AtuZi related programs from your computer using the Add/Remove Programs control panel (Windows XP) or Uninstall a program control panel (Windows 7 and Windows 8).

Go to the Start Menu. Select Control PanelAdd/Remove Programs.
If you are using Windows Vista or Windows 7, select Control PanelUninstall a Program.



If you are using Windows 8, simply drag your mouse pointer to the right edge of the screen, select Search from the list and search for "control panel".



Or you can right-click on a bottom left hot corner (formerly known as the Start button) and select Control panel from there.



3. When the Add/Remove Programs or the Uninstall a Program screen is displayed, scroll through the list of currently installed programs and remove the following:
  • AtuZi
  • LyricsSay-1
  • BlocckkTheAds
  • HD-Plus 3.5
  • and any other recently installed application


Simply select each application and click Remove. If you are using Windows Vista, Windows 7 or Windows 8, click Uninstall up near the top of that window. When you're done, please close the Control Panel screen.


Remove AtuZi related extensions from Google Chrome:

1. Click on Chrome menu button. Go to ToolsExtensions.



2. Click on the trashcan icon to remove AtuZi 1.0.1, LyricsSay-1, Quiknowledge, HD-Plus 3.5 and other extensions that you do not recognize.



If the removal option is grayed out then read how to remove extensions installed by enterprise policy.





Remove AtuZi related extensions from Mozilla Firefox:

1. Open Mozilla Firefox. Go to ToolsAdd-ons.



2. Select Extensions. Click Remove button to remove AtuZi 1.0.1, LyricsSay-1, Quiknowledge, HD-Plus 3.5 and other extensions that you do not recognize.




Remove AtuZi related add-ons from Internet Explorer:

1. Open Internet Explorer. Go to ToolsManage Add-ons. If you have the latest version, simply click on the Settings button.



2. Select Toolbars and Extensions. Click Remove/Disable button to remove the browser add-ons listed above.

Read more

TubeSaver Adware. How to remove?

It feels like it's becoming harder and harder to escape the steady stream of numerous types of adware programs like TubeSaver that may suddenly appear on our PCs or laptops. But just how do these potential enemies and annoyances find their way on to our machines – and – the million dollar question - how to get rid of them? But first, how did the TubeSaver install itself on your PC in the first place? Sorry to break it to you but it was probably your fault! Adware and PUPs are usually bundled with other programs meaning that when you're downloading the latest blockbuster movie or installing a piece of software you can also be installing a PUP. In short, TubeSaver or Tube Saver is an adware program. Once installed, it will display at last a few ads by TubeSaver on a web page. It could be any web page, even your web based email page.

Ads by TubeSaver
What is more, such adware programs are very often missed by even the most popular anti-virus programs. The difference between a particularly evil piece of malware designed to steal your personal information and adware – are very different but one thing is for sure and that it is crucial that you protect yourself by installing reputable anti-malware software on your computer. This is definitely your best chance of stopping foes in their tracks before they have the chance to do you any harm. A decent program should be able to detect and delete all types of rogue software that are aiming to do you damage. It should also be able to also pick up upon TubeSaver which despite not technically a virus is still something that is, if not technically malicious, can still be extremely annoying. Keep in mind that this adware comes bundled with other sketchy programs, so there's always a chance that it's not the only adware installed on your computer.

TubeSaver is a pain for a number of reasons. It will plague you with pop up ads for dodgy websites and products you probably don't want. And, perhaps most annoyingly, they also hijack your browser and install malicious browser extensions that can access your data on all websites and even track what websites you are visiting. You're probably already perfectly happy with your current extensions and it goes without saying that one that chooses to install itself without asking your permission is rarely useful and doesn't do much more than confuse you and get on your nerves! Another knock-on effect is that this adware is capable of installing more unwanted software on your machine which will redirect your searches to a website of the PUPs creator's choice instead of the site that you want to visit.

As mentioned you should always have a good anti-malware program installed but you can also be proactive by paying more attention to the things you download. If a website looks disreputable and you're not 100% downloading something from it will be safe, trust your instincts and leave well alone. Also read end user license agreements carefully - because adware and PUPs come packaged with other programs the EULA should reference them. Don't just click 'OK' but read agreements carefully and uncheck boxes that have already been checked saying you want to install 'added extras' to ensure you're not agreeing to install something you don't want. If your computer is already infected with this adware, please follow the steps in the removal guide below. Hopefully, it will help you to solve your problems. And as usual, if you have any questions, please leave a comment below. Good luck and be safe online!

