Windows Guardian Angel
Posted: March 20, 2012
Threat Metric
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
Threat Level: | 10/10 |
---|---|
Infected PCs: | 74 |
First Seen: | March 20, 2012 |
---|---|
OS(es) Affected: | Windows |
Windows Guardian Angel is a fake anti-virus product that uses inaccurate system information as a way to force you to spend money on the full version of its software, which is equally fraudulent as its free version. Because Windows Guardian Angel isn't able to hold true to any of its promises of security features, SpywareRemove.com malware experts recommend that you treat Windows Guardian Angel as a garden-variety pest and remove Windows Guardian Angel with appropriate anti-malware software. You may want to do this in short order, since PC threats from Windows Guardian Angel's family have a reputation for causing browser redirects and blocking real security programs, either of which will leave your PC vulnerable to additional attacks.
Windows Guardian Angel: a Devil in Disguise for Your PC's Safety
From a cursory inspection, Windows Guardian Angel looks like a safe and full-featured anti-virus program, but this is strictly due to Windows Guardian Angel having copied most of its appearance from a version of Windows Security Center. Windows Guardian Angel can easily afford to tack on many other features that Security Center lacks for the simple reason that these extra features are fraudulent and don't have any purpose except to mislead you about your computer's health. Windows Guardian Angel, unlike a real anti-virus scanner, will display results that list nonexistent infections, as well as pop-ups with inaccurate error messages.
While Windows Guardian Angel goes to all this effort to encourage you to purchase a registered version of its software, SpywareRemove.com malware analysts recommend that you do anything but that. Since Windows Guardian Angel doesn't have legitimate security functions, there's no reason to purchase Windows Guardian Angel, even if you're just trying to make it easy to remove Windows Guardian Angel (a process that can be accomplished by any reasonably competent anti-malware program).
Surveying the Rest of Windows Guardian Angel's Fellow Imps
Windows Guardian Angel, as a member of FakeVimes, can also be thought of as a clone of such notorious rogue anti-virus programs as Privacy Guard Pro, PrivacyGuard Pro 2.0, Extra Antivirus, Fast Antivirus 2009, Presto TuneUp, Windows Security Suite, Smart Virus Eliminator, Packed.Generic.245, Volcano Security Suite, Windows Enterprise Suite, Enterprise Suite, Additional Guard, Live PC Care, PC Live Guard, Live Enterprise Suite, Security Antivirus, My Security Wall, CleanUp Antivirus and Smart Security. Since they're visually identical to each other, SpywareRemove.com malware researchers note that there should be little difficulty in identifying relatives of Windows Guardian Angel and deleting them with appropriate software whenever necessary.
Scamware from Windows Guardian Angel's family may also utilize other attacks that harm your computer until they're removed. SpywareRemove.com malware researchers have found that these attacks can include browser redirects and blockades erected against wide ranges of popular security products. If you need to access a security program that's being blocked, you can disable all PC threats, such as Windows Guardian Angel, by booting into Safe Mode, which will give you an optimal environment for scanning your PC.
Technical Details
File System Modifications
Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.
The following files were created in the system:%APPDATA%\Protector-wrkf.exe
File name: Protector-wrkf.exeSize: 2.05 MB (2050560 bytes)
MD5: 827b16a54ece3c5fb75a4b1a68d72b19
Detection count: 88
File type: Executable File
Mime Type: unknown/exe
Path: %APPDATA%
Group: Malware file
Last Updated: March 21, 2012
%AppData%\NPSWF32.dll
File name: %AppData%\NPSWF32.dllFile type: Dynamic link library
Mime Type: unknown/dll
Group: Malware file
%AppData%\result.db
File name: %AppData%\result.dbMime Type: unknown/db
Group: Malware file
%AppData%\Protector-[RANDOM CHARACTERS].exe
File name: %AppData%\Protector-[RANDOM CHARACTERS].exeFile type: Executable File
Mime Type: unknown/exe
Group: Malware file
%Desktop%\Windows Guardian Angel.lnk
File name: %Desktop%\Windows Guardian Angel.lnkFile type: Shortcut
Mime Type: unknown/lnk
Group: Malware file
%StartMenu%\Programs\Windows Guardian Angel.lnk
File name: %StartMenu%\Programs\Windows Guardian Angel.lnkFile type: Shortcut
Mime Type: unknown/lnk
Group: Malware file
Registry Modifications
HKEY..\..\{Value}HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableRegedit" = 0HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableTaskMgr" = 0HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableRegistryTools" = 0HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "WarnOnHTTPSToHTTPRedirect" = 0HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings "ID" = 4HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings "net" = 2012-2-20_1HKEY..\..\..\..{Subkeys}HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\[RANDOM CHARACTERS].exeHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\..{RunKeys}HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "Inspector"
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.