Remove GuardBytes Plus virus (Removal Guide)




GuardBytes Plus is a new threat from the Braviax malware family. This GuardBytes Plus threat is classified as virus because it inflicts and acts as a malicious virus into your computer system. GuardBytes Plus is known Rogueware which displays fake alerts, and locks your computer processes from opening. Each time you open your Internet Browser of software, it display a bogus alert that your computer is in danger and needs to be fixed. The problems persists in the fact that you need to pay in order to fix these problems. GuardBytes Plus is a virus which is spread through peer to peer, pirated software or video codec for sexual related websites and freeware. Most users have no idea how this GuardBytes Plus threat is installed on there computer and what it is. Follow our instruction to remove this GuardBytes Plus threat from your computer.

It is advised to follow our simple removal instruction to remove GuardBytes Plus virus and all related malicious files from your computer. By using our simple removal instruction you make sure the GuardBytes Plus threat is fully removed from your computer and there is nothing left. This instruction will also speed up your computer and removes any possible other threats from your computer. Please note, all software we advise to remove GuardBytes Plus from your computer is free, no registration or license needs to be bought in order to remove GuardBytes Plus or any other possible threat from your computer.

Follow all steps to remove this threat and prevent this threat from infecting your computer again.
All tips are legal and known tips to protect your computer, FixYourBrowser.com and related malware researchers are not responsible for any problems that might inflict from using our tips.

Guardbytes Plus virus

malware intrusion - rango virus alert

Fake Alerts of malware intrusion, produced by GuardBytes Plus

privacy rango alert

Privacy Alert of GuardBytes Plus (Fake ofcourse)

[restabs alignment=”osc-tabs-left” responsive=”false”]
[restab title=”More information about GuardBytes Plus virus (SandBox Analyse)” active=”active”]

AntivirusVersionResult
Ad-Aware12.0.163.0Trojan.GenericKD.2018505
AegisLab1.5Clean
Agnitum5.5.1.3Clean
AhnLab-V32014.12.11.01Trojan/Win32.FakeRean
ALYac1.0.1.4Trojan.FakeAV.SecurityTool
Antiy-AVL1.0.0.1Clean
Avast8.0.1489.320Win32:Malware-gen
AVG15.0.0.4235Generic6.BUS
Avira7.11.194.70TR/FakeRean.A.46
AVware1.5.0.21Clean
Baidu-International3.5.1.41473Backdoor.Win32.Androm.aa
BitDefender7.2Trojan.GenericKD.2018505
Bkav1.3.0.6267HW32.Packed.9614
ByteHero1.0.0.1Clean
CAT-QuickHeal14.00Clean
ClamAV0.98.5.0Clean
CMC1.1.0.977Clean
Comodo20331Clean
Cyren5.4.1.7Clean
DrWeb7.0.10.8210Clean
Emsisoft3.0.0.600Trojan.GenericKD.2018505 (B)
ESET-NOD3210859Win32/Adware.XPAntiSpyware.AH
F-Prot4.7.1.166Clean
F-Secure11.0.19100.45Trojan.GenericKD.2018505
Fortinet5.0.999.0Clean
GData24Trojan.GenericKD.2018505
IkarusT3.1.8.5.0Clean
Jiangmin16.0.100Clean
K7AntiVirus9.186.14295Clean
K7GW9.186.14301Adware ( 004a88581 )
Kaspersky15.0.1.10Backdoor.Win32.Androm.fpys
Kingsoft2013.4.9.267Clean
Malwarebytes1.75.0.1Trojan.Agent
McAfee6.0.5.614FakeRean-FAF!E864E7FC4631
McAfee-GW-Editionv2014.2BehavesLike.Win32.PWSZbot.nc
Microsoft1.11202Rogue:Win32/FakeRean
MicroWorld-eScan12.0.250.0Trojan.GenericKD.2018505
NANO-Antivirus0.28.6.63850Clean
Norman7.04.04Clean
nProtect2014-12-10.01Trojan.GenericKD.2018505
Panda4.6.4.2Generic Suspicious
Qihoo-3601.0.0.1015HEUR/QVM19.1.Malware.Gen
Rising25.0.0.17Clean
Sophos4.98.0Mal/Generic-S
SUPERAntiSpyware5.6.0.1032Clean
Symantec20141.1.0.330Trojan.Gen.SMH
Tencent1.0.0.1Clean
TheHacker6.8.0.5.499Clean
TotalDefense37.0.11323Clean
TrendMicro9.740.0.1012BKDR_ANDROM.YY
TrendMicro-HouseCall9.700.0.1001BKDR_ANDROM.YY
VBA323.12.26.3Clean
VIPRE35620FraudTool.Win32.FakeRean
ViRobot2014.3.20.0Clean
Zillya2.0.0.2003Clean
Zoner1.0Clean

