protectguru.com is a malicious site, which is created and managed by the creators of the program called Antivirus Soft. This applucation is a malware that also known as rogue antispyware program. The rogue is promoted and installed onto computer with the help of trojans. During installation, Antivirus Soft configures your browser (Internet Explorer) in such a way that it can redirect you to the protectguru.com.
Thus, when you open any site, instead it will display a page from the protectguru.com, which reported that a visit to open the site is dangerous, because it contains malicious exploits that can launch a virus on your computer. This warning is nothing but a fake, so you can safely ignore it.
Obviously, you can not trust neither the protectguru.com website nor its affiliate Antivirus Soft. These two created with one purpose, to trick you into purchasing the full version of the fake antispyware program. Do not waste your time and money and in any case do not buy anything from protectguru.com! Use the following removal instructions to remove protectguru.com hijacker and its related Antivirus Soft rogue antispyware program.
Symptoms in a HijackThis Log
O4 – HKLM\..\Run: [RANDOM] %UserProfile%\Local Settings\Application Data\[RANDOM]\[RANDOM]sysguard.exe
O4 – HKCU\..\Run: [RANDOM] %UserProfile%\Local Settings\Application Data\[RANDOM]\[RANDOM]sysguard.exe
O4 – HKLM\..\Run: [RANDOM] %UserProfile%\Local Settings\Application Data\[RANDOM]\[RANDOM]ftav.exe
O4 – HKCU\..\Run: [RANDOM] %UserProfile%\Local Settings\Application Data\[RANDOM]\[RANDOM]ftav.exe
Use the following instructions to remove protectguru.com hijacker and its related Antivirus Soft
Step 1.
Download HijackThis from here. Once Save dialog opens, please rename HijackThis.exe to iexplore.exe as shown below.
Save Dialog – HijackThis.exe
Save Dialog – iexplore.exe
Click Save button to save it.
Doubleclick on the iexplore.exe to run HijackThis. HijackThis main menu opens.
Click “Do a system scan only” button. Look for lines that looks like:
R1 – HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5555
O4 – HKLM\..\Run: [arlsknkw] C:\Documents and Settings\user\Local Settings\Application Data\lqtwnu\wqcmsysguard.exe
O4 – HKCU\..\Run: [arlsknkw] C:\Documents and Settings\user\Local Settings\Application Data\lqtwnu\wqcmsysguard.exe
O4 – HKLM\..\Run: [vcspymsv] C:\Documents and Settings\user\Local Settings\Application Data\vcspymsv\qweqftav.exe
O4 – HKCU\..\Run: [udcqinjy] C:\Documents and Settings\user\Local Settings\Application Data\udcqinjy\sdfdftav.exe
Note: list of infected items may be different, but all of them have “sysguard.exe” or “ftav.exe” part in a right side and “O4″ in a left side.
Place a checkmark against each of them. Once you have selected all entries, close all running programs then click once on the “fix checked” button. Close HijackThis.
Step 2.
Download MalwareBytes Anti-malware (MBAM). Once downloaded, close all programs and windows on your computer.
Double-click on the icon on your desktop named mbam-setup.exe. This will start the installation of MalwareBytes Anti-malware onto your computer. When the installation begins, keep following the prompts in order to continue with the installation process. Do not make any changes to default settings and when the program has finished installing, make sure a checkmark is placed next to “Update Malwarebytes’ Anti-Malware” and Launch “Malwarebytes’ Anti-Malware”. Then click Finish.
MalwareBytes Anti-malware will now automatically start and you will see a message stating that you should update the program before performing a scan. If an update is found, it will download and install the latest version.
As MalwareBytes Anti-malware will automatically update itself after the install, you can press the OK button to close that box and you will now be at the main menu. You will see window similar to the one below.
Malwarebytes Anti-Malware Window
Make sure the “Perform quick scan” option is selected and then click on the Scan button to start scanning your computer for protectguru.com hijacker and its related Antivirus Soft infection. This procedure can take some time, so please be patient.
When the scan is finished a message box will appear that it has completed scanning successfully. Click OK. Now click “Show Results”. You will see a list of infected items similar as shown below.
Note: list of infected items may be different than what is shown in the image below.
Malwarebytes Anti-malware, list of infected items
Make sure all entries have a checkmark at their far left and click “Remove Selected” button to removeprotectguru.com hijacker and its related Antivirus Soft. MalwareBytes Anti-malware will now remove all of associated protectguru.com hijacker and its related Antivirus Soft files and registry keys and add them to the programs’ quarantine. When MalwareBytes Anti-malware has finished removing the infection, a log will open in Notepad and you may be prompted to Restart.
Note 1: if you can not download, install, run or update Malwarebytes Anti-malware, then follow the steps: Malwarebytes won`t install, run or update – How to fix it.
Note 2: if you need help with the instructions, then post your questions in our Spyware Removal forum.
Note 3: your current antispyware and antivirus software let the infection through ? Then you may want to consider purchasing the FULL version of MalwareBytes Anti-malware to protect your computer in the future.
protectguru.com hijacker and its related Antivirus Soft creates the following files and folders
%UserProfile%\Local Settings\Application Data\[RANDOM]
%UserProfile%\Local Settings\Application Data\[RANDOM]\[RANDOM]sysguard.exe
%UserProfile%\Local Settings\Application Data\[RANDOM]\[RANDOM]ftav.exe
protectguru.com hijacker and its related Antivirus Soft creates the following registry keys and values
HKEY_CURRENT_USER\Software\AvScan
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\[RANDOM]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\[RANDOM]
