How to remove WiniGuard (Delete instructions)

WiniGuard is a rogue antispyware program that uses scare tactics (display fake alerts and false positives) to trick you into buying the fake software and distributed through the use trojans.

During installation, WiniGuard configures itself to run automatically every time, when you start your computer. Once running, it will scan your computer and reports false or exaggerated system security threats on the computer that cannot be removed unless you first purchase the software.

While the WiniGuard is running you may see false security alerts says your computer is being attacted from Internet. These fake alerts may drastically slow the performance of your computer. Please ignore these alerts. Use the instructions below to remove WiniGuard and any associated malware from your computer for free.

Symptoms in a HijackThis Log.

O4 – HKLM\..\Run: [promo.exe] c:\windows\system32\promo.exe
O4 – HKLM\..\Run: [c:\windows\system32\cfrog.exe] c:\windows\system32\cfrog.exe
O4 – HKLM\..\Run: [c:\windows\system32\baloon.exe] c:\windows\system32\baloon.exe
O4 – HKLM\..\Run: [WiniGuard] “c:\program files\winiguard software\winiguard\WiniGuard.exe” -min

Use the following instructions to remove WiniGuard (Uninstall instructions).

• Download MalwareBytes Anti-malware (MBAM). Close all programs and Windows on your computer.
• Double Click mbam-setup.exe to install the application. When the installation begins, keep following the prompts in order to continue with the installation process. Do not make any changes to default settings and when the program has finished installing, make sure a checkmark is placed next to Update Malwarebytes’ Anti-Malware and Launch Malwarebytes’ Anti-Malware, then click Finish.
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select “Perform Quick Scan”, then click Scan.
• The scan may take some time to finish,so please be patient.
• When the scan is complete, click OK, then Show Results to view the results.
• Make sure that everything is checked, and click Remove Selected.
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.

Note: if you need help with the instructions, then post your questions in our Spyware Removal forum.

WiniGuard creates the following files and folders.

%programfiles%\WiniGuard\WiniGuard.exe
%programfiles%\WiniGuard\WiniGuard.url
%programfiles%\WiniGuard\uninst.exe
%programfiles%\WiniGuard\Lang
%programfiles%\WiniGuard\Lang\English.ini
%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch\WiniGuard 1.32.lnk
%UserProfile%\Desktop\WiniGuard.lnk
%UserProfile%\My Documents\WiniGuard
%UserProfile%\My Documents\WiniGuard\SDBHO.dll
%UserProfile%\My Documents\WiniGuard\sdcfg.dat
%UserProfile%\My Documents\WiniGuard\Logs
%UserProfile%\My Documents\WiniGuard\Quarantine
%UserProfile%\Start Menu\Programs\WiniGuard
%UserProfile%\Start Menu\WiniGuard 1.32.lnk
%UserProfile%\Start Menu\Programs\WiniGuard\WiniGuard 1.32.lnk
%UserProfile%\Start Menu\Programs\WiniGuard\WiniGuard Website.lnk
%programfiles%\WiniGuard
%programfiles%\WiniGuard\blacklist.txt
%programfiles%\WiniGuard\msvcp71.dll
%programfiles%\WiniGuard\msvcr71.dll
%programfiles%\WiniGuard\sdev.sgn