Hosts Involved

IP Address
8.8.8.8
146.185.239.114

DNS Requests

DomainIP Address
trader562.com146.185.239.114
gislat4se2.com146.185.239.114

HTTP Requests

URLData
http://trader562.com/Zw-EU0CoGHRRuah0a42OugYsXifk5Bc=
GET /Zw-EU0CoGHRRuah0a42OugYsXifk5Bc= HTTP/1.1
Host: trader562.com
Cache-Control: no-cache

Files

    • PIPE\lsarpc
    • C:\WINDOWS\Registration\R000000000007.clb
    • C:\WINDOWS\system32\WBEM\Logs\wbemprox.log
    • C:\Documents and Settings\fyb-mlwr-box\Local Settings\Application Data\893686b8
    • C:\Documents and Settings\All Users\Application Data\893686b8
    • C:\Documents and Settings\fyb-mlwr-box\Templates\893686b8
    • C:\Documents and Settings\fyb-mlwr-box\Application Data\893686b8
    • C:\Documents and Settings\fyb-mlwr-box\Local Settings\Temporary Internet Files
    • C:\Documents and Settings\fyb-mlwr-box\Local Settings\History
    • C:\Documents and Settings\fyb-mlwr-box\Local Settings\Temporary Internet Files\Content.IE5\
    • C:\
    • C:\Documents and Settings\fyb-mlwr-box\Local Settings\Temporary Internet Files\Content.IE5\index.dat
    • C:\Documents and Settings\fyb-mlwr-box\Cookies\
    • C:\Documents and Settings\fyb-mlwr-box\Cookies\index.dat
    • C:\Documents and Settings\fyb-mlwr-box\Local Settings\History\History.IE5\
    • C:\Documents and Settings\fyb-mlwr-box\Local Settings\History\History.IE5\index.dat
    • C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Connections\Pbk\*.pbk
    • C:\WINDOWS\system32\Ras\*.pbk
    • c:\autoexec.bat
    • C:\Documents and Settings
    • C:\Documents and Settings\fyb-mlwr-box
    • C:\Documents and Settings\fyb-mlwr-box\Local Settings
    • C:\Documents and Settings\fyb-mlwr-box\Application Data\Microsoft\Network\Connections\Pbk\*.pbk
    • C:\Documents and Settings\fyb-mlwr-box\Local Settings\Application Data\093ehu9o20.exe:Zone.Identifier:$DATA
    • C:\Documents and Settings\fyb-mlwr-box\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
    • C:\WINDOWS\System32\cscui.dll
    • shadow
    • C:\WINDOWS\system32\wscui.cpl
    • C:\WINDOWS\WindowsShell.manifest
    • IDE#CdRomVBOX_CD-ROM_____________________________1.0_____#42562d3131303066333036662020202020202020#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
    • MountPointManager
    • C:\WINDOWS\WindowsShell.Config
    • STORAGE#Volume#1&30a96598&0&Signature9ED49ED4Offset7E00Length4FF196400#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}

Mutexes

  • qcgce2mrvjq91kk1e7pnbb19m52fx1956jc03il0h
  • _!MSFTHISTORY!_
  • c:!documents and settings!fyb-mlwr-box!local settings!temporary internet files!content.ie5!
  • c:!documents and settings!fyb-mlwr-box!cookies!
  • c:!documents and settings!fyb-mlwr-box!local settings!history!history.ie5!
  • WininetStartupMutex
  • WininetConnectionMutex
  • WininetProxyRegistryMutex
  • ShimCacheMutex
  • {C9A34C77-4D69-45EC-A07D-83242376045D}D68DDC3A-831F-4FAE-9E44-DA132C1ACF46

