GuardBytes Plus
Written by Tomas Meskauskas on (updated)
What is GuardBytes Plus?
GuardBytes Plus is fake anti-virus software that attempts to scare PC users into believing that their computers have been infected with high-risk malware, viruses, and Trojans. This rogue application infiltrates operating systems using infected email attachments, torrent downloads, security exploits, etc.
After successful infiltration, GuardBytes Plus imitates a computer security scan and then generates a long list of supposedly-detected malware. Be aware that GuardBytes Plus holds no virus definition database or any features that would allow this application to detect any of the security infections listed.
In fact, all infections listed during the 'security scan' are fake and do not exist on the victim’s PC. The real purpose of GuardBytes Plus is to encourage users to buy a fake license key. Do not buy GuardBytes Plus - it is a scam developed by cyber criminals.
Paying for a false antivirus suite such as this is equivalent to sending your money to criminals - you will lose your money and your banking information will be at risk. In addition, GuardBytes Plus provides no antivirus-related features and your computer will remain infected by this rogue application.
If you see this program performing 'security scans' on your computer, and encouraging you to purchase a 'full version', your PC is infected with a fake antivirus program that should not be trusted.
GuardBytes Plus belongs to a family of fake antivirus programs called Braviax/FakeRean and is capable of infecting computers running the Windows XP, Windows 7, and Windows 8 operating systems. Previous fake antivirus programs originating from this family were named A-Secure 2015.
Other fake antivirus programs from the Braviax family (except for A-Secure 2015) are capable of changing their names depending on the operating system infiltrated. For example, Zorton Win 7 Antivirus 2014 can change its name to Zorton Win 8 Antivirus 2014 if the victim's computer runs the Windows 8 operating system.
In the case of GuardBytes Plus, the name of this fake antivirus program remains identical on all operating systems. Close examination of GuardBytes Plus reveals that most infections of this type are caused by Trojans and fake online security warning pop-ups.
Do not trust online messages stating that your computer is infected and offering download of software to eliminate supposedly-detected security issues.
Other practices to avoid this type of fake antivirus infection include frequent software updates and the use of legitimate anti-spyware and anti-virus programs. If your computer has been infected by the GuardBytes Plus rogue application, do not pay for the full version - read the following removal guide and eliminate it from your system.
Examples of fake security warning messages displayed by GuardBytes Plus:
“System security threat was detected. Viruses and/or spyware may be damaging your system now. Prevent infection and data loss or stealing by running a free security scan”
“GuardBytes Plus has blocked a program from accessing the internet - This program is infected with Trojan-BNK.Win32.Keylogger.gen Private data can be stolen by third parties, including credit card details and passwords”
“GuardBytes Plus Alert - System Hacked! Unknown program is scanning your system registry right now! Identity theft detected”
“Tracking software found! Your PC activity is being monitored. Possible spyware infection. Your data security may be compromised. Sensitive data can be stolen. Prevent damage now by completing a security scan”
GuardBytes Plus rogue antivirus performing a fake computer security scan:
GuardBytes Plus blocking Internet access:
Internet Explorer alert. Visiting this site may pose a security threat to your system!
Possible reasons include:
Dangerous code found in this site’s pages which installs unwanted software into your system.
Suspicious and potentially unwanted network activity detected.
Spyware infection in your system.
Complaints from other users about this site.
Port and system scans performed by the site being visited.Things you can do:
Get a copy of “GuardBytes Plus” to safeguard your PC while surfing the web (RECOMMENDED)
Run a spyware, virus and malware scan
Continue surfing without any security measures (DANGEROUS)
GuardBytes Plus blocking execution of installed programs:
GuardBytes Plus has blocked a program from accessing the Internet. This program is infected with Trojan-BNK.Win32.Keylogger.gen Private data can be stolen by third parties, including credit card detail and passwords.
GuardBytes Plus displaying a fake Windows Action Center:
Action Center has detected one or more issues for you to review. Windows Defender and GuardBytes Plus are both turned off.
