Internet Security Guard Removal Process

Protect Yourself from Internet Security Guard

- Remove rogue anti-spyware/anti-virus programs
- Prevent trojans, hijackers & other malware infections
- Use spyware helpdesk to resolve pesky malware

Start Your Scan Now to Detect Internet Security Guard

Internet Security Guard is a fake antivirus software program. It resembles a legitimate antivirus program but instead of detecting harmful infections on your computer and removing them, Internet Security Guard poses a threat to your PC in its own right.

Internet Security Guard will typically infect your PC when you visit a malicious website, when you click on a malware-laced banner advertisement or when you open an infected attachment from a spam email.

Internet Security Guard has been designed to resemble Microsoft security programs such as Microsoft Security Essentials to convince users of its authenticity. Internet Security Guard’s purpose is to trick users into believing that they need it because their computer is under threat and to buy its full version. Internet Security Guard may appear legitimate, but it is really a scam. Once this malicious software is installed in your hard drive, it is tricky to remove. It buries its entries in unexpected locations and efforts to delete the program can result in the deletion of healthy files that are vital to your computer’s smooth operation.

Once embedded, Internet Security Guard has a predefined list of malware names that will later show when it performs bogus antivirus scans on your computer and “identifies” these malware infections, which ultimately will lead you to believe that your computer is in danger.

Internet Security Guard is a rogue antivirus software from the FakeRean family. Its relations include:

• Anti-Malware Lab
• Best Malware Protection
• Home Safety Essentials
• Home Security Solutions
• Internet Security Suite
• Internet Security Essentials
• My Security Shield
• PC Security Guardian
• Personal Security Sentinel
• Security Antivirus
• Security Guard 2012
• System Smart Security

Once installed on your PC, Internet Security Guard will automatically run every time Windows is launched. It will display false security warnings and alerts such as:

“Attention! Infected files detected! Scan Result: Your computer is infected! Recommended: click “Remove All” button to erase all infected files and protect your PC”.

“System warning
No real-time malware, spyware and virus protection was found. Click here to activate.”

“Warning! Virus detected”

The warnings appear in a series of pop-up windows that will start to clutter your computer screen. These warnings are bogus and are designed with one purpose: to scare you into thinking your computer is under attack and to prompt you to purchase a meaningless “full license” for the software. Internet Security Guard is false and will not identify any real threats. Furthermore, it may block Windows Task Manager and any legitimate antivirus and antispyware tool, create problems for your PC and install further spyware in the process.

Most rogue anti-spyware programs, such as Internet Security Guard, are difficult to remove manually. You should seek assistance to ensure you do not delete healthy files. Also, do not pay any money to Internet Security Guard as this will simply serve to fund the development of yet more spyware.

Are you getting popups from Internet Security Guard? Have you identified that you have Internet Security Guard installed on your computer? Do you wish to remove Internet Security Guard completely from your computer?

Why should you remove Internet Security Guard?

If Internet Security Guard resides on your computer, it can potentially damage your personal files or you may end up losing data stored on your system. Research has shown that Internet Security Guard may have the ability to make your computer vulnerable to remote attacks which could result, initially, in loss of money, possibly identity theft, and, eventually, a painstaking Internet Security Guard removal process.

How can you manually remove Internet Security Guard

Manual removal of Internet Security Guard may not be for everyone. Each manual Internet Security Guard removal step must be followed delicately to completely remove all related files and registry entries from your computer. If you are unsure or have doubts about editing your system registry, then we recommend that you use the automatic Internet Security Guard removal process.

Internet Security Guard can be removed manually by following the steps below.

1. With all programs closed, click the Start Menu and go to the Control Panel.
2. Locate the Add/Remove Programs icon and double click it.
3. Locate Internet Security Guard in the list of programs. If you find it, select it and remove it. If you cannot find Internet Security Guard, you can continue to step 5.
4. Restart your computer.
5. Close all open programs and windows on your desktop.
6. Open your registry editor (regedit) program by going to Start Menu, type in regedit, and click OK.
7. Find all of the following registry entries and delete them. If you do not know how to do this, then you can read how to edit the registry in Windows.
   HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download "CheckExeSignatures" = "no"

   HKEY_CLASSES_ROOT\Software\Microsoft\Internet Explorer\SearchScopes "URL" = "http://findgala.com/?&uid=8027&q={searchTerms}"

   HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer "PRS" = "http://127.0.0.1:27777/?inj=%ORIGINAL%"

   HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download "RunInvalidSignatures" = "1"

   HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform "879905773703"

   HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform "feed/7.1.08027"

   HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer "DisallowRun" = "1"

   HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun "0" = "msseces.exe"

   HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun "1" = "MSASCui.exe"

   HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun "10" = "avgscanx.exe"

   HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun "11" = "avgcfgex.exe"

   HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun "12" = "avgemc.exe"

   HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun "13" = "avgchsvx.exe"

   HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun "14" = "avgcmgr.exe"

   HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun "15" = "avgwdsvc.exe"

   HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun "3" = "egui.exe"

   HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun "4" = "avgnt.exe"

   HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun "5" = "avcenter.exe"

   HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun "6" = "avscan.exe"

   HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun "7" = "avgfrw.exe"

   HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun "8" = "avgui.exe"

   HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun "9" = "avgtray.exe"

   HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes "URL" = "http://findgala.com/?&uid=8027&q={searchTerms}"

   HKEY_CLASSES_ROOT\IS9c5_8027.DocHostUIHandler

   HKEY_CURRENT_USER\Software\3

   HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun

   HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ackwin32.exe

   HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\adaware.exe

   HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\av360.exe

   HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\McSACore.exe

   HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\zapsetup3001.exe

   HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\zatutor.exe

   HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\zonalm2601.exe

   HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\zonealarm.exe

   HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\_avp32.exe

   HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes

   HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "Internet Security Guard"

8. You may need to return to this removal process for removing Internet Security Guard. You can do this easily by bookmarking or adding a favorite to this page by clicking here. If you are using the FireFox web browser you can press the keys Ctrl and D simultaneously to bookmark this page.

   Image 1. Bookmark PCHubs removal process

   

9. Delete all of the following files that are associated with Internet Security Guard from your computer.

   %AppData%\Internet Security Guard

   %AppData%\Internet Security Guard\cookies.sqlite

   %AppData%\Internet Security Guard\Instructions.ini

   %AppData%\Microsoft\Internet Explorer\Quick Launch\Internet Security Guard.lnk

   %CommonAppData%\79b35

   %CommonAppData%\79b35\ISa76.exe

   %CommonAppData%\79b35\ISG.ico

   %CommonAppData%\ISEUG

   %CommonAppData%\ISEUG\ISKIYFOAG.cfg

   %UserProfile%\Desktop\Internet Security Guard.lnk

   %UserProfile%\Recent\ANTIGEN.exe

   %UserProfile%\Recent\cb.drv

   %UserProfile%\Recent\CLSV.dll

   %UserProfile%\Recent\eb.dll

   %UserProfile%\Recent\energy.exe

   %UserProfile%\Recent\energy.tmp

   %UserProfile%\Recent\fan.sys

   %UserProfile%\Recent\fix.sys

   %UserProfile%\Recent\FW.drv

   %UserProfile%\Recent\gid.dll

   %UserProfile%\Recent\PE.exe

   %UserProfile%\Recent\ppal.sys

   %UserProfile%\Recent\SICKBOY.tmp

   %UserProfile%\Recent\sld.sys

   %UserProfile%\Recent\SM.dll

   %UserProfile%\Recent\SM.exe

   %UserProfile%\Recent\snl2w.drv

   %UserProfile%\Recent\tjd.tmp

   %UserProfile%\Start Menu\Internet Security Guard.lnk

   %UserProfile%\Start Menu\Programs\Internet Security Guard.lnk

   scandsk107d_8027.exe

   If you need a better understanding on how to search for these files then you can read how to find and search for files and folders here.

   If you have issues deleting any of the previously listed files that are associated with Internet Security Guard, you can try rebooting your computer into safe mode. Booting into safe mode may allow certain malicious files to be deleted. If you are wondering how to boot into safe mode, you can read our process for starting a computer in safe mode here.

   Image 2. Select "Safe Mode with Networking"

   

10. After locating and deleting the previous files you must remove all directories associated with Internet Security Guard by going to the C:\ProgramFiles\Internet Security Guard folder, select it, and delete it. In some cases you may not be able to find this directory. You can still continue to the next step.

11. Restart your computer. You do not need to boot into safe mode at this point. You should have removed Internet Security Guard completely from your computer. If you find that Internet Security Guard is still on your computer, you can repeat the steps again or go to the automatic Internet Security Guard removal process.