Registry Keys

  • HKEY_LOCAL_MACHINE\Software\Microsoft\Ole
  • HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\ComputerName
  • ActiveComputerName
  • HKEY_LOCAL_MACHINE\Software\Microsoft\COM3
  • HKEY_USERS\S-1-5-21-1343024091-764733703-1060284298-1003_Classes
  • HKEY_LOCAL_MACHINE\Software\Classes
  • \REGISTRY\USER
  • HKEY_LOCAL_MACHINE\Software\Classes\CLSID
  • CLSID\{CB8555CC-9128-11D1-AD9B-00C04FD8FDFF}
  • CLSID\{CB8555CC-9128-11D1-AD9B-00C04FD8FDFF}\TreatAs
  • \CLSID\{CB8555CC-9128-11D1-AD9B-00C04FD8FDFF}
  • \CLSID\{CB8555CC-9128-11D1-AD9B-00C04FD8FDFF}\InprocServer32
  • \CLSID\{CB8555CC-9128-11D1-AD9B-00C04FD8FDFF}\InprocServerX86
  • \CLSID\{CB8555CC-9128-11D1-AD9B-00C04FD8FDFF}\LocalServer32
  • \CLSID\{CB8555CC-9128-11D1-AD9B-00C04FD8FDFF}\InprocHandler32
  • \CLSID\{CB8555CC-9128-11D1-AD9B-00C04FD8FDFF}\InprocHandlerX86
  • \CLSID\{CB8555CC-9128-11D1-AD9B-00C04FD8FDFF}\LocalServer
  • HKEY_CLASSES_ROOT\CLSID\{CB8555CC-9128-11D1-AD9B-00C04FD8FDFF}
  • HKEY_CLASSES_ROOT\CLSID\{CB8555CC-9128-11D1-AD9B-00C04FD8FDFF}\TreatAs
  • CLSID\{8BC3F05E-D86B-11D0-A075-00C04FB68820}
  • CLSID\{8BC3F05E-D86B-11D0-A075-00C04FB68820}\TreatAs
  • \CLSID\{8BC3F05E-D86B-11D0-A075-00C04FB68820}
  • \CLSID\{8BC3F05E-D86B-11D0-A075-00C04FB68820}\InprocServer32
  • \CLSID\{8BC3F05E-D86B-11D0-A075-00C04FB68820}\InprocServerX86
  • \CLSID\{8BC3F05E-D86B-11D0-A075-00C04FB68820}\LocalServer32
  • \CLSID\{8BC3F05E-D86B-11D0-A075-00C04FB68820}\InprocHandler32
  • \CLSID\{8BC3F05E-D86B-11D0-A075-00C04FB68820}\InprocHandlerX86
  • \CLSID\{8BC3F05E-D86B-11D0-A075-00C04FB68820}\LocalServer
  • \AppID\{8BC3F05E-D86B-11D0-A075-00C04FB68820}
  • HKEY_CLASSES_ROOT\Interface\{F309AD18-D86A-11D0-A075-00C04FB68820}
  • HKEY_CLASSES_ROOT\Interface\{F309AD18-D86A-11D0-A075-00C04FB68820}\ProxyStubClsid32
  • CLSID\{7C857801-7381-11CF-884D-00AA004B2E24}
  • CLSID\{7C857801-7381-11CF-884D-00AA004B2E24}\TreatAs
  • \CLSID\{7C857801-7381-11CF-884D-00AA004B2E24}
  • \CLSID\{7C857801-7381-11CF-884D-00AA004B2E24}\InprocServer32
  • \CLSID\{7C857801-7381-11CF-884D-00AA004B2E24}\InprocServerX86
  • \CLSID\{7C857801-7381-11CF-884D-00AA004B2E24}\LocalServer32
  • \CLSID\{7C857801-7381-11CF-884D-00AA004B2E24}\InprocHandler32
  • \CLSID\{7C857801-7381-11CF-884D-00AA004B2E24}\InprocHandlerX86
  • \CLSID\{7C857801-7381-11CF-884D-00AA004B2E24}\LocalServer
  • HKEY_CLASSES_ROOT\CLSID\{7C857801-7381-11CF-884D-00AA004B2E24}
  • HKEY_CLASSES_ROOT\CLSID\{7C857801-7381-11CF-884D-00AA004B2E24}\TreatAs
  • HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters
  • HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\System\DNSclient
  • HKEY_CLASSES_ROOT\Interface\{D4781CD6-E5D3-44DF-AD94-930EFE48A887}
  • HKEY_CLASSES_ROOT\Interface\{D4781CD6-E5D3-44DF-AD94-930EFE48A887}\ProxyStubClsid32
  • HKEY_CLASSES_ROOT\Interface\{9556DC99-828C-11CF-A37E-00AA003240C7}
  • HKEY_CLASSES_ROOT\Interface\{9556DC99-828C-11CF-A37E-00AA003240C7}\ProxyStubClsid32
  • CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}
  • CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\TreatAs
  • \CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}
  • \CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\InprocServer32
  • \CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\InprocServerX86
  • \CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\LocalServer32
  • \CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\InprocHandler32
