Guardpe.com

By GoldSparrow in Browser Hijackers

Guardpe.com is a malicious website known to promote the rogue application called Antivirus Scan. Guardpe.com will hijack a victim's browser to ensure that the user is redirected to it each time he/she attempts to surf the internet. Once Guardpe.com has infected a system it may also block a victim's access to certain security software on the machine. Guardpe.com and Antivirus Scan are both malicious entities that should be removed with an effective anti-spyware application upon detection.

File System Details

Guardpe.com may create the following file(s):
# File Name Detections
1. %Temp%\[random]\[random].exe
2. %Temp%\[random]\

Registry Details

Guardpe.com may create the following registry entry or registry entries:
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\PhishingFilter "Enabled" = '0'
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "ProxyEnable" = '1'
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download "CheckExeSignatures" = 'no'
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download "RunInvalidSignatures" = '1'
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "ProxyServer" = 'http=127.0.0.1:59274'
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "[random].exe"
HKEY_CURRENT_USER\Software\[random]
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "ProxyOverride" = "
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations "LowRiskFileTypes" = '.exe'

Trending

Most Viewed

Loading...