A rogue website used by cyber criminals to collect payments for the GuardBytes Plus fake license keys (1 year license - $64.95; 2 year license - $79.95; Lifetime license - $99.95). Computer users who have paid for this scam should immediately contact their credit card company and dispute the charges, explaining that they have been tricked into purchasing a fake antivirus program:
Instant automatic malware removal:
Manual threat removal might be a lengthy and complicated process that requires advanced IT skills. Combo Cleaner is a professional automatic malware removal tool that is recommended to get rid of malware. Download it by clicking the button below:
▼ DOWNLOAD Combo Cleaner
By downloading any software listed on this website you agree to our Privacy Policy and Terms of Use. To use full-featured product, you have to purchase a license for Combo Cleaner. 7 days free trial available. Combo Cleaner is owned and operated by Rcs Lt, the parent company of PCRisk.com read more.
Quick menu:
- What is GuardBytes Plus?
- STEP 1. Remove GuardBytes Plus using Safe Mode with Networking.
- STEP 2. Optional GuardBytes Plus removal method.
- STEP 3. Manual GuardBytes Plus removal.
GuardBytes Plus fake antivirus removal:
Start your computer in Safe Mode. Click Start, click Shut Down, click Restart, click OK. During your computer start process, press the F8 key on your keyboard multiple times until you see the Windows Advanced Option menu, then select Safe Mode with Networking from the list.
Video showing how to start Windows 7 in "Safe Mode with Networking":
Video showing how to start Windows 8 in "Safe Mode with Networking":
Video showing how to start Windows XP in "Safe Mode with Networking":
After booting your computer in Safe Mode with Networking, try downloading and running the recommended antimalware software. If the download is blocked, follow the instructions presented below.
IMPORTANT! GuardBytes Plus rogue antivirus damages Windows Security Center and Windows Defender services. After removing this fake antivirus program, download the registry fixes presented below. After downloading, double-click each and click Yes (when asked to merge data).
Registry fixes for Windows 7 users:
Registry fixes for Windows 8 users:
Registry fix for Windows XP users:
NOTE: If you cannot run the remover, try to right-click on it and select "Run as administrator". If installation of the malware remover fails, or you cannot open the .exe files, try one of the alternative download locations below:
- Location 1 (the file is renamed to "iexplore.exe", since most spyware does not block this file)
- Location 2
If, after or before, removal of this fake antivirus you are unable to run any of your installed software, GuardBytes Plus has modified your operating system's .exe file associations. To fix this, download the registry fix (link below). Save it to your computer, double click it, click "Yes", and then "OK". After rebooting your PC, file associations should function normally.
- Windows 7 - Windows 8 - Windows XPIf you cannot open your browser (Internet Explorer, Mozilla Firefox, Google Chrome):
GuardBytes Plus hijacks Internet browsers, modifies registry settings, and disables execution of programs. For these cases, our developers have created a custom installer - useful when you are unable to browse the Internet or execute .exe files. It starts like an MS-Dos program, runs some registry fixes, and then initiates execution of an installer.
This installer was tested on the Windows 7, Windows Vista, and XP operating systems infected with the most common spyware infections.
To use this installer on Windows 7, click the Windows logo button (Start). If you use Windows 8, right-click in the lower left corner of the screen, in the Quick Access Menu, select Run. Windows XP users should click "Start" and select "Run". In the Search field, enter this link: www.pcrisk.com/installer.com and then press ENTER
GuardBytes Plus generates a fake warning after pressing ENTER. Ignore this and click "No, stay unprotected..." on this message.
File download dialogue will appear and report that you are downloading the file, installer.com. Click Run, wait for download to complete, and then follow the on-screen instructions. Windows may warn you that opening unknown files may be unsafe. Please ignore these warnings.
GuardBytes Plus removal (optional method):
GuardBytes Plus rogue blocks execution of all installed software - this makes its removal complicated. The best way to eliminate this rogue is to login to an unaffected user account and run a security scan from it. If available, login to a "Guest" account and follow the removal steps provided below. If your "Guest" user account is not activated, follow these steps:
Windows 7 users:
Click the Windows logo (Start), select Control Panel.
In the opened window, select "User Accounts and Family Safety".
In the opened window, click the "Add or Remove User Accounts" link.
In the opened window, click "Guest Account".
In the next window, click the "Turn On" button.
Windows 8 users:
Right-click in the lower left corner of the screen, in the Quick Access Menu, select Control Panel.
In the opened window, click "Change account type" (under "User Accounts and Family Safety").
In the opened window, click "Guest".
In the next window, click the "Turn On" button.
Windows XP users:
Click "Start", select "Settings", and click "Control Panel".
In the opened window, click "User Accounts".
In the opened window, click "Guest".
In the next window, click the "Turn On the Guest Account" button.
Restart your PC, when the Windows login screen appears, select the "Guest" user, and then continue with the removal steps provided below.
After logging in to your Guest account, download recommended malware removal software and run a full system scan to completely eliminate this fake antivirus software from your PC.
Manual GuardBytes Plus removal instructions
Some spyware can block downloading of spyware removers. If you cannot download it using the default location, try one of the alternative download locations below:
- Location 1 (the file is renamed to "iexplore.exe", since most spyware does not block this file)
- Location 2
If installation of the remover fails, try downloading the customized installer, which was built by our technicians to bypass spyware infections. Download customized installer
If you still cannot download or run the spyware removing software, please perform these steps:
Step 1
Download the registry fix for GuardBytes Plus malware. This fix removes registry entries that disallow execution of programs in some variants of this spyware. To download it, click the link below. After downloading, double click the downloaded registry fix file, click Yes, and then click OK.
Step 2
Some variants of this spyware modify the system proxy settings so that you are unable to access the Internet (or website addresses are redirected to malicious or phishing websites). To reset the proxy settings to default, download and run this tool:
Step 3
GuardBytes Plus modifies the system Hosts file. The Hosts file is used to resolve canonical names of websites to IP addresses. When it is changed, the user may be redirected to malicious sites, despite seeing legitimate URLs in address bar. It is difficult to determine which sites are genuine when the Hosts file is modified.
To fix this, download the Microsoft Fix It tool, which restores your Hosts file to the Windows default. Run this tool when downloaded and follow the on-screen instructions. Download link below:
Step 4
That's It! You can now try to download the Malware remover or install and run it if already downloaded.
IMPORTANT! GuardBytes Plus rogue antivirus damages Windows Security Center and Windows Defender services. After removing this fake antivirus program, download the registry fixes presented below. After downloading, double-click each and click Yes (when asked to merge data).
Registry fixes for Windows 7 users:
Registry fixes for Windows 8 users:
Registry fix for Windows XP users:
Summary:
The fake antivirus programs (also known as "rogue antivirus programs" or "scareware") are applications that tries to lure computer users into paying for their non-existent full versions to remove the supposedly detected security infections (although the computer is actually clean). These bogus programs are created by cyber criminals who design them to look as legitimate antivirus software. Most commonly rogue antivirus programs infiltrate user's computer using poop-up windows or alerts which appear when users surf the Internet. These deceptive messages trick users into downloading a rogue antivirus program on their computers. Other known tactics used to spread scareware include exploit kits, infected email messages, online ad networks, drive-by downloads, or even direct calls to user's offering free support.
A computer that is infected with a fake antivirus program might also have other malware installed on it as rogue antivirus programs often are bundled with Trojans and exploit kits. Noteworthy that additional malware that infiltrates user's operating system remains on victim's computer regardless of whether a payment for a non-existent full version of a fake antivirus program is made. Here are some examples of fake security warning messages that are used in fake antivirus distribution:
Computer users who are dealing with a rogue security software shouldn't buy it's full version. By paying for a license key of a fake antivirus program users would send their money and banking information to cyber criminals. Users who have already entered their credit card number (or other sensitive information) when asked by such bogus software should inform their credit card company that they have been tricked into buying a rogue security software. Screenshot of a web page used to lure computer users into paying for a non-existent full version of guardbytes plus scam and other rogue antivirus programs:
To protect your computer from guardbytes plus scam and other rogue antivirus programs users should:
- Keep their operating system and all of the installed programs up-to-date.
- Use legitimate antivirus and anti-spyware programs.
- Use caution when clicking on links in social networking websites and email messages.
- Don't trust online pop-up messages which state that your computer is infected and offers you to download security software.
Symptoms indicating that your operating system is infected with a fake antivirus program:
- Intrusive security warning pop-up messages.
- Alerts asking to upgrade to a paid version of a program to remove the supposedly detected malware.
- Slow computer performance.
- Disabled Windows updates.
- Blocked Task Manager.
- Blocked Internet browsers or inability to visit legitimate antivirus vendor websites.
If you have additional information on guardbytes plus scam or it's removal please share your knowledge in the comments section below.
▼ Show Discussion