  • \CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\InprocHandlerX86
  • \CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\LocalServer
  • HKEY_CLASSES_ROOT\CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}
  • HKEY_CLASSES_ROOT\CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\TreatAs
  • HKEY_CLASSES_ROOT\Interface\{027947E1-D731-11CE-A357-000000000001}
  • HKEY_CLASSES_ROOT\Interface\{027947E1-D731-11CE-A357-000000000001}\ProxyStubClsid32
  • CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}
  • CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\TreatAs
  • \CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}
  • \CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\InprocServer32
  • \CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\InprocServerX86
  • \CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\LocalServer32
  • \CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\InprocHandler32
  • \CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\InprocHandlerX86
  • \CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\LocalServer
  • HKEY_CLASSES_ROOT\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}
  • HKEY_CLASSES_ROOT\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\TreatAs
  • HKEY_CLASSES_ROOT\Interface\{1C1C45EE-4395-11D2-B60B-00104B703EFD}
  • HKEY_CLASSES_ROOT\Interface\{1C1C45EE-4395-11D2-B60B-00104B703EFD}\ProxyStubClsid32
  • HKEY_CLASSES_ROOT\Interface\{423EC01E-2E35-11D2-B604-00104B703EFD}
  • HKEY_CLASSES_ROOT\Interface\{423EC01E-2E35-11D2-B604-00104B703EFD}\ProxyStubClsid32
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
  • HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings
  • HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings
  • HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings
  • HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl
  • HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl
  • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Cache
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache
  • HKEY_LOCAL_MACHINE\System\Setup
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\Path1
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\Path2
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\Path3
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\Path4
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Special Paths
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012014120920141210
  • HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_AUTOPROXY_CACHE_ANAME_KB921400
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_TEMPORARYFILES_FOR_NOCACHE_840387
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_TEMPORARYFILES_FOR_NOCACHE_840386
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\RETRY_HEADERONLYPOST_ONCONNECTIONRESET
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_CHUNK_TIMEOUT_KB914453
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_CERT_TRUST_VERIFIED_KB936882
  • HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache
  • HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache
  • HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BUFFERBREAKING_818408
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SKIP_POST_RETRY_ON_INTERNETWRITEFILE_KB895954
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ENSURE_FQDN_FOR_NEGOTIATE_KB899417
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_HTTP_DISABLE_NTLM_PREAUTH_IF_ABORTED_KB902409
