Internet Security Guard

Internet Security Guard Description

Type: Rogue AntiSpyware Programs

ScreenshotAccording to ESG security researchers, Internet Security Guard is a fake antispyware application that belongs to a large family of rogue security programs, the FakeScanti family. If your computer system has become infected with Internet Security Guard, it is essential that you remove Internet Security Guard with the use of a legitimate anti-malware application. Failure to remove Internet Security Guard puts you at risk for additional malware infections and increases the risk that your credit card number or online accounts may be compromised.

Some fake anti-virus programs that are known clones of Internet Security Guard include Security Guard, Sysinternals Antivirus, Wireshark Antivirus, Milestone Antivirus, BlueFlare Antivirus, WolfRam AntiVirus, OpenCloud Antivirus, OpenCloud Security, Data Restore, OpenCloud AV, Security Guard 2012, AV Guard Online, Guard Online, Cloud Protection, AV Protection Online, System Protection 2012, AV Security 2012, Sphere Security 2012, AV Protection 2011, Super AV 2013.
 

Dealing With an Internet Security Guard Infection

The main tactic that Internet Security Guard uses in order to attack its victims is displaying constant fake security alerts and error messages. These are meant to cause panic and to urge the victim to register Internet Security Guard by purchasing a registration code in order to 'unlock' Internet Security Guard's full features. However, ESG security researchers advise against paying for Internet Security Guard in any way. Internet Security Guard has absolutely no anti-virus capabilities. In fact, this dangerous application is made up of little more than its showy interface (designed to mimic Windows Security Center) and a handful of malicious scripts and Trojans designed to wreak havoc on the victim's computer system. ESG security researchers recommend following these guidelines in order to deal with an Internet Security Guard infection more effectively:

  • Internet Security Guard will often be accompanied with a Trojan infection designed to detect and overwrite any security software on the victim's computer, effectively disabling the victim's security software. Therefore, it may be a prerequisite to download or reinstall your anti-virus application or run it from an external drive.
  • Internet Security Guard is designed to display error messages whenever the victim attempts to access files or connect to the Internet. Entering a registration code can help ameliorate these symptoms. Anyhow, it should be mentioned that the registration code will not stop an Internet Security Guard infection but simply relieve some of its most annoying symptoms. ESG security analysts have provided the following registration codes: K7LY-H4KA-SI9D-U2FD, U2FD-S2LA-H4KA-UEPB and K7LY-R5GU-SI9D-EVFB.
  • Because Internet Security Guard can start up automatically when you start up Windows, it may be necessary to start up in Safe Mode before removal can be carried out.

ScreenshotScreenshotScreenshotScreenshotScreenshotScreenshotScreenshot

Technical Information

Screenshots & Other Imagery

Internet Security Guard Video

Tip: Turn your sound ON and watch the video in Full Screen mode.

File System Details

Internet Security Guard creates the following file(s):
# File Name Detection Count
1 %CommonAppData%\[RANDOM CHARACTERS]\[RANDOM CHARACTERS].exe N/A
2 %UserProfile%\Recent\gid.dll N/A
3 %UserProfile%\Recent\ANTIGEN.exe N/A
4 %UserProfile%\Recent\fan.sys N/A
5 %UserProfile%\Recent\ppal.sys N/A
6 %AppData%\Internet Security Guard\ScanDisk_.exe N/A
7 %UserProfile%\Recent\CLSV.dll N/A
8 %UserProfile%\Recent\SM.dll N/A
9 %UserProfile%\Recent\fix.sys N/A
10 %UserProfile%\Recent\sld.sys N/A
11 scandsk107d_8027.exe N/A
12 %CommonAppData%\79b35\ISa76.exe N/A
13 %UserProfile%\Recent\eb.dll N/A
14 %UserProfile%\Recent\energy.exe N/A
15 %UserProfile%\Recent\PE.exe N/A
16 %UserProfile%\Recent\SM.exe N/A
17 %Programs%\Internet Security Guard.lnk N/A
18 %CommonAppData%\[RANDOM CHARACTERS]\ISG.ico N/A
19 %AppData%\Internet Security Guard\cookies.sqlite N/A
20 %CommonAppData%\ISEUG\ N/A
21 %UserProfile%\Recent\energy.tmp N/A
22 %UserProfile%\Recent\tjd.tmp N/A
23 %UserProfile%\Start Menu\Internet Security Guard.lnk N/A
24 %StartMenu%\Internet Security Guard.lnk N/A
25 %Desktop%\Internet Security Guard.lnk N/A
26 %AppData%\Internet Security Guard\ N/A
27 %CommonAppData%\79b35\ISG.ico N/A
28 %UserProfile%\Recent\cb.drv N/A
29 %UserProfile%\Recent\snl2w.drv N/A
30 %UserProfile%\Desktop\Internet Security Guard.lnk N/A
31 %AppData%\Internet Security Guard\Instructions.ini N/A
32 %AppData%\Microsoft\Internet Explorer\Quick Launch\Internet Security Guard.lnk N/A
33 %CommonAppData%\[RANDOM CHARACTERS]\[RANDOM CHARACTERS].cfg N/A
34 %CommonAppData%\79b35\ N/A
35 %CommonAppData%\ISEUG\ISKIYFOAG.cfg N/A
36 %UserProfile%\Recent\FW.drv N/A
37 %UserProfile%\Recent\SICKBOY.tmp N/A
38 %UserProfile%\Start Menu\Programs\Internet Security Guard.lnk N/A

Registry Details

Internet Security Guard creates the following registry entry or registry entries:
Regexp file mask
%AllUsersProfile%\?????\IS[RANDOM CHARACTERS].exe
RegistryