Guard Online

Like other examples of the OpenCloud AV family, Guard Online may have a slightly different appearance, but its shell swap doesn't hide its fake infection warnings, software-blocking behavior and other types of fraudulent features. Unlike real security programs, Guard Online actually reduces your computer's security by hindering anti-malware programs and presenting false information about your PC's state of health. Guard Online may also be accompanied by rootkits, most notably, ZeroAccess, which will make deleting Guard Online an even more arduous job than normally, but SpywareRemove.com malware experts have found that appropriate anti-malware strategies and software can be applied to remedy both problems. Until you've removed Guard Online from your PC, you should be particularly careful to avoid contact with Guard Online-affiliated sites, since Guard Online will attempt to steal your credit card information for fraudulent charges.

Guard Online: A Darker Side of an Older Problem

Guard Online is yet another rehash of code from preexisting software from the same family as OpenCloud Antivirus, OpenCloud Security, Security Guard 2012, WolfRam Antivirus, PC Security Guardian and AV Guard Online (as just a brief selection of examples). Although Guard Online sports a hip black skin, otherwise, its appearance and, more importantly, its functions are identical to those of these previously-confirmed to be fraudulent programs. Guard Online, although it pretends to be a useful security program, has no real security features, and will always announce that your PC is 'at risk' while simultaneously creating fake alerts for trojans such as Trojan-Downloader.JS.Agent and Trojan-Downloader.JS.Remora.

Most Guard Online infections happen after you've visited a compromised site that installs Guard Online in a concealed way, either through a fake software update or hidden drive-by-download scripts. However, there's no mistaking when Guard Online is on your PC; SpywareRemove.com malware analysts have found that it uses error messages that are similar to the following examples to bludgeon itself into visibility:

Security Warning
There are critical system files on your computer that were modified by malicious software.
It may cause permanent data loss.
Click here to remove malicious software.

Warning!
The file "firefox.exe" is infected. Running of application is impossible.
Please activate your antivirus software.

Warning! Infection found
Unauthorized sending E-MAIL with subject "RE:" to [FAKE EMAIL] was CANCELLED.

svchost.exe
svchost.exe was replaced with unauthorized program.
It has encountered a problem and needs to close.
If you were in the middle of something, the information you were working on might be lost.
Please tell Microsoft about this problem.
We have created an error report that you can send to us. We will treat this report as confidential and anonymous.

Warning! Infection found
Unwanted software (malware) or tracking cookies have been found during last scan. It is highly recommended to remove it from your computer.
Keylogger Zeus was detected and put in quarantine.
Keylogger Zeus is a very dangerous software used by criminals to steal personal data such as credit card information, access to banking accounts, passwords to social networks and e-mails.

Security Warning
Malicious programs that may steal your private information and prevent your system from working properly are detected on your computer.
Click here to clean your PC immediately.

Windows Security Alert
To help protect your computer, Windows Firewall has blocked some features of this program.
Do you want to keep blocking this program?
Name: Zeus Trojan
Publisher: Unauthorized

Security Warning
Your computer continues to be infected with harmful viruses. In order to prevent permanent loss of your information and credit card data theft please activate your antivirus software. Click here to enable protection.

Warning: Infection is Detected
Windows has found spyware infection on your computer!
Click here to update your Windows antivirus software

Warning: Spyware Detected
Windows has found spy programs running on your computer!
Click here to update your Windows antivirus software

Windows Security Center
Serious security vulnerabilities were detected on this computer. Your privacy and personal data may be unsafe. Do you want to protect your PC?

How You Can Be a Real Guard for Your PC Against Guard Online Attacks

You can fake a registration process for Guard Online with the code '9992665263.' SpywareRemove.com malware researchers have found this to be useful for reducing the frequency and severity of Guard Online's attacks prior to removal.

SpywareRemove.com malware experts have found that Guard Online does possess several other traits that are likely to make removing Guard Online a challenge, such as:

• Browser hijacker functionality. These hijacks will redirect you to Guard Online's website to encourage you to purchase Guard Online. These attacks may also block access to legitimate PC security websites. Because Guard Online hijacks use changes to your proxy server settings to function and refuse to allow you to undo these setting changes, you should try to remove Guard Online with a suitable anti-malware program before you can put a stop to Guard Online's browser redirects.
• Accompanying programs, such as ZeroAccess, that can shut down security software and anti-malware scanners. Initially, ZeroAccess rootkit will shut down a program by detecting its process; afterwards, it may even change the permissions for the program to prevent you from being able to access it. However, industry standard anti-rootkit strategies, such as usage of Safe Mode and Command Prompt, will let you bypass these attacks.

Technical Details