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_PERMIT_CACHE_FOR_AUTHENTICATED_FTP_KB910274
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WPAD_STORE_URL_AS_FQDN_KB903926
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_USE_CNAME_FOR_SPN_KB911149
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_KEEP_CACHE_INDEX_OPEN_KB899342
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WAIT_TIME_THREAD_TERMINATE_KB886801
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_FIX_CHUNKED_PROXY_SCRIPT_DOWNLOAD_KB843289
  • HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Http Filters\RPA
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Http Filters\RPA
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_INCLUDE_PORT_IN_SPN_KB908209
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MIME_HANDLING
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_HTTP_USERNAME_PASSWORD_DISABLE
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\RASAPI32
  • HKEY_USERS\S-1-5-21-1343024091-764733703-1060284298-1003
  • HKEY_USERS\S-1-5-21-1343024091-764733703-1060284298-1003\Software\Microsoft\windows\CurrentVersion\Internet Settings
  • HKEY_USERS\S-1-5-21-1343024091-764733703-1060284298-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\ProfileList
  • HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion
  • HKEY_USERS\S-1-5-21-1343024091-764733703-1060284298-1003\Software\Microsoft\Windows NT\CurrentVersion\Winlogon
  • HKEY_USERS\S-1-5-21-1343024091-764733703-1060284298-1003\Environment
  • HKEY_USERS\S-1-5-21-1343024091-764733703-1060284298-1003\Volatile Environment
  • HKEY_USERS\S-1-5-21-1343024091-764733703-1060284298-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
  • HKEY_USERS\S-1-5-21-1343024091-764733703-1060284298-1003\Software\Microsoft\windows\CurrentVersion\Internet Settings\Connections
  • HKEY_CURRENT_CONFIG\Software\Microsoft\windows\CurrentVersion\Internet Settings
  • HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Fonts
  • HKEY_CURRENT_USER\Software\Microsoft\GDIPlus
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\
  • HKEY_CURRENT_USER\Control Panel\Desktop\WindowMetrics
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Icons
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\Offline Files
  • HKEY_CLASSES_ROOT\CLSID\{750FDF0E-2A26-11D1-A3EA-080036587F03}\InProcServer32
  • HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\AppCompatibility
  • HKEY_USERS\S-1-5-21-1343024091-764733703-1060284298-1003\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers
  • CLSID\{750FDF0E-2A26-11D1-A3EA-080036587F03}
  • CLSID\{750FDF0E-2A26-11D1-A3EA-080036587F03}\TreatAs
  • \CLSID\{750FDF0E-2A26-11D1-A3EA-080036587F03}
  • \CLSID\{750FDF0E-2A26-11D1-A3EA-080036587F03}\InprocServer32
  • \CLSID\{750FDF0E-2A26-11D1-A3EA-080036587F03}\InprocServerX86
  • \CLSID\{750FDF0E-2A26-11D1-A3EA-080036587F03}\LocalServer32
  • \CLSID\{750FDF0E-2A26-11D1-A3EA-080036587F03}\InprocHandler32
  • \CLSID\{750FDF0E-2A26-11D1-A3EA-080036587F03}\InprocHandlerX86
  • \CLSID\{750FDF0E-2A26-11D1-A3EA-080036587F03}\LocalServer
  • HKEY_CLASSES_ROOT\CLSID\{750FDF0E-2A26-11D1-A3EA-080036587F03}
  • HKEY_CLASSES_ROOT\CLSID\{750FDF0E-2A26-11D1-A3EA-080036587F03}\TreatAs
  • HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager
  • CLSID\{3050F3D6-98B5-11CF-BB82-00AA00BDCE0B}
  • CLSID\{3050F3D6-98B5-11CF-BB82-00AA00BDCE0B}\TreatAs
  • \CLSID\{3050F3D6-98B5-11CF-BB82-00AA00BDCE0B}
  • \CLSID\{3050F3D6-98B5-11CF-BB82-00AA00BDCE0B}\InprocServer32
  • \CLSID\{3050F3D6-98B5-11CF-BB82-00AA00BDCE0B}\InprocServerX86
  • \CLSID\{3050F3D6-98B5-11CF-BB82-00AA00BDCE0B}\LocalServer32
  • \CLSID\{3050F3D6-98B5-11CF-BB82-00AA00BDCE0B}\InprocHandler32
  • \CLSID\{3050F3D6-98B5-11CF-BB82-00AA00BDCE0B}\InprocHandlerX86
  • \CLSID\{3050F3D6-98B5-11CF-BB82-00AA00BDCE0B}\LocalServer
  • HKEY_CLASSES_ROOT\CLSID\{3050F3D6-98B5-11CF-BB82-00AA00BDCE0B}
  • HKEY_CLASSES_ROOT\CLSID\{3050F3D6-98B5-11CF-BB82-00AA00BDCE0B}\TreatAs
  • HKEY_CURRENT_USER\Control Panel\International
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{fda20af0-7f94-11e4-b736-806d6172696f}\
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{fda20af2-7f94-11e4-b736-806d6172696f}\
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fda20af2-7f94-11e4-b736-806d6172696f}\
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fda20af0-7f94-11e4-b736-806d6172696f}\
  • CLSID\{8856F961-340A-11D0-A96B-00C04FD705A2}
  • CLSID\{8856F961-340A-11D0-A96B-00C04FD705A2}\TreatAs
  • \CLSID\{8856F961-340A-11D0-A96B-00C04FD705A2}
  • \CLSID\{8856F961-340A-11D0-A96B-00C04FD705A2}\InprocServer32
  • \CLSID\{8856F961-340A-11D0-A96B-00C04FD705A2}\InprocServerX86
  • \CLSID\{8856F961-340A-11D0-A96B-00C04FD705A2}\LocalServer32
  • \CLSID\{8856F961-340A-11D0-A96B-00C04FD705A2}\InprocHandler32
  • \CLSID\{8856F961-340A-11D0-A96B-00C04FD705A2}\InprocHandlerX86
  • \CLSID\{8856F961-340A-11D0-A96B-00C04FD705A2}\LocalServer
  • HKEY_CLASSES_ROOT\CLSID\{8856F961-340A-11D0-A96B-00C04FD705A2}
  • HKEY_CLASSES_ROOT\CLSID\{8856F961-340A-11D0-A96B-00C04FD705A2}\TreatAs
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\
  • HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\
  • HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\\Ranges\
  • HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Security\P3Global
  • HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Security\P3Sites
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_HANDLE_RELEASED_PROTOCOL_KB942169
  • HKEY_CLASSES_ROOT\.gif
  • HKEY_CURRENT_USER\SOFTWARE\Classes\PROTOCOLS\Filter\image/gif
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\image/gif
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
  • CLSID\{9BA05972-F6A8-11CF-A442-00A0C90A8F39}
  • CLSID\{9BA05972-F6A8-11CF-A442-00A0C90A8F39}\TreatAs
  • \CLSID\{9BA05972-F6A8-11CF-A442-00A0C90A8F39}
  • \CLSID\{9BA05972-F6A8-11CF-A442-00A0C90A8F39}\InprocServer32
  • \CLSID\{9BA05972-F6A8-11CF-A442-00A0C90A8F39}\InprocServerX86
  • \CLSID\{9BA05972-F6A8-11CF-A442-00A0C90A8F39}\LocalServer32
  • \CLSID\{9BA05972-F6A8-11CF-A442-00A0C90A8F39}\InprocHandler32
  • \CLSID\{9BA05972-F6A8-11CF-A442-00A0C90A8F39}\InprocHandlerX86
  • \CLSID\{9BA05972-F6A8-11CF-A442-00A0C90A8F39}\LocalServer
  • HKEY_CLASSES_ROOT\CLSID\{9BA05972-F6A8-11CF-A442-00A0C90A8F39}
  • HKEY_CLASSES_ROOT\CLSID\{9BA05972-F6A8-11CF-A442-00A0C90A8F39}\TreatAs
  • HKEY_CLASSES_ROOT\Interface\{85CB6900-4D95-11CF-960C-0080C7F4EE85}
  • HKEY_CLASSES_ROOT\Interface\{85CB6900-4D95-11CF-960C-0080C7F4EE85}\ProxyStubClsid32
  • CLSID\{00020424-0000-0000-C000-000000000046}
  • CLSID\{00020424-0000-0000-C000-000000000046}\TreatAs
  • \CLSID\{00020424-0000-0000-C000-000000000046}
  • \CLSID\{00020424-0000-0000-C000-000000000046}\InprocServer32
  • \CLSID\{00020424-0000-0000-C000-000000000046}\InprocServerX86
