Winguard-2009.com Description

Winguard-2009.com is a rogue website that uses a browser hijacking Trojan to spread. Winguard-2009.com maliciously promotes the purchase of Antivirus System PRO – a fake security application. Winguard-2009.com uses a number of gimmicks to trick users into believing that their computers are infected with numerous parasites. Once the Trojan has entered a system, it will modify the hosts file to ensure that the victim is redirected to Winguard-2009.com. Winguard-2009.com will display a fake security warning page and present an option to purchase Antivirus System PRO. Do not fall for bogus warnings displayed on Winguard-2009.com. Antivirus System PRO is a malicious program that should not be purchased.

Type: Rogue Websites

How Can You Detect Winguard-2009.com?

Winguard-2009.com has typically the following processes in memory:

• %ProgramFiles%\Antivirus System PRO\uninstall.exe
• c:\WINDOWS\sysguard.exe
• %ProgramFiles%\Antivirus System PRO\Antivirussystempro.exe

Winguard-2009.com creates the following registry entries:

• HKEY_LOCAL_MACHINE\SOFTWARE\Antivirus System PRO
• HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad “eModule”
• HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BAD4551D-9B24-42cb-9BCD-818CA2DA7B63}
• HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run �Antivirus System PRO�
• HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “system tool”
• HKEY_CLASSES_ROOT\CLSID\{BAD4551D-9B24-42cb-9BCD-818CA2DA7B63}
• HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Antivirus System PRO
• HKEY_CURRENT_USER\Software\AvScan

Important Article Disclaimer