Upon installation, the rogue application adds itself to the list of applications that runs automatically when Windows starts. It then runs a fake system scan and gives false reports of threats on your computer. PC Security Guardian configures Internet Explorer to use a proxy over a LAN connection. It hijacks the default browser and displays search results from findgala.com. It also may also display the fake "Reported Attack Site!" warning while browsing the Internet.
If you click the "Removal all" threats button, it will take you to a web page where they can purchase a license for the rogue program: either a 6-months, 1-year, or lifetime license ($50-$90). If you need an activation key, you may use this one: U2FD-S2LA-H4KA-UEPB. It works so far.
They even have their own support center.
It's possible to manually remove PC Security Guardian (associated files are listed at the end of this page), however, it is advisable to use anti-malware software. Besides, the offending randomly named files are hidden and even have the "protected system file" attributes, so it might be rather difficult for some of you to find those files. If you have any questions or need assistance in removing PC Security Guardian, please let us know. Just leave a comment below. Good luck and be safe online!
Related malware: Best Malware Protection, Internet Security Essentials, Smart Internet Protection 2011.
PC Security Guardian removal instructions:
1. Reboot your computer is "Safe Mode with Networking". As the computer is booting tap the "F8 key" continuously which should bring up the "Windows Advanced Options Menu" as shown below. Use your arrow keys to move to "Safe Mode with Networking" and press Enter key. Read more detailed instructions here: http://www.computerhope.com/issues/chsafe.htm
NOTE: Login as the same user you were previously logged in with in the normal Windows mode.
2. Launch Internet Explorer. In Internet Explorer go to: Tools->Internet Options->Connections tab. Click Lan Settings button and uncheck the checkbox labeled Use a proxy server for your LAN. Click OK. You may have to repeat steps 1-2 if you will have problems downloading malware removal programs.
3. Download free anti-malware software from the list below and run a full system scan.
NOTE: in some cases the rogue program may block anti-malware software. Before saving the selected program onto your computer, you may have to rename the installer to iexplore.exe or winlogon.exe With all of these tools, if running Windows 7 or Vista they MUST be run as administrator. Launch the program and follow the prompts. Don't forget to update the installed program before scanning.
4. New threats appear every day. In order to protect your PC from such (new) infections we strongly recommend you to use ESET Smart Security.
Alternate PC Security Guardian removal instructions using HijackThis or Process Explorer (in Normal mode):
1. Launch Internet Explorer. In Internet Explorer go to: Tools->Internet Options->Connections tab. Click Lan Settings button and uncheck the checkbox labeled Use a proxy server for your LAN. Click OK.
2. Download Process Explorer.
3. Rename procexp.exe to iexplore.exe and run it. Look for similar process in the list and end it:
- PSa3b_238.exe
Launch the iexplore.exe and click "Do a system scan only" button.
If you can't open iexplore.exe file then download explorer.scr and run it. Search for similar entries in the scan results:
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:24525
O4 - HKCU\..\Run: [PC Security Guardian] "C:\Documents and Settings\All Users\Application Data\a2a0b6\PSa3b_238.exe" /s /d
Select all similar entries and click once on the "Fix checked" button. Close HijackThis tool.
4. Download free anti-malware software from the list below and run a full system scan.
NOTE: in some cases the rogue program may block anti-malware software. Before saving the selected program onto your computer, you may have to rename the installer to iexplore.exe or winlogon.exe With all of these tools, if running Windows 7 or Vista they MUST be run as administrator. Launch the program and follow the prompts. Don't forget to update the installed program before scanning.
5. New threats appear every day. In order to protect your PC from such (new) infections we strongly recommend you to use ESET Smart Security.
Associated PC Security Guardian files and registry values:
Files:
Windows XP
- C:\Documents and Settings\All Users\Application Data\a2a0b6\
- C:\Documents and Settings\All Users\Application Data\a2a0b6\PSa3b_238.exe
- C:\Documents and Settings\All Users\Application Data\a2a0b6\PSGSys
- C:\Documents and Settings\All Users\Application Data\a2a0b6\Quarantine Items
- C:\Documents and Settings\All Users\Application Data\a2a0b6\PSG.ico
- C:\Documents and Settings\[UserName]\Application Data\PC Security Guardian\
- C:\ProgramData\a2a0b6
- C:\ProgramData\a2a0b6\PSGSys
- C:\ProgramData\a2a0b6\Quarantine Items
- C:\ProgramData\a2a0b6\PSa3b_238.exe
- C:\ProgramData\a2a0b6\PSG.ico
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\PC Security Guardian
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "PC Security Guardian"
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options "Debugger" = "svchost.exe"
- HKEY_CLASSES_ROOT\Software\Microsoft\Internet Explorer\SearchScopes\URL http://findgala.com/?&uid=247&q={searchTerms}
No comments:
Post a Comment