  • \CLSID\{00020424-0000-0000-C000-000000000046}\LocalServer32
  • \CLSID\{00020424-0000-0000-C000-000000000046}\InprocHandler32
  • \CLSID\{00020424-0000-0000-C000-000000000046}\InprocHandlerX86
  • \CLSID\{00020424-0000-0000-C000-000000000046}\LocalServer
  • HKEY_CLASSES_ROOT\CLSID\{00020424-0000-0000-C000-000000000046}
  • HKEY_CLASSES_ROOT\CLSID\{00020424-0000-0000-C000-000000000046}\TreatAs
  • Interface\{85CB6900-4D95-11CF-960C-0080C7F4EE85}\ProxyStubClsid32
  • Interface\{85CB6900-4D95-11CF-960C-0080C7F4EE85}\Forward
  • HKEY_CLASSES_ROOT\TypeLib\{EAB22AC0-30C1-11CF-A7EB-0000C05BAE0B}
  • HKEY_CLASSES_ROOT\TypeLib\{EAB22AC0-30C1-11CF-A7EB-0000C05BAE0B}\1.1
  • HKEY_CLASSES_ROOT\TypeLib\{EAB22AC0-30C1-11CF-A7EB-0000C05BAE0B}\1.1\0
  • HKEY_CLASSES_ROOT\TypeLib\{EAB22AC0-30C1-11CF-A7EB-0000C05BAE0B}\1.1\0\win32
  • HKEY_CLASSES_ROOT\TypeLib
  • HKEY_CLASSES_ROOT\TypeLib\{00020430-0000-0000-C000-000000000046}
  • HKEY_CLASSES_ROOT\TypeLib\{00020430-0000-0000-C000-000000000046}\2.0
  • HKEY_CLASSES_ROOT\TypeLib\{00020430-0000-0000-C000-000000000046}\2.0\0
  • HKEY_CLASSES_ROOT\TypeLib\{00020430-0000-0000-C000-000000000046}\2.0\0\win32
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Rpc
  • HKEY_CLASSES_ROOT\Interface\{00020400-0000-0000-C000-000000000046}
  • HKEY_CLASSES_ROOT\Interface\{00020400-0000-0000-C000-000000000046}\ProxyStubClsid32
  • CLSID\{00020420-0000-0000-C000-000000000046}
  • CLSID\{00020420-0000-0000-C000-000000000046}\TreatAs
  • \CLSID\{00020420-0000-0000-C000-000000000046}
  • \CLSID\{00020420-0000-0000-C000-000000000046}\InprocServer32
  • \CLSID\{00020420-0000-0000-C000-000000000046}\InprocServerX86
  • \CLSID\{00020420-0000-0000-C000-000000000046}\LocalServer32
  • \CLSID\{00020420-0000-0000-C000-000000000046}\InprocHandler32
  • \CLSID\{00020420-0000-0000-C000-000000000046}\InprocHandlerX86
  • \CLSID\{00020420-0000-0000-C000-000000000046}\LocalServer
  • HKEY_CLASSES_ROOT\CLSID\{00020420-0000-0000-C000-000000000046}
  • HKEY_CLASSES_ROOT\CLSID\{00020420-0000-0000-C000-000000000046}\TreatAs
  • HKEY_CLASSES_ROOT\Interface\{B196B284-BAB4-101A-B69C-00AA00341D07}
  • HKEY_CLASSES_ROOT\Interface\{B196B284-BAB4-101A-B69C-00AA00341D07}\ProxyStubClsid32
  • CLSID\{B196B286-BAB4-101A-B69C-00AA00341D07}
  • CLSID\{B196B286-BAB4-101A-B69C-00AA00341D07}\TreatAs
  • \CLSID\{B196B286-BAB4-101A-B69C-00AA00341D07}
  • \CLSID\{B196B286-BAB4-101A-B69C-00AA00341D07}\InprocServer32
  • \CLSID\{B196B286-BAB4-101A-B69C-00AA00341D07}\InprocServerX86
  • \CLSID\{B196B286-BAB4-101A-B69C-00AA00341D07}\LocalServer32
  • \CLSID\{B196B286-BAB4-101A-B69C-00AA00341D07}\InprocHandler32
  • \CLSID\{B196B286-BAB4-101A-B69C-00AA00341D07}\InprocHandlerX86
  • \CLSID\{B196B286-BAB4-101A-B69C-00AA00341D07}\LocalServer
  • HKEY_CLASSES_ROOT\CLSID\{B196B286-BAB4-101A-B69C-00AA00341D07}
  • HKEY_CLASSES_ROOT\CLSID\{B196B286-BAB4-101A-B69C-00AA00341D07}\TreatAs
  • HKEY_CLASSES_ROOT\Interface\{B196B286-BAB4-101A-B69C-00AA00341D07}
  • HKEY_CLASSES_ROOT\Interface\{B196B286-BAB4-101A-B69C-00AA00341D07}\ProxyStubClsid32
  • HKEY_CLASSES_ROOT\Interface\{FE4106E0-399A-11D0-A48C-00A0C90A8F39}
  • HKEY_CLASSES_ROOT\Interface\{FE4106E0-399A-11D0-A48C-00A0C90A8F39}\ProxyStubClsid32
  • Interface\{FE4106E0-399A-11D0-A48C-00A0C90A8F39}\ProxyStubClsid32
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_JSCRIPT_EXHAUSTIVE_COLLECT_AND_100MS_DOWNLOAD_THREAD_TIMEOUT_KB915355

