Windows Additional Guard Description

Windows Additional Guard is a rogue anti-spyware application originating from the same family as Ultimate System Guard, Windows Guard Pro, Malware Catcher and Windows Protection Suite. Due to affiliated trojans infiltrating the computer via security exploits, Windows Additional Guard is installed onto the system and from there, begins launching various fake security alerts. Along with the fictitious and sometimes grossly exaggerated infection reports supplied by the counterfeit system scans, these tactics ensure the user is intimidated enough into purchasing the fake spyware remover Windows Additional Guard in order to combat these non-existent threats.

Type: Rogue AntiSpyware Programs

How Can You Detect Windows Additional Guard?

Windows Additional Guard has typically the following processes in memory:

• %Documents and Settings%\All Users\Application Data\345d567\WI345d.exe
• %UserProfile%\Recent\energy.dll
• %UserProfile%\Recent\FS.dll
• %Documents and Settings%\All Users\Application Data\345d567\sqlite3.dll
• %UserProfile%\Recent\ddv.dll
• %UserProfile%\Recent\exec.exe
• %UserProfile%\Recent\tjd.sys
• %Documents and Settings%\All Users\Application Data\345d567\mozcrt19.dll
• %UserProfile%\Recent\cb.exe
• %UserProfile%\Recent\energy.sys
• %UserProfile%\Recent\ppal.exe

Windows Additional Guard creates the following registry entries:

• HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes “URL” => http://search-gala.com/?&uid=7&q={searchTerms}
• HKEY_CLASSES_ROOT\WI345d.DocHostUIHandler
• HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “Windows Additional Guard”
• HKEY_CLASSES_ROOT\CLSID\{3F2BBC05-40DF-11D2-9455-00104BC936FF}
• HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform “967907703″

Important Article Disclaimer