PC Security Guardian is a fake antivirus program from the Virus Doctor rogues family as Best Malware Protection, Internet Security Essentials, Internet Antivirus 2011, My Security Shield, Security Master AV, etc. The program displays a lot of fake errors messages, prevents softwares execution, hijacks internet browsers in order to trick you into purchasing a license. Remember, the fake antivirus is unable to detect and remove any infections, so do not pay for the bogus software and remove it as soon as it gets to your computer!
PC Security Guardian promoted through the use of advertisement which pretends to be an online malware scanner. This advertisement will state that you computer is infected and all you have to do in order to cure your computer is install the software. Important to know, this online scanner is a fake and cannot detect any viruses or infections on your PC. The results that are displayed are totally fabricated!
Once started, PC Security Guardian will configure itself to run automatically every time when Windows loads. Next, it will add a few entries into the HOSTS file so that when you open Google, Yahoo or Bing, you will be redirected to various misleading websites. The rogue will also create several fake malware files, that absolute harmless but, later during the scan, PC Security Guardian will label them as worms, trojans and viruses. Of course, the scan look realistic and legitimate, you should never trust it! The rogue want to trick you into thinking that your computer in danger and make you believe you must buy the full version of the software. Remember, the program pretends to be an antivirus software, but in reality is unable to detect or remove any infections and nor will be protect you from legitimate future threats. So you can safely ignore the false scan results.
While PC Security Guardian is running, the rogue will block the Windows Task Manager and most antivirus and antispyware tools. Moreover, it will display a variety of fake security warnings and alerts that attempt to make you think your computer is infected with all sorts of malicious software. Some of the alerts are:
PC Security Guardian has detected potentially harmful software in
your system. It is strongly recommended that you register
PC Security Guardian to remove all found threats immediately.
No real-time malware, spyware and virus protection was
found. Click here to activate.
Warning! Identity theft attempt detected
Hidden connection IP: 18.104.22.168
Target: Microsoft Corporation keys
Warning! Virus detected
As you can see, all of these warnings states the same: the system is infected. In case you want to fix it, PC Security Guardian will prompt you to pay money. However, like false scan results above, all of these security messages are just a fake and has been displayed to trick you into purchasing so-called full version of the fake security program. So, you should ignore all of them.
As you can see, the program is a totally scam. It is neither able to detect, nor to remove any threats from the system. PC Security Guardian has been created with one purpose is to steal your money and leave you in a trouble. Thus, do not be fooled into buying the program! Instead of doing so, follow the removal guidelines below in order to remove PC Security Guardian and any associated malware from your computer for free.
Symptoms in a HijackThis Log
O4 – HKCU\..\Run: [PC Security Guardian] “C:\Documents and Settings\All Users\Application Data\8eb0d6\PS8eb_2328.exe” /s /d
Automatic removal instructions for PC Security Guardian
Step 1. Reboot your computer in Safe mode with networking
Restart your computer.
After hearing your computer beep once during startup, start pressing the F8 key on your keyboard. On a computer that is configured for booting to multiple operating systems, you can press the F8 key when the Boot Menu appears.
Instead of Windows loading as normal, Windows Advanced Options menu appears similar to the one below.
Windows Advanced Options menu
When the Windows Advanced Options menu appears, select Safe mode with networking and then press ENTER.
Step 2. Reset proxy settings of Internet Explorer
Run Internet Explorer, Click Tools -> Internet Options as as shown in the screen below.
Internet Explorer – Tools menu
You will see window similar to the one below.
Internet Explorer – Internet options
Select Connections Tab and click to Lan Settings button. You will see an image similar as shown below.
Internet Explorer – Lan settings
Uncheck “Use a proxy server” box. Click OK to close Lan Settings and Click OK to close Internet Explorer settings.
Step 3. Remove PC Security Guardian associated malware
Download MalwareBytes Anti-malware (MBAM). Once downloaded, close all programs and windows on your computer.
Double-click on the icon on your desktop named mbam-setup.exe. This will start the installation of MalwareBytes Anti-malware onto your computer. When the installation begins, keep following the prompts in order to continue with the installation process. Do not make any changes to default settings and when the program has finished installing, make sure a checkmark is placed next to “Update Malwarebytes’ Anti-Malware” and Launch “Malwarebytes’ Anti-Malware”. Then click Finish.
MalwareBytes Anti-malware will now automatically start and you will see a message stating that you should update the program before performing a scan. If an update is found, it will download and install the latest version.
As MalwareBytes Anti-malware will automatically update itself after the install, you can press the OK button to close that box and you will now be at the main menu. You will see window similar to the one below.
Malwarebytes Anti-Malware Window>
Make sure the “Perform quick scan” option is selected and then click on the Scan button to start scanning your computer for PC Security Guardian associated malware. This procedure can take some time, so please be patient.
When the scan is finished a message box will appear that it has completed scanning successfully. Click OK. Now click “Show Results”. You will see a list of infected items similar as shown below.
Note: list of infected items may be different than what is shown in the image below.
Make sure all entries have a checkmark at their far left and click “Remove Selected” button to remove PC Security Guardian. MalwareBytes Anti-malware will now remove all of associated PC Security Guardian files and registry keys and add them to the programs’ quarantine. When MalwareBytes Anti-malware has finished removing the infection, a log will open in Notepad and you may be prompted to Restart.
Step 4. Reset HOSTS file
PC Security Guardian may change the Windows system HOSTS file so you need reset this file with the default version for your operating system.
Please download OTM by OldTimer from here and save it to desktop. Run OTM, copy, then paste the following text in “Paste Instructions for Items to be Moved” textarea (under the yellow bar):
Click the red Moveit! button. Close OTM.
PC Security Guardian removal notes
Note 1: if you can not download, install, run or update Malwarebytes Anti-malware, then follow the steps: Malwarebytes won`t install, run or update – How to fix it.
Note 2: if you need help with the instructions, then post your questions in our Spyware Removal forum.
Note 3: your current antispyware and antivirus software let the infection through ? Then you may want to consider purchasing the FULL version of MalwareBytes Anti-malware to protect your computer in the future.
PC Security Guardian creates the following files and folders
%UserProfile%\Application Data\PC Security Guardian
%UserProfile%\Application Data\PC Security Guardian\cookies.sqlite
%UserProfile%\Desktop\PC Security Guardian.lnk
%UserProfile%\Start Menu\PC Security Guardian.lnk
%UserProfile%\Application Data\PC Security Guardian\Instructions.ini
%UserProfile%\Start Menu\Programs\PC Security Guardian.lnk
%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch\PC Security Guardian.lnk
C:\Documents and Settings\All Users\Application Data\[RANDOM]
PC Security Guardian creates the following registry keys and values
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run | PC Security Guardian