GuardWWW is rogue antispyware application from the same WiniGuard family of rogues as MyPcSecure, PcSecureNet, etc. The program is distributed from malicious web sites through the use of trojans, which usually pretend to be flash player updates or even video codecs required to watch a video online.
When the trojan is started, it will download and install the fake antispyware application and register it in the Windows registry to run automatically when you logon into Windows. The same trojan will also create numerous files with random names in Windows system folders, which later during the scan, GuardWWW will detect as infections. Then it will ask you to purchase a full version of the program to remove them. This is of course nothing more but a scam, all of these “infections” are fake and cannot harm you computer! So you can safely ignore the scan results that GuardWWW shows you.
What is more, the same trojan that installs GuardWWW will also download and install two another trojans. First trojan is a trojan FakeAlert that will display various fake security alert and notifications from Windows task bar and a screen that pretend to be the legit Windows Security Center, with one exception, it will suggest you register the rogue. The fake alerts stats:
Security Center Alert!
Your computer being attacked by an Internet
Virus. It could be a password-stealing attack,
a trojan-dropper or simular.
Do you want GuardWWW to block this attack?
Your computer is infected with spyware. It could damage your
critical files or expose your private data on the Internet. Click
here to register your copy of GuardWWW and remove
spyware threats from your PC.
Of course, all of these alerts and warnings are fake and you should ignore them! Second trojan is a variant of trojan/rootkit TDSS. The trojan may redirect search results in Google, Yahoo, MSN, block an access to security websites and much more.
As you can see, GuardWWW is designed with one purpose to scare you into thinking that your computer in danger as method to trick you into purchasing the full version of the program. If your computer is infected with this malware, then most importantly, do not purchase it! Uninstall the rogue from your PC as soon as possible. Use the removal guide below to remove GuardWWW from the system for free.
More screen shoots of GuardWWW
Symptoms in a HijackThis Log
O4 – HKCU\..\Run: [
Use the following instructions to remove GuardWWW (Uninstall instructions)
Download TDSSKiller from here and unzip to your desktop.
Open TDSSKiller folder and double click the TDSSKiller icon. When the scan is finished, you will see window similar to the one below.
TDSS trojan remover
Close all programs and press Y key.
Download MalwareBytes Anti-malware (MBAM). Close all programs and Windows on your computer.
Double Click mbam-setup.exe to install the application. When the installation begins, keep following the prompts in order to continue with the installation process. Do not make any changes to default settings and when the program has finished installing, make sure a checkmark is placed next to Update Malwarebytes’ Anti-Malware and Launch Malwarebytes’ Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded you will see window similar to the one below.
Malwarebytes Anti-Malware Window
Select Perform Quick Scan, then click Scan, it will start scanning your computer for GuardWWW infection. This procedure can take some time, so please be patient.
When the scan is complete, click OK, then Show Results to view the results. You will see a list of infected items similar as shown below. Note: list of infected items may be different than what is shown in the image below.
Malwarebytes Anti-malware, list of infected items
Make sure that everything is checked, and click Remove Selected for start GuardWWW removal process. When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.
Note: if you need help with the instructions, then post your questions in our Spyware Removal forum.
GuardWWW creates the following files and folders
C:\Documents and Settings\All Users\Start Menu\Programs\GuardWWW
C:\Program Files\GuardWWW Software
C:\Program Files\GuardWWW Software\GuardWWW
C:\Program Files\GuardWWW Software\GuardWWW\GuardWWW.exe
C:\Documents and Settings\All Users\Start Menu\Programs\GuardWWW\1 GuardWWW.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\GuardWWW\2 Homepage.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\GuardWWW\3 Uninstall.lnk
C:\Program Files\GuardWWW Software\GuardWWW\uninstall.exe
C:\Documents and Settings\All Users\Desktop\GuardWWW.lnk
GuardWWW creates the following registry keys and values
Spyware can do the following:
1. gather information about user habits of use of the Internet, what sites are visited most frequently (known as “tracking software”);
2. record keystrokes (keyloggers) and make a screenshots (screen scraper) and send collected data to the creator of the spyware;
3. remotely control user computer (remote control software) – backdoor, botnets, droneware;
4. download and run on user computer an additional malware;
5. analyze the state of security systems, scan an open ports, and look for vulnerabilities to crack passwords;