Security /Antispyware /AntiMalware /Guard rogue family. How to get rid of Fake Security /Antispyware /AntiMalware /Guard anti-viruses for Win 7, XP or Vista OS

1 Star2 Stars3 Stars4 Stars5 Stars (No Ratings Yet)

It is of our utmost importance to emphasize your attention on one more family of irritating rogue tools. They all penetrate to PCs via a range of malicious Trojans that infiltrate PC and then install fake antivirus tools that substitute their name later on depending on what OS is currently running. By the way, nowadays there are nearly 27 of them or so, it could be even more than that figure. All these viruses persuade users in Administration mode (this is the case with Vista or windows 7) due to the fact that they claim to be some security update developed by Microsoft Corporation. This in result hugely affects the PC and considerably prevents from deletion of these viruses and their exe processes.

Multi Rogue
Multi Rogue

Bear in mind that you may face some alerts that are faked as coming from Microsoft on several scenarios. Initially, after infection they will try to convince you to install parasite using administrative mode. Afterwards, the alert might indicate that you are surfing some corrupted sites that represent threat to your security. And it is not a surprise at all that these parasites would be distributed by means of spam emails, etc.

After “installation” of program skin almost all operations of PC will be blocked by fake antivirus program, depending on which OS is running on your machine. They may have the following names: XP or Windows 7 AntiSpyware, AntiMalware, Security or simply Guard. Different names may be applied, but it is generally same virus that should be uninstalled by all means.

Vista Antivirus Pro 2010Vista Internet Security 2010Win7 Antispyware 2010Win7 Internet Security 2010

The table given below is a general summary of the most known rogues of this family:

XPVistaWin 7
XP Antispyware 2011 or XP AntispywareVista Antispyware 2011 or Vista AntispywareWin 7 Antispyware 2011 or Win 7 Antispyware
XP Security 2011 or XP SecurityVista Security 2011 or Vista SecurityWin 7 Security 2011 or Win 7 Security
XP Internet Security 2011 or XP Internet SecurityVista Internet Security 2011 or Vista Internet SecurityWin 7 Internet Security 2011 or Win 7 Internet Security
XP Antimalware 2011 or XP AntiMalwareVista Antimalware 2011 or Vista AntiMalwareWin 7 Antimalware 2011 or Win 7 AntiMalware
XP GuardVista GuardWin 7 Guard

Please know that all these fake anti-viruses are not really different from one another, as already mentioned. This is why they apply single main executable file called pw.exe. Important!!! Recently it became known that this file may be modified, and it may also bear the name vz.exe . However, whatever the case might be, once the PC is infected with any of these viruses almost all functions of PC will be blocked, this is why it is might be really hard to remove this junkware from your computer. Beyond any doubt you should not purchase these application. Because they are all just typical scareware that aims to rob you.

Another peculiarity of these rogues is that they block access to most of internet sites you want to browse through. This is all done for the only purpose – to prevent you from downloading reputable anti-virus tools and finding the solution for removal of the above-mentioned junk.

We strongly recommend you to benefit from using a decent anti-virus and anti-malware tool to entirely remove the above-mentioned viruses from your workstation. Please take heed to the removal guidelines provided below.

Rogue family automatic remover:

Rogue family manual removal guide:

Delete Rogue family files:
%UserProfile%\Local Settings\Application Data\opRSK
%UserProfile%\Local Settings\Application Data\pw.exe
%UserProfile%\Local Settings\Application Data\vz.exe
%UserProfile%\Local Settings\Application Data\MSASCui.exe
Delete Rogue family registry entries:
HKCU\Software\Classes\.exe\shell\open\command “(Default)” = “%UserProfile%\Local Settings\Application Data\pw.exe” /START “%1” %*
HKCU\Software\Classes\pezfile\shell\open\command “(Default)” = “%UserProfile%\Local Settings\Application Data\pw.exe” /START “%1” %*
HKCU\Software\Classes\.exe\shell\open\command “(Default)” = “%UserProfile%\Local Settings\Application Data\vz.exe” /START “%1” %*
HKCU\Software\Classes\pezfile\shell\open\command “(Default)” = “%UserProfile%\Local Settings\Application Data\vz.exe” /START “%1” %*
HKCR\.exe\shell\open\command “(Default)” = “%UserProfile%\Local Settings\Application Data\pw.exe” /START “%1” %*
HKCR\pezfile\shell\open\command “(Default)” = “%UserProfile%\Local Settings\Application Data\pw.exe” /START “%1” %*
HKCR\.exe\shell\open\command “(Default)” = “%UserProfile%\Local Settings\Application Data\vz.exe” /START “%1” %*
HKCR\pezfile\shell\open\command “(Default)” = “%UserProfile%\Local Settings\Application Data\vz.exe” /START “%1” %*
HKLM\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command “(Default)” = “%UserProfile%\Local Settings\Application Data\pw.exe” /START “C:\Program Files\Mozilla Firefox\firefox.exe”
HKLM\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command “(Default)” = “%UserProfile%\Local Settings\Application Data\pw.exe” /START “C:\Program Files\Mozilla Firefox\firefox.exe” -safe-mode
HKLM\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command “(Default)” = “%UserProfile%\Local Settings\Application Data\pw.exe” /START “C:\Program Files\Internet Explorer\iexplore.exe”
HKLM\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command “(Default)” = “%UserProfile%\Local Settings\Application Data\vz.exe” /START “C:\Program Files\Mozilla Firefox\firefox.exe”
HKLM\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command “(Default)” = “%UserProfile%\Local Settings\Application Data\vz.exe” /START “C:\Program Files\Mozilla Firefox\firefox.exe” -safe-mode
HKLM\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command “(Default)” = “%UserProfile%\Local Settings\Application Data\vz.exe” /START “C:\Program Files\Internet Explorer\iexplore.exe”
HKLM\SOFTWARE\Microsoft\Security Center “AntiVirusOverride” = “1”
HKLM\SOFTWARE\Microsoft\Security Center “FirewallOverride” = “1”

(Visited 199 times, 1 visits today)

Related posts:

3 thoughts on “Security /Antispyware /AntiMalware /Guard rogue family. How to get rid of Fake Security /Antispyware /AntiMalware /Guard anti-viruses for Win 7, XP or Vista OS

  1. Thanks a lot, it’s really working well, and this is the only one I found working well and freely available. Thanks so much!

  2. Люди!!!!!! Для кого вы это объясняете??? Ничего же не понятно!!!! И пробдема не исчезает!!!

Leave a Comment