Written by Michael Kaur, http://deletemalware.blogspot.com


A Guide to Removing TubeSaver:

1. First of all, download anti-malware software and run a full system scan. It will detect and remove this infection from your computer. You may then follow the manual removal instructions below to remove the leftover traces of this malware. Hopefully you won't have to do that.





2. Remove TubeSaver related programs from your computer using the Add/Remove Programs control panel (Windows XP) or Uninstall a program control panel (Windows 7 and Windows 8).

Go to the Start Menu. Select Control PanelAdd/Remove Programs.
If you are using Windows Vista or Windows 7, select Control PanelUninstall a Program.



If you are using Windows 8, simply drag your mouse pointer to the right edge of the screen, select Search from the list and search for "control panel".



Or you can right-click on a bottom left hot corner (formerly known as the Start button) and select Control panel from there.



3. When the Add/Remove Programs or the Uninstall a Program screen is displayed, scroll through the list of currently installed programs and remove the following:
  • TubeSaver
  • LyricsSay-1
  • BlocckkTheAds
  • HD-Plus 3.5
  • and any other recently installed application


Simply select each application and click Remove. If you are using Windows Vista, Windows 7 or Windows 8, click Uninstall up near the top of that window. When you're done, please close the Control Panel screen.


Remove TubeSaver related extensions from Google Chrome:

1. Click on Chrome menu button. Go to ToolsExtensions.



2. Click on the trashcan icon to remove TubeSaver-16, LyricsSay-1, Quiknowledge, HD-Plus 3.5 and other extensions that you do not recognize.



If the removal option is grayed out then read how to remove extensions installed by enterprise policy.




Remove TubeSaver related extensions from Mozilla Firefox:

1. Open Mozilla Firefox. Go to ToolsAdd-ons.



2. Select Extensions. Click Remove button to remove TubeSaver-16, LyricsSay-1, Quiknowledge, HD-Plus 3.5 and other extensions that you do not recognize.




Remove TubeSaver related add-ons from Internet Explorer:

1. Open Internet Explorer. Go to ToolsManage Add-ons. If you have the latest version, simply click on the Settings button.



2. Select Toolbars and Extensions. Click Remove/Disable button to remove the browser add-ons listed above.

Read more

Saturday, April 19, 2014

What is bukgmhvrux64.exe and how to remove it?

Bukgmhvrux64.exe - by Adpeak


What is bukgmhvrux64.exe?


Bukgmhvrux64.exe is a part of an adware program that belongs to Adpeak adware family. It has been detected as Adware.Adpeak.M, Win64/Adware.Adpeak.C and Adware.Adpeak by multiple anti-virus engines (scan results). There are, however, a few anti-virus engines that detect it as a Trojan horse - Trojan/Win32.SGeneric. Once installed, it will display pop-ups and inline ads on your computer. It can also redirect to misleading websites that are pushing questionable products or services. Some variants of this adware can also gather certain information about your browsing habits and send it to third party servers in the background without your permission. I'm not sure if we can classify as a Trojan but it's definitely an adware with spyware modules. The file is not is not digitally signed. It's almost certain not essential for Windows and may even cause problems. It's configured to run automatically every time Windows starts. Last, but not least, very often this adware comes bundled with other potentially unwanted programs. I recommend you to remove bukgmhvrux64.exe from your computer and run a full system scan with recommended anti-malware software.







File name: bukgmhvrux64.exe
Publisher: Adpeak
File Location Windows XP: C:\Program Files\002\
File Location Windows 7: C:\Program Files\002\
Startup file: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run → bukgmhvrux64.exe

Read more

Wednesday, April 16, 2014

Remove newnext.me nengine.dll error pop-up (Uninstall Guide)

Newnext.me nengine.dll error message pops up when your computer is infected with adware and PUPs. This DLL file belongs to an adware program detected as NewNextDotMe, Trojan_NextLive.adw, Adware.NextLive.1 and PUP.Optional.NextLive.A by multiple anti-virus engines. It comes bundled with Mobogenie and other potentially unwanted programs. Perhaps the most worrying part about such programs is that they install themselves on your computer without your knowledge and without your permission. Whilst not generally speaking, harmful they are incredibly annoying and they can leave your machine vulnerable to attacks by nastier forms of malicious software.

RunDLL
There was a problem starting C:\Users\[UserName]\Appdata\Roaming\newnext.me\nengine.dll
The specified module could not be found.

nengine.dll error

As I said, in the majority of case adware and PUPs will be bundled, or packaged, with another piece of software. Sometimes this software is reputable and sometimes it is not. Newnext.me and NextLive adware don't discriminate! So, you could find yourself with an adware or a PUP on your machine that had latched itself onto that flashing set of emoticons that you downloaded because you really couldn't live without them.

The good news is that you can usually catch Newnext.me at the source, as when you're downloading something PUPs are quite often referred to in the End User License Agreement that you're supposed to read (!) when downloading something. Reading the End User License Agreement will save you time and headaches when you have to remove nengine.dll errors or pop-ups. Chances are, like many people you just skip through these but if you took a few moments more you may notice that some EULAs contain some wording that is nothing to do with the download you do want. Wording like 'We suggest that you also install the...'. And then, here's the sticky part, the check box will have already been ticked for you. The problem is that downloading software is hardly the most interesting of activities and many of us are guilty of not reading the small print and just clicking 'Next'... and then wondering why on earth we have a a malware/spyware application.

If you are getting nengine.dll error message when you turn on your computer it means that your computer is infected with Newnext.me adware or if you already removed it from the system, it could be that the startup information is still present and Windows tries to load the file that doesn't exist. As a result you get an error massage saying that nengine.dll module could not be found. It basically means that there are still some registry keys left that point to this adware file.

To resolve Newnext.me nengine.dll issue, you can use Autoruns for Windows or open up Windows registry editor, search for nengine.dll or Newnext.me and delete all entries you find. You can also remove this error message by removing the start-up entry in the Windows Task Scheduler. I recommend using Autoruns. Once the problem is fixed, scan your computer with anti-malware software. Why? Because very often this adware comes bundled with PUPs and even spyware. There might be malware on your computer that you didn't notice yet. If you have any questions, please leave a comment below. Good luck and be safe online!

Written by Michael Kaur, http://deletemalware.blogspot.com


Newnext.me nengine.dll error message removal guide:

1. First of all, download recommended anti-malware software and run a full system scan. It will detect and remove this infection from your computer. You may then follow the manual removal instructions below to remove the leftover traces of this malware. Hopefully you won't have to do that.





2. Download Autoruns for Windows and save it to your Desktop.

3. Launch autoruns.exe program (Vista/Windows 7/8 users right-click and select Run As Administrator).



4. In the top menu, click File > Find... and type the file name nengine.dll, then click Find Next. Alternatively, you can scroll through the list and look for any entry related to newnext.me.



5. If found, right-click on the entry and choose delete.

6. Close Autoruns and reboot your computer when done.

7. Scan your computer with anti-malware software.


Associated Files:
  • C:\Documents and Settings\[User]\Application data\newnext.me\nengine.dll (Windows XP)
  • C:\users\[User]\appdata\roaming\newnext.me\nengine.dll (Windows 7/8)
Read more

Wednesday, April 9, 2014

How to Remove ConstaSurf (Uninstall Guide)

ConstaSurf is an adware application that installs as a browser plugin across all the browsers and places ads randomly on pages or hyperlinks random words. Whenever you click somewhere on the web page, it will open popup windows as well with ads by ConstaSurf. It's not a virus as some users may describe but we could say it's a web browser related malware. Getting your computer hijacked by malware is both worrying and potentially dangerous but the sad fact is that it can happen to anyone, no matter how careful you think you're being when you're using the Internet. However, there are a number of steps we can take to lessen the risk, one of them being having reputable and up to date anti-malware software installed on your PC. This will give you a much better fighting chance in the war against viruses, malware, adware and Potentially Unwanted Programs – PUPs - before they do no good. But there are other things you can do to safeguard your system, just in case something does slip through the net. This guide will walk you through removing ConstaSurf and associated malware from your computer.

ConstaSurf ads

Viruses and malicious software (malware) are household names but how many of us know much about these so-called adware and Potentially Unwanted Programs? These are, normally unwanted, applications which install themselves on your system in a few different ways. Mostly it's when you're downloading free software; the latest season of Mad Men, the new Katy Perry album or some software that helps you read Chinese characters. Naturally we need, or want, any number of downloads whether for work or for pleasure, so what do we do if we don't want to stop downloading but we do want to protect our computers?

As mentioned above, using a good anti-malware program is your first line of defense – if you're not sure which one to go for, simply ask a friend who's a bit more technical, check in online forums or ask a local PC dealer. A decent anti-malware should be able to catch ConstaSurf before it installs itself on your PC. Although there is a slight problem in that as PUPs aren't considered viruses, many antiviruses do fail to pick up on them. And with annoying habits such as taking over your browser and replacing your normal toolbar with one of its own choosing or constantly redirecting you to new search engines and displaying pop-up ads, it's probably fair to say that ConstaSurf adware is not something you want on your machine.

Of course, the next question is how do lower your chances of being infected by ConstaSurf if your antivirus program may allow it to slip through the cracks? The good news is there are a number of things you can do yourself: firstly, don't download programs if you don't trust the website 100% - and don't download software from third party sites, always go straight to the publisher. And secondly, always read the End User License Agreement carefully when you're installing or downloading software. Yes, we know it can be a pain and you just want to get to your download, and no one can accuse EULAs of being interesting, but this is where adware creators will have hidden any mention of 'added extras'. Often you will find that the box saying you want to install these add-ons has already been checked for you. The rule: you don't want it? Uncheck that box before clicking 'OK'. However, if you are reading this then your your computer is probably already infected. To remove the adware program and any associated PUPs from your computer, please follow the steps in the removal guide below. If you have any questions, please leave a comment below. Good luck and be safe online!

Written by Michael Kaur, http://deletemalware.blogspot.com


ConstaSurf removal instructions:

1. First of all, download recommended anti-malware software and run a full system scan. It will detect and remove this infection from your computer. You may then follow the manual removal instructions below to remove the leftover traces of this infection. Hopefully you won't have to do that.





2. Remove ConstaSurf program from your computer using the Add/Remove Programs control panel (Windows XP) or Uninstall a program control panel (Windows 7 and Windows 8).

Go to the Start Menu. Select Control PanelAdd/Remove Programs.
If you are using Windows Vista or Windows 7, select Control PanelUninstall a Program.



If you are using Windows 8, simply drag your mouse pointer to the right edge of the screen, select Search from the list and search for "control panel".



Or you can right-click on a bottom left hot corner (formerly known as the Start button) and select Control panel from there.



3. When the Add/Remove Programs or the Uninstall a Program screen is displayed, scroll through the list of currently installed programs and remove the following ConstaSurf.



If you are using Windows Vista, Windows 7 or Windows 8, click Uninstall up near the top of that window. When you're done, please close the Control Panel screen.


Remove ConstaSurf from Google Chrome:

1. Click on Chrome menu button. Go to ToolsExtensions.



2. Click on the trashcan icon to remove the ConstaSurf extension.


Remove ConstaSurf from Mozilla Firefox:

1. Open Mozilla Firefox. Go to ToolsAdd-ons.



2. Select Extensions. Click Remove button to the ConstaSurf extension.


Remove ConstaSurf from Internet Explorer:

1. Open Internet Explorer. Go to ToolsManage Add-ons. If you have the latest version, simply click on the Settings button.



2. Select Toolbars and Extensions. Click Remove/Disable button to remove the ConstaSurf browser add-on.


Associated ConstaSurf Files:
  • C:\Documents and Settings\All Users\Application Data\ConstaSurf
  • C:\Documents and Settings\All Users\Application Data\ConstaSurf\IE\common.dll
Read more

Windows Internet Guard Removal Guide

Whether you think you may have been infected by a rogue antivirus program or you're just curious as to what they are, read on as this short article takes a close look at this particularly sneaky variety of malicious software. This page contains removal instructions for the Windows Internet Guard computer infection. Please use this guide to remove Windows Internet Guard and any associated malware.

What is Windows Internet Guard?

It's a malicious program that tries to trick you into downloading and sometimes paying for, it in order to remove viruses and threats that are completely fabricated. Fabricated by whom though? Fabricated by the makers of the rogue antivirus software, I'm sorry to say!

Windows Internet Guard malware screenshot

So as you can probably already tell from the very nature of its existence, rogue antivirus software is a very real online threat and one that you should take seriously. Unfortunately, however, rogue antivirus programs are increasingly becoming a big problem for both individual computer users at home and for businesses of all sizes. And being infected by one can not only leave us feeling duped, but we can end up out of pocket too.

How does Windows Internet Guard get on my computer in the first place?

To be honest there are a number of ways that this rogue antivirus software finds its way onto your PC however the most common one is via fraudulent pop-up windows and fake alerts that try to convince you that your machine has been infected. These alerts play on your insecurities and on your desire to protect your computer and your data. They will attempt to frighten you into downloading their software that will – supposedly - detect and delete the virus. And let's not lose sight of the fact that this is a fake virus. You can see where this is going!

Anything else I should look out for?

Quite honestly, yes. Pop-up windows are not the only way you can get infected by rogue antivirus software. Some other known ways include fake browser plug-ins and infected browser toolbars, fake online malware scanning websites and drive-by-downloads.

How do I protect myself against Windows Internet Guard?

So first and foremost, it is crucial that you bear in mind that these are fake warnings. But how can you tell? Especially when Windows Internet Guard pop-up windows have been designed to look like a genuine product? The key is to download a reputable, genuine antivirus software program to protect your computer. Take a good look at the logo, the design and the wording of this program and familiarize yourself with it. This is important as it will enable you to tell the difference if and when you are the victim of a spam pop-up alert.

You should also make sure your real antivirus software is kept up to date with the latest patches and that you run it frequently. A good antivirus will be able to spot any imposters. It is also important to note that a reputable antivirus publisher will never ask you for your credit card details before it performs its detect and delete procedure.

Good luck and stay safe out there!

Written by Michael Kaur, http://deletemalware.blogspot.com


Method 1: Windows Internet Guard removal using an activation key:

1. Open Windows Internet Guard scanner window. Click the "question mark button" (top right hand corner of the scanner window) and select "Register".



You should now see the registration form.

Enter one of the registration keys given below and click Register to activate this rogue security program. Don't worry, this is completely legal since it's not genuine software.

0W000-000B0-00T00-E0021 ← (new key)
0W000-000B0-00T00-E0001
0W000-000B0-00T00-E0002
0W000-000B0-00T00-E0003



Once this is done, you are free to install recommended anti-malware software and remove this malware from your computer.

2. Download recommended anti-malware software and run a full system scan to completely remove this rogue program and related malware from your computer.






Method 2: Windows Internet Guard removal instructions (Safe Mode with Command Prompt):

1. Reboot your computer in "Safe Mode with Command Prompt". As the computer is booting tap the "F8 key" continuously which should bring up the "Windows Advanced Options Menu" as shown below. Use your arrow keys to move to "Safe Mode with Command Prompt" and press Enter key.



2. Login as the same user you were previously logged in with in the normal Windows mode. When done, the Windows Command Prompt will open and you will see a screen similar to the one below.

3. Once the Command Prompt appears type in explorer and hit Enter.



4. The Windows desktop will now appear. When the desktop appears you can then close the Command Prompt window by clicking on the X.

5. Write the text in bold below to Notepad.

Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"GuardSoftware" =-

[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Shell"="explorer.exe"




6. Save file as fixshell.reg to your Desktop. NOTE: (Save as type: All files)



7. Double-click on fixshell.reg to run it. Click Yes for Registry Editor prompt window. Click OK.



NOTE: if you can't create the file as explained or you get an error, you can download the shellfix.reg file on a clean computer and burn it on to a CD or save it to a USB drive so that you can transfer the file to the infected computer. Then insert your CD or USB drive and double-click on the shellfix.reg and allow the data to be merged when you are prompted. Once the data has been merged, you can press the OK button and remove the removable media from your computer.

8. Please reboot your computer into the Normal Windows Mode and login as the infected user.

9. Now that you are at your normal Windows desktop, download recommended anti-malware software and run a full system scan. It will detect and remove this infection from your computer.






Method 3: Windows Internet Guard removal instructions (System Restore):

1. Reboot your computer in "Safe Mode with Command Prompt". As the computer is booting tap the "F8 key" continuously which should bring up the "Windows Advanced Options Menu" as shown below. Use your arrow keys to move to "Safe Mode with Command Prompt" and press Enter key.



2. Login as the same user you were previously logged in with in the normal Windows mode. When done, the Windows Command Prompt will open and you will see a screen similar to the one below.

3. Once the Command Prompt appears type in explorer and hit Enter.



4. The Windows desktop will now appear. When the desktop appears you can then close the Command Prompt window by clicking on the X.

5. Once in there, go to Start menu and search for "system restore". Or you can browse into the Windows Restore folder and run System Restore utility from there:

Win XP: C:\windows\system32\restore\rstrui.exe double-click or press Enter
Win Vista/7/8: C:\windows\system32\rstrui.exe double-click or press Enter

6. Select Restore to an earlier time or Restore system files... and continue until you get into the System Restore utility.



7. Select a restore point from well before the Windows Internet Guard appeared, two weeks should be enough.

8. Restore it. Please note, it can take a long time, so be patient.

9. Once restored, restart your computer and hopefully this time you will be able to login (Start Windows normally).

10. At this point, download recommended anti-malware software and run a full system scan to remove this malware from your computer.






Associated Windows Internet Guard Files:
  • C:\Documents and Settings\[User]\Application Data\guard-[random].exe (Windows XP)
  • C:\Users\[User]\AppData\Roaming\guard-[random].exe (Windows 7/8)
Associated Windows Internet Guard Keys:
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "GuardSoftware"
  • HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell"="C:\Users\[User]\AppData\Roaming\guard-[random].exe"
Read more