How to remove Smart Guard Protection rogue? (Solved)

Smart Guard Protection is marketed by its publisher as a tool for securing your PC from viruses. It easily finds dozens of threats on a blank new computer. Does that mean any operating system, even just installed, is infected? Of course, that does not, yet it unveils a tricky nature of the program: remove Smart Guard Protection to rid your PC of another specimen of a malicious and sneaky trojan disguised as a piece of antivirus software.
The infection is typically imposed on users as a trojan (e.g. users suppose they download a codec and get this annoyware instead in a deceptive package) and through malicious code that exploits system vulnerabilities, the code being a part of websites users browse through; in the latter case,, the bad script is either attached to in general fair and originally safe website or websites are intentionally established with this code being a part of their script.
Regardless of the fake antivirus installation details, it is always configured to trigger its processes automatically so that users are forced to watch its silly ads (posed as a scan for viruses and alerts on the most important infections) whenever they start another Windows session.
Besides, the malware is known to intentionally capture and retain so that good programs would operates slower than ever. Again, it readily produces a seemingly timely comment on that stating system gets slower because of user ignoring the threats it has reported. Proceed with free extermination guide to ensure complete and lasting removal of Smart Guard Protection malware.

Smart Guard Protection

Smart Guard Protection

Screenshot of Smart Guard Protection GUI (graphic user interface)

Smart Guard Protection malware generates the following fake alerts:

Warning! Infected file detected
Location: File System
Behavior description: Destroys and infects system files.
Suspicious activity detected in the application notepad.exe to the behavior of the virus Win32/Conficker.X. For your security and to avoid loss of data, the operation of application cmd.exe has been temporarily restricted.

Windows Security Center
Warning! Suspicious activity detected.
Virus activity detected.
Attempt to change configuration files detected.
Rootkit embedding attempt detected.

Warning! Infected file detected.
We strongly recommend activating full edition of your antivirus software for repairing threats.

Warning! Network attack attempt detected.
To keep the computer safe, the threat must be blocked.

Method 1: Using Safe Mode with Networking + antimalware to remove Smart Guard Protection infection:

Step 1 > Please restart your PC, but do not wait for regular session to start. Instead, once anything comes to your monitor, press
F8
reputedly and frequently enough so that a screen like the one below would get loaded. This is the menu where you need to select the suggested operating mode. Arrows on you keyboard enable you to navigate through the menu and mark Safe Mode with Networking. Once this is done, activate it by pressing Enter on your keyboard.

How to switch to Safe mode?

Step 2 > Prior to initiating any procedures, the processes run by Smart Guard Protection must be killed for good. This will prevent in from meddling into the extermination routine. Get RKill browsing to the link below so that this requirement could be satisfied.

downloadDownload RKill
Run it to stop malware processes

Set desktop in “Save as” routine. Once it is downloaded, double-click on the it in order to automatically attempt to stop any processes associated with Smart Guard Protection and other Rogue programs. Please be patient while the program looks for various malware programs and ends them. When it has finished, the black window will automatically close and you can continue with the next Step.

rkill

If you get a message that RKill is an infection, do not be concerned. This message is just a fake warning given by Smart Guard Protection when it terminates programs that may potentially remove it. If you run into these infections warnings that close RKill, a trick is to leave the warning on the screen and then run RKill again. By not closing the warning, this typically will allow you to bypass the malware trying to protect itself so that RKill can terminate Smart Guard Protection. So, please try running RKill until the malware is no longer running. You will then be able to proceed with the rest of the guide. Do not reboot your computer after running RKill as the malware programs will start again. If you continue having problems running RKill, you can rename it to “Iexplorer.exe”,“chrome.exe” and then try to start.

rkill download

Step 3 > Open your browser and download TDSSKiller. Run the utility and click “Start Scan” to anti-rootkit scan.

downloadDownload TDSSKiller
Utility for removing malicious rootkits.

tdss killer kaspersky

Step 4 >Download and install SpyHunter. It has a great capability as an antivirus and complex security suite to recognize,
identify, contain and remove any and all threats, including, but not limited to, viral infections, malicious software, parasites that propagate using worm and trojan type routine, potential risks (PUP). Choosing to load and install onto your PC SpyHunter, free edition or advanced edition, ensures that you remove Smart Guard Protection PUP referred to as infection for the purposes of this guide.

downloadDownload SpyHunter
Adaptive Spyware Detection and Removal Tool

    • NOTE: There is a risk of the infection you are about to remove interfering with the above (Rkill, TDSS Killer, SpyHunter) and probably any other installations into compromised machine. Under such circumstances, please download the content specified herein into removable memory at a PC void of the infection. Upon completing this step, attach the removable media (USB, external drive, CD/DVD) to affected machine so that you could install the solution despite the tricks.
    • OR follow these instructions:
      1. Click Start->Run
      2. Enter “http://manual-removal.com/smart-guard-protecttion-remover” and press ‘Enter’.
      3. Press ‘Continue unprotected’
      4. Save the file on your desktop.
      5. Rename the .exe from xxx.exe to antivir.com and run it.
      6. Now you have to remove Smart Guard Protection files that will be detected by a program.

       

Method 2: Removing Smart Guard Protection using the debugged activation key \ unlock code:

Step 1 >Use the debugged keys listed below to register this infection and stop the fake security alerts.

AA39754E-216A8FF3

After you active the rogueware, you are able to access the Internet and download anti-virus or anti-malware program to kill the Smart Guard Protection.

Step 2 > Download, install the automatic remover – SpyHunter to scan out and remove the residing files of the infection.

downloadDownload Smart Guard Protection Removal Tool
Spyhunter – the Ultimate Malware and Spyware Protection

Method 3: Smart Guard Protection Manual removal:

Important! Experienced users only!

Step 1> Locate, stop and delete the following processes and files:

    • %CommonAppData%\WaDprnV7
      %CommonAppData%\WaDprnV7\DD1
      %CommonAppData%\WaDprnV7\WaDprnV7.exe
      %CommonAppData%\WaDprnV7\WaDprnV7.exe.manifest
      %CommonAppData%\WaDprnV7\WaDprnV7.ico
      %CommonAppData%\WaDprnV7\WaDprnV7kassgxDq.in
      %CommonAppData%\WaDprnV7\WaDprnV7kassgxDq.lg

File Location Notes:
%CommonAppData% refers to the Application Data folder for the All Users Profile. By default, this is C:\Documents and Settings\All Users\Application Data for Windows 2000/XP and C:\ProgramData\ in Windows Vista, Windows 7, and Windows 8.
%CommonAppData% refers to the Application Data folder in the All Users profile. For Windows XP, Vista, NT, 2000 and 2003 it refers to C:\Documents and Settings\All Users\Application Data\, and for Windows Vista, Windows 7, and Windows 8 it is C:\ProgramData.

 

Step 2> Remove or change the following registry entries, using “Start>Run> print “regedit” command:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “AS2014″ = “%CommonAppData%\WaDprnV7\WaDprnV7.exe”
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system “EnableLUA” = 0
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system “EnableVirtualization” = 0
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore “RPSessionInterval” = 0

Step 3> Download reliable anti-malware solution to remove other malicious files and potentially unwanted applications:

downloadDownload SpyHunter
Windows XP, Windows Vista, Windows 7, Windows 8