Home Malware Programs Rogue Anti-Spyware Programs Windows Guardian Angel

Windows Guardian Angel

Posted: March 20, 2012

Threat Metric

Threat Level: 10/10
Infected PCs: 74
First Seen: March 20, 2012
OS(es) Affected: Windows

Windows Guardian Angel Screenshot 1Windows Guardian Angel is a fake anti-virus product that uses inaccurate system information as a way to force you to spend money on the full version of its software, which is equally fraudulent as its free version. Because Windows Guardian Angel isn't able to hold true to any of its promises of security features, SpywareRemove.com malware experts recommend that you treat Windows Guardian Angel as a garden-variety pest and remove Windows Guardian Angel with appropriate anti-malware software. You may want to do this in short order, since PC threats from Windows Guardian Angel's family have a reputation for causing browser redirects and blocking real security programs, either of which will leave your PC vulnerable to additional attacks.

Windows Guardian Angel: a Devil in Disguise for Your PC's Safety

From a cursory inspection, Windows Guardian Angel looks like a safe and full-featured anti-virus program, but this is strictly due to Windows Guardian Angel having copied most of its appearance from a version of Windows Security Center. Windows Guardian Angel can easily afford to tack on many other features that Security Center lacks for the simple reason that these extra features are fraudulent and don't have any purpose except to mislead you about your computer's health. Windows Guardian Angel, unlike a real anti-virus scanner, will display results that list nonexistent infections, as well as pop-ups with inaccurate error messages.
While Windows Guardian Angel goes to all this effort to encourage you to purchase a registered version of its software, SpywareRemove.com malware analysts recommend that you do anything but that. Since Windows Guardian Angel doesn't have legitimate security functions, there's no reason to purchase Windows Guardian Angel, even if you're just trying to make it easy to remove Windows Guardian Angel (a process that can be accomplished by any reasonably competent anti-malware program).

Surveying the Rest of Windows Guardian Angel's Fellow Imps

Windows Guardian Angel, as a member of FakeVimes, can also be thought of as a clone of such notorious rogue anti-virus programs as Privacy Guard Pro, PrivacyGuard Pro 2.0, Extra Antivirus, Fast Antivirus 2009, Presto TuneUp, Windows Security Suite, Smart Virus Eliminator, Packed.Generic.245, Volcano Security Suite, Windows Enterprise Suite, Enterprise Suite, Additional Guard, Live PC Care, PC Live Guard, Live Enterprise Suite, Security Antivirus, My Security Wall, CleanUp Antivirus and Smart Security. Since they're visually identical to each other, SpywareRemove.com malware researchers note that there should be little difficulty in identifying relatives of Windows Guardian Angel and deleting them with appropriate software whenever necessary.

Scamware from Windows Guardian Angel's family may also utilize other attacks that harm your computer until they're removed. SpywareRemove.com malware researchers have found that these attacks can include browser redirects and blockades erected against wide ranges of popular security products. If you need to access a security program that's being blocked, you can disable all PC threats, such as Windows Guardian Angel, by booting into Safe Mode, which will give you an optimal environment for scanning your PC.

Windows Guardian Angel Screenshot 2Windows Guardian Angel Screenshot 3Windows Guardian Angel Screenshot 4Windows Guardian Angel Screenshot 5Windows Guardian Angel Screenshot 6Windows Guardian Angel Screenshot 7Windows Guardian Angel Screenshot 8Windows Guardian Angel Screenshot 9Windows Guardian Angel Screenshot 10

Technical Details

File System Modifications

Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.

The following files were created in the system:



%APPDATA%\Protector-wrkf.exe File name: Protector-wrkf.exe
Size: 2.05 MB (2050560 bytes)
MD5: 827b16a54ece3c5fb75a4b1a68d72b19
Detection count: 88
File type: Executable File
Mime Type: unknown/exe
Path: %APPDATA%
Group: Malware file
Last Updated: March 21, 2012
%AppData%\NPSWF32.dll File name: %AppData%\NPSWF32.dll
File type: Dynamic link library
Mime Type: unknown/dll
Group: Malware file
%AppData%\result.db File name: %AppData%\result.db
Mime Type: unknown/db
Group: Malware file
%AppData%\Protector-[RANDOM CHARACTERS].exe File name: %AppData%\Protector-[RANDOM CHARACTERS].exe
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
%Desktop%\Windows Guardian Angel.lnk File name: %Desktop%\Windows Guardian Angel.lnk
File type: Shortcut
Mime Type: unknown/lnk
Group: Malware file
%StartMenu%\Programs\Windows Guardian Angel.lnk File name: %StartMenu%\Programs\Windows Guardian Angel.lnk
File type: Shortcut
Mime Type: unknown/lnk
Group: Malware file

Registry Modifications

The following newly produced Registry Values are:

HKEY..\..\{Value}HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableRegedit" = 0HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableTaskMgr" = 0HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableRegistryTools" = 0HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "WarnOnHTTPSToHTTPRedirect" = 0HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings "ID" = 4HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings "net" = 2012-2-20_1HKEY..\..\..\..{Subkeys}HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\[RANDOM CHARACTERS].exeHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\..{RunKeys}HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "Inspector"
Loading...