System Guard 2009 Description

System Guard 2009, SystemGuard2009, SystemGuard 2009 or System Guard2009, is a rogue anti-spyware program usually installed on the user’s computer system by a Trojan or through other dubious mechanisms. System Guard 2009 infects users without their knowledge and permission and will attempt to trick the user into buying the full System Guard 2009 version of the program. System Guard 2009’s common tactics to persuade the user may be bogus system notifications or fake security alerts stating that the computer is infected with a large amount of spyware. System Guard 2009 will state that in order to remove the supposed threats the user should purchase the commercial version.

System Guard 2009 may also emulate a computer system scan and list supposed spyware infections as a result. However, these resulting entries are created by System Guard 2009 itself to make the user believe System Guard 2009’s scanner has detected actual threats.

System Guard 2009’s popup messages and scan results may redirect you to System Guard 2009’s website (SystemGuard2009.net) to further purchase System Guard 2009’s commercial version. System Guard 2009 may also cause various programs, such as Word and Excel, to suddenly interrupt their run without saving data. System Guard 2009 is a threat to the user’s personal and financial data. System Guard 2009 is a threat and should be removed without hesitation.

Type: Rogue AntiSpyware Programs

How Can You Detect System Guard 2009?

System Guard 2009 Technical Report

As new System Guard 2009 details are reported by our customers and findings from our Threat Research Center, we will update this section.

The following System Guard 2009 files with its MD5s were created in the system:

System Guard 2009 has typically the following processes in memory:

• c:\Documents and Settings\All Users\Application Data\winlogon.exe
• c:\Documents and Settings\All Users\Application Data\Microsoft\Network\DLLs\moduleie.dll
• c:\WINDOWS\system32\winscenter.exe
• c:\WINDOWS\reged.exe
• c:\WINDOWS\vmreg.dll
• %ALLUSERSPROFILE%\application data\microsoft\network\dlls\iemodule.dll
• %ALLUSERSPROFILE%\application data\microsoft\network\dlls\moduleie.dll
• %ALLUSERSPROFILE%\application data\microsoft\internet explorer\dlls\moduleie.dll
• %ALLUSERSPROFILE%\application data\microsoft\network\dlls\ndamqohbzv.dll
• %ALLUSERSPROFILE%\application data\microsoft\network\dlls\pheauarqzb.dll
• %ALLUSERSPROFILE%\application data\microsoft\network\dlls\zhqbmeuqai.dll
• %ALLUSERSPROFILE%\application data\microsoft\network\dlls\qvovoghiyx.dll
• %ALLUSERSPROFILE%\application data\microsoft\network\dlls\czltvtkkox.dll
• %ALLUSERSPROFILE%\application data\microsoft\network\dlls\nqhjazmauc.dll
• %ALLUSERSPROFILE%\application data\microsoft\network\dlls\mmriunwlaw.dll
• c:\Program Files\System Guard 2009\uninstall.exe
• c:\Documents and Settings\All Users\Application Data\Microsoft\Network\track.sys
• c:\Documents and Settings\All Users\Application Data\Microsoft\Network\DLLs\ieModule.dll
• c:\WINDOWS\syscert.exe
• c:\WINDOWS\sysexplorer.exe
• %SYSTEMROOT%\system32\winscenter.exe
• %ALLUSERSPROFILE%\application data\microsoft\network\dlls\mqhkcnqxvg.dll
• %ALLUSERSPROFILE%\application data\microsoft\internet explorer\dlls\undeiimrfx.dll
• %ALLUSERSPROFILE%\application data\microsoft\network\dlls\zdbwchlcag.dll
• %ALLUSERSPROFILE%\application data\microsoft\network\dlls\hditohpcyc.dll
• %ALLUSERSPROFILE%\application data\microsoft\network\dlls\jxwwldgtxf.dll
• %ALLUSERSPROFILE%\application data\microsoft\network\dlls\fnypjxnzek.dll
• %ALLUSERSPROFILE%\application data\microsoft\network\dlls\jykgxumxkk.dll
• %ALLUSERSPROFILE%\application data\microsoft\network\dlls\waqqhmkjpz.dll
• %ALLUSERSPROFILE%\application data\microsoft\network\dlls\wqfsnodfub.dll
• c:\Program Files\System Guard 2009\systemguard.exe
• c:\Documents and Settings\All Users\Application Data\Microsoft\Network\svchost.exe
• c:\Documents and Settings\All Users\Application Data\Microsoft\Network\DLLs\eewhptdpyl.dll
• c:\WINDOWS\sys.com
• c:\WINDOWS\spoolsystem.exe
• %PROGRAMFILES%\System Guard 2009\systemguard.exe
• %ALLUSERSPROFILE%\application data\microsoft\network\dlls\uqmgwcdcve.dll
• %ALLUSERSPROFILE%\application data\microsoft\internet explorer\dlls\iemodule.dll
• SystemGuard2009.exe
• %ALLUSERSPROFILE%\application data\microsoft\network\dlls\ikpxrsbnnq.dll
• %ALLUSERSPROFILE%\application data\microsoft\network\dlls\hafjrwkdjg.dll
• %ALLUSERSPROFILE%\application data\microsoft\network\dlls\qxpvjgihuv.dll
• %ALLUSERSPROFILE%\application data\microsoft\network\dlls\fejopjgulu.dll
• %ALLUSERSPROFILE%\application data\microsoft\network\dlls\udunjexmim.dll
• SystemGuard2009[1].exe
• %ALLUSERSPROFILE%\application data\microsoft\network\dlls\pvlhlemfts.dll

System Guard 2009 created the following directories, files, paths:

• %ProgramFiles%\System Guard 2009

System Guard 2009 creates the following registry entries:

• HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\System Guard 2009
• HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad “ieModule”
• HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet
• HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad “InternetConnection”
• HKEY_CLASSES_ROOT\CLSID\{AB6DAA8C-F726-4FDD-8B06-9537C5878612}
• HKEY_LOCAL_MACHINE\SOFTWARE\System Guard 2009
• HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run “systemguard”
• HKEY_CLASSES_ROOT\CLSID\{77C96E10-FDA7-4AA7-B318-0631C0D27DBB}

Important Article Disclaimer