English 
Deutsch
Español
Français
Portuguese
Additional Guard Additional Guard
By
Sumo3000 in Rogue Anti-Spyware Program |
0 views
(2 votes, average: 4.50 out of 5)
Loading ...
Additional Guard Description
Additional Guard is a rogue anti-spyware program. Additional Guard is known as a deceiving application in the way that it is able to display misleading parasite threat notifications. In addition to the popup messages that Additional Guard fabricates, it attempts to scan the system that it is installed on only to return fake parasite results.
Additional Guard uses these extortion tactics to get you to ultimately purchase the full version of Additional Guard which is incapable of detecting or removing computer parasites. It is imperative that Additional Guard be removed the instant that it is detected so that you may prevent further damage to your computer.
Type: Rogue AntiSpyware Programs
How Can You Detect Additional Guard?
Additional Guard Technical Report
As new Additional Guard details are reported by our customers and findings from our Threat Research Center, we will update this section.
The following Additional Guard files with its MD5s were created in the system:
| File Name | File Size | MD5 |
|---|
| WI7177.exe | 2260992 | 9458cea660b8be5c987a4217db8f3713 |
| xp_5067e[1].exe | 2095616 | 350904386150d8c1adf817b0a48cf744 |
| WIe8cf.exe | 2257408 | f6ca7cbe83a25c529feb14180b30cb01 |
| WIfb96.exe | 2096640 | 29900aac0ace4fbd8bfdad78b9846c23 |
| WI98fe.exe | 2081280 | 8ef51040acff98d01c201171e63a8264 |
| WI4354.exe | 2081792 | 1cf883c2c8ac19da43d157e4743cf8c3 |
| WI3a76.exe | 2084864 | 1ce5fceb8cec157a56c480f530992cc3 |
| WIb95f.exe | 1910784 | 87ad7e77cd3ea018b14f9e7d9930f899 |
| WIca35.exe | 2260992 | 6b7f5042a0fc8848975da519899357f1 |
| WI9ef4.exe | 1937408 | 48ce1d90dd96fa1123cfd9c96cccc35c |
| WI9c8d.exe | 1914368 | 0b98a7d49267c0a3fbef21e364eb1351 |
| WIe27e.exe | 1946624 | 04d8cd880660277c34b25166a3b6cd7e |
Additional Guard has typically the following processes in memory:
- %UserProfile%\Application Data\2565da61\sqlite3.dll
- %UserProfile%\Recent\energy.dll
- %UserProfile%\Recent\FS.dll
- c:\Documents and Settings\All Users\Application Data\117fc\WI339.exe
- %UserProfile%\Recent\cid.dll
- %UserProfile%\Recent\PE.sys
- %UserProfile%\Application Data\2565da61\mozcrt19.dll
- %UserProfile%\Recent\ddv.dll
- %UserProfile%\Recent\exec.exe
- %UserProfile%\Recent\tjd.sys
- c:\Documents and Settings\All Users\Application Data\117fc\sqlite3.dll
- %UserProfile%\Recent\FS.exe
- %UserProfile%\Application Data\2565da61\AG345d.exe
- %UserProfile%\Recent\cb.exe
- %UserProfile%\Recent\energy.sys
- %UserProfile%\Recent\ppal.exe
- c:\Documents and Settings\All Users\Application Data\117fc\mozcrt19.dll
- %UserProfile%\Recent\eb.exe
Additional Guard created the following directories, files, paths:
- %AppData%\Additional Guard
Additional Guard creates the following registry entries:
- HKEY_CURRENT_USER\Software\Classes\Software\Microsoft\Internet Explorer\SearchScopes “URL” = “http://search-gala.com/?&uid=220&q={searchTerms}”
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run “Additional Guard”
- HKEY_CLASSES_ROOT\xp_7a9be.DocHostUIHandler
- HKEY_CLASSES_ROOT\Software\Microsoft\Internet Explorer\SearchScopes “URL” = “http://search-gala.com/?&uid=220&q={searchTerms}”
- HKEY_CLASSES_ROOT\CLSID\{3F2BBC05-40DF-11D2-9455-00104BC936FF}
- HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download “RunInvalidSignatures” = “1?
Important Article Disclaimer
