Security Guard Removal Report

Security Guard

No Comments

By Sumo3000 in Rogue Anti-Spyware Program | 151 views

Rate it:

(No Ratings Yet)

Loading ...

Translate To:

Español |

Português

Security Guard Description

Security Guard is a fake anti-spyware program that is known to be a clone of the rogue application called Cleanup Antivirus. Both of these programs uses illicit actions to pursued computer users into the purchase of the full application in hopes that it would magically detect and remove the parasites that Security Guard finds on system scans.

Not only are the parasites found on Security Guard system scan list bogus, but system scanning does not actually take place. SecurityGuard has one major objective of deceiving computer users to the point that they mistakenly purchase the full version of Security Guard which ultimately is a waste of money. Security Guard does not have the capability of detecting or removing any type of legitimate computer parasite including spyware, malware, viruses and Trojans.

Type: Rogue AntiSpyware Programs

How Can You Detect Security Guard?

Download SpyHunter’s Detection Scanner
to Detect Security Guard.

Security Guard Technical Report

As new Security Guard details are reported by our customers and findings from our Threat Research Center, we will update this section.

The following Security Guard files with its MD5s were created in the system:

File Name	File Size	MD5

SGdccb.exe	2327552	25ee5ae0cf86d2c90fff091be922c488
xp_7dfc7[1].exe	2327552	25ee5ae0cf86d2c90fff091be922c488

Security Guard has typically the following processes in memory:

C:\Documents and Settings\All Users\Application Data\345d567\sqlite3.dll
%UserProfile%\Recent\cid.dll
%UserProfile%\Recent\energy.exe
%UserProfile%\Recent\kernel32.exe
C:\Documents and Settings\All Users\Application Data\345d567\SG345d.exe
%UserProfile%\Recent\cb.exe
%UserProfile%\Recent\eb.dll
%UserProfile%\Recent\grid.exe
C:\Documents and Settings\All Users\Application Data\345d567\mozcrt19.dll
%UserProfile%\Recent\ANTIGEN.sys
%UserProfile%\Recent\ddv.sys
%UserProfile%\Recent\exec.exe
%UserProfile%\Recent\SICKBOY.exe

Security Guard created the following directories, files, paths:

%AppData%\Security Guard

Security Guard creates the following registry entries:

HKEY_CURRENT_USER\Software\Classes\Software\Microsoft\Internet Explorer\SearchScopes “URL” = “http://findgala.com/?&uid=1002&q={searchTerms}”
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform “layout/2.01002″
HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes “URL” = “http://findgala.com/?&uid=1002&q={searchTerms}”
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download “RunInvalidSignatures” = “1″
HKEY_CLASSES_ROOT\Software\Microsoft\Internet Explorer\SearchScopes “URL” = http://findgala.com/?&uid=1002&q={searchTerms}
HKEY_CLASSES_ROOT\SG345d.DocHostUIHandler
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer “PRS” = “http://127.0.0.1:27777/?inj=%ORIGINAL%”
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “Security Guard”

Important Article Disclaimer

Share and Enjoy: These icons link to social bookmarking sites where readers can share and discover new web pages.

This entry was posted on 03/18/10 and is filed under Rogue Anti-Spyware Program. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

Note: Abusive comments are not allowed. Please do not post comments regarding technical support issues. ESG customers that have issues with SpyHunter should open a customer support ticket.