Remove Internet Security Guard. Removal instructions
Internet Security Guard is a rogue anti-spyware program from the same family as Home Security Solutions scamware. If you are using Microsoft Security Essentials, you will notice right away that this fake anti-spwyare is a clone of MSE, with some minor changes though. Internet Security Guard is rogue in many aspects. It’s promoted via spam websites and fake online virus scanners. Scammers take advantage of software vulnerabilities too. A certain number of internet users may install this malware thinking it a real deal but it’s not. Once installed, Internet Security Guard performs fake system scans and states that your computer is at danger. This rogue anti-spyware creates numerous fake files and later detects those files as infections. That’s why it detects almost the exact infections on different computers. Those files are harmless though.
To make the situation even worse, Internet Security Guard displays fake security alerts and pop-ups saying that your computer is infected with dangerous spyware that can steal your credit card information and other important data. Scare tactics are know to work just fine and scare many users into thinking their computers are infected. Do not trust Internet Security Guard and just ignore those fake security alerts. A few fake security alerts you will be presented with while your computer is infected with Internet Security Guard malware:
Address space conflict Warning!
Access conflict detected
An unidentified program is trying to access system process address space.
System Message
Your PC may still be infected with dangerous viruses. Internet Security Guard protection is needed to prevent data loss and avoid theft of your personal data and credit card details. Click here to activate protection.
Memory access problem
WindowsErrorForm has encountered a problem at address 0x1FC408.
We are sorry for the inconvenience.
If your computer is infected with this rogue anti-spyware program, use the removal guide below. Internet Security Guard blocks anti-virus programs and system tools. If you can’t open anything, you can use fake registration keys K7LY-R5GU-SI9D-EVFB or U2FD-S2LA-H4KA-UEPB to activate the rogue program. Once activated, it won’t block anti-virus and anti-spyware software. To remove Internet Security Guard from your PC, use removal instructions below. You can also scan your computer with anti-rootkit tool to make sure your PC is not infected with a rootkit.
Internet Security Guard snapshot:
Automatic Internet Security Guard removal:
(2012-01-16 03:17:03)
(2012-01-16 03:17:03)
Internet Security Guard manual removal:
Kill processes:
ISb86.exe
how to kill malicious processes
Delete registry values:
HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes
HKEY_CURRENT_USER\Software\3
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun
HKEY_CLASSES_ROOT\CLSID\{3F2BBC05-40DF-11D2-9455-00104BC936FF}
HKEY_CLASSES_ROOT\IS9c5_8027.DocHostUIHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\_avp32.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ackwin32.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\adaware.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\av360.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\McSACore.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\zapsetup3001.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\zatutor.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\zonalm2601.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\zonealarm.exe
HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes “URL” = “http://findgala.com/?&uid=8027&q={searchTerms}”
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer “PRS” = “http://127.0.0.1:27777/?inj=%ORIGINAL%”
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download “RunInvalidSignatures” = “1”
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform “879905773703”
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform “feed/7.1.08027”
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer “DisallowRun” = “1”
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun “0” = “msseces.exe”
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun “1” = “MSASCui.exe”
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun “10” = “avgscanx.exe”
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun “11” = “avgcfgex.exe”
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun “12” = “avgemc.exe”
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun “13” = “avgchsvx.exe”
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun “14” = “avgcmgr.exe”
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun “15” = “avgwdsvc.exe”
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun “3” = “egui.exe”
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun “4” = “avgnt.exe”
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun “5” = “avcenter.exe”
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun “6” = “avscan.exe”
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun “7” = “avgfrw.exe”
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun “8” = “avgui.exe”
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun “9” = “avgtray.exe”
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “Internet Security Guard”
HKEY_CLASSES_ROOT\Software\Microsoft\Internet Explorer\SearchScopes “URL” = “http://findgala.com/?&uid=8027&q={searchTerms}”
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download “CheckExeSignatures” = “no”
how to remove registry entries
Delete files:
%AppData%\Internet Security Guard\ %AppData%\Internet Security Guard\cookies.sqlite %AppData%\Internet Security Guard\Instructions.ini %AppData%\Microsoft\Internet Explorer\Quick Launch\Internet Security Guard.lnk %CommonAppData%\85f26\ %CommonAppData%\85f26\ISb86.exe %CommonAppData%\85f26\ISG.ico %CommonAppData%\ISEUG\ %CommonAppData%\ISEUG\ISKIYFOAG.cfg %UserProfile%\Desktop\Internet Security Guard.lnk %UserProfile%\Recent\ANTIGEN.exe %UserProfile%\Recent\cb.drv %UserProfile%\Recent\CLSV.dll %UserProfile%\Recent\eb.dll %UserProfile%\Recent\energy.exe %UserProfile%\Recent\energy.tmp %UserProfile%\Recent\fan.sys %UserProfile%\Recent\fix.sys %UserProfile%\Recent\FW.drv %UserProfile%\Recent\gid.dll %UserProfile%\Recent\PE.exe %UserProfile%\Recent\ppal.sys %UserProfile%\Recent\SICKBOY.tmp %UserProfile%\Recent\sld.sys %UserProfile%\Recent\SM.dll %UserProfile%\Recent\SM.exe %UserProfile%\Recent\snl2w.drv %UserProfile%\Recent\tjd.tmp %UserProfile%\Start Menu\Internet Security Guard.lnk %UserProfile%\Start Menu\Programs\Internet Security Guard.lnk
how to remove harmful files
Information updated: 2012-01-16 03:32:18