Home Malware Programs Rogue Anti-Spyware Programs PC Security Guardian

PC Security Guardian

Posted: May 5, 2011

PC Security Guardian is a rogue security program that infects new computers through the use of fake online scanners hosted at malicious websites. Once PC Security Guardian infects your computer, PC Security Guardian will run automatically and create fake infection alerts and other warnings to nudge you along the path towards purchasing a PC Security Guardian activation key. Despite this, PC Security Guardian has no real anti-malware features and can only create false positives. You may also experience other problems like browser hijacks and unusual behavior from other applications, and for all of these reasons it's suggested that you delete PC Security Guardian by using a good anti-malware scanner.

The Guardian That Stabs You in the Back

PC Security Guardian is noted to proliferate through the use of malicious websites that wrongfully present PC Security Guardian to be a helpful anti-malware program. These websites may use fake online scanner displays to trick you into believing that your PC has infections that require PC Security Guardian to be removed.

PC Security Guardian is also a copy of very similar rogue security programs like Personal Internet Security 2011 and Best Malware Protection. Besides a few minor graphics differences and different names, they can each be considered the same hostile program.

Along with fake system scans, PC Security Guardian may create fake alerts and warnings like the following:

Warning
Warning! Virus detected

Warning! Identity theft attempt detected
Hidden connection IP: 128.154.26.11
Target: Microsoft Corporation keys

System alert
PC Security Guardian has detected potentially harmful software in your system. It is strongly recommended that you register PC Security Guardian to remove all found threats immediately.

System warning
No real-time malware, spyware and virus protection was found. Click here to activate.

ERROR MESSAGE:
Warning
Warning! Virus detected
Threat Detected: Trojan-Spy.HTML.Sunfraud.a

Since PC Security Guardian can't detect real Trojans or other system problems, you should ignore PC Security Guardian's pop-ups and alerts. Sadly, this can be difficult to do, since PC Security Guardian will add entries to your Windows Registry that let PC Security Guardian start by default as soon as you boot up your computer.

How PC Security Guardian Sinks the Knife in Deeper

Other major problems that PC Security Guardian can cause may include, but aren't limited to:

  • The sudden appearance of randomly-named .dll, .sys and .exe files that look like infections but actually do nothing at all. PC Security Guardian creates these trash files to give the appearance of your PC having more infections than it really does have.
  • Web browser hijacking attacks. PC Security Guardian may create fake warnings to stop you from accessing safe websites, redirect you to the PC Security Guardian homepage or change your homepage without your permission.
  • Disabled applications. Many different Windows tools like Task Manager, Regedit, and MSConfig may be disabled along with popular anti-malware scanners.

To put a stop to PC Security Guardian's antics, simply switch over to Safe Mode to stop PC Security Guardian from launching by default. This will let you run the right anti-malware application to remove PC Security Guardian and any related malware. Since PC Security Guardian is a relatively advanced threat, you should try to avoid deleting PC Security Guardian manually unless you have no other options.

If you can't deactivate PC Security Guardian, you may want to register PC Security Guardian with the code 'U2FD-S2LA-H4KA-UEPB,' which will reduce some of the worst attacks.

File System Modifications

  • The following files were created in the system:
    # File Name
    1 %AppData%\PC Security Guardian
    2 %AppData%\PC Security Guardian\cookies.sqlite
    3 %AppData%\PC Security Guardian\Instructions.ini
    4 %CommonAppData%\[RANDOM CHARACTERS]
    5 %CommonAppData%\[RANDOM CHARACTERS]\[RANDOM CHARACTERS]
    6 %CommonAppData%\[RANDOM CHARACTERS]\[RANDOM CHARACTERS].dll
    7 %CommonAppData%\[RANDOM CHARACTERS]\[RANDOM CHARACTERS].exe
    8 %CommonAppData%\[RANDOM CHARACTERS]\[RANDOM CHARACTERS].mof
    9 %CommonAppData%\[RANDOM CHARACTERS]\[RANDOM CHARACTERS].ocx

Registry Modifications

  • The following newly produced Registry Values are:
    HKEY..\..\..\..{Subkeys}HKCU\Software\Microsoft\Internet Explorer\Download "RunInvalidSignatures" = "1"HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings "ProxyServer" = "http=127.0.0.1"HKCU\Software\Microsoft\Windows\CurrentVersion\Run "PC Security Guardian"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options "Debugger" = "svchost.exe"HKEY..\..\..\..{RegistryKeys}HKCR\PersonalSS.DocHostUIHandler

Additional Information on PC Security Guardian

  • The following messages's were detected:
    # Message
    1 System alert
    PC Security Guardian has detected potentially harmful software in
    your system. It is strongly recommended that you register
    PC Security Guardian to remove all found threats immediately.
    2 System warning
    No real-time malware, spyware and virus protection was
    found. Click here to activate.
    3 Warning! Identity theft attempt detected
    Hidden connection IP: 128.154.26.11
    Target: Microsoft Corporation keys
    4 Warning
    Warning! Virus detected
Loading...