[/restab][/restabs]

Remove GuardBytes Plus




Follow all steps in correct order to completely and successfully remove GuardBytes Plus and protect your computer from possible future infections.
This is important: if you have any problem during this removal instruction in order to remove this threat, please stop.


Removal steps for GuardBytes Plus

Reboot your computer in Safe-Mode with Command-Prompt

  • Reboot your computer
  • Before the Windows loading screen press F8 key on your keyboard

Windows XP / Windows 7 users

  • Select “Safe mode with Command-Prompt”

Or follow this video for Windows 7

Windows 8 users

  • Select Windows key + C 
  • click Settings.
  • Click Power hold down Shift on your keyboard and click Restart
  • click on Troubleshoot
  • select Advanced options
  • Select Startup Settings
  • click on Restart.
  • When done booting, click 6 on your keyboard or select Safe mode with Command prompt
  • In command prompt type: explorer.exe

Or follow this video for Windows 8 or Windows 8.1

Download Rkill.exe and run it. Rkill will terminate malicious processes to make sure we can run our MalwareBytes Anti-Malware software in order to remove GuardBytes Plus.
When at the download page, click on the Download Now button labeled iExplore.exe download link. When you are prompted where to save it, please save it on your desktop.

Download MalwareBytes Anti-Malware (free version)

Install MalwareBytes Anti-Malware by following the onscreen instructions and make no changes to the default settings. If MalwareBytes asks you to reboot the computer, do not reboot.
After the installation select the “Scan now” button and update the virus definitions.

Please wait while the scan is running. Do not work with the computer when performing a anti-malware scan. After the scan is complete, select “Apply actions” to the found malicious files.
Malwarebytes will reboot the computer, if not, do it yourself, reboot back to normal mode.

The virus will also damage some windows services. Use the corresponding files for your windows version below and execute them. When windows asks to merge the file, choose Yes.

Windows XP Wscsvc File (for Windows XP users)

Windows Vista Wscsvc File (for Windows Vista users)
Windows Vista WinDefend File (for Windows Vista users)

Windows 7 Wscsvc File
 (for Windows 7 users)
Windows 7 WinDefend File

Windows 8 Wscsvc File
 (for Windows 8 users)
Windows 8 WinDefend File (for Windows 8 users)

** Thanks to Bleepingcomputer.com for these files.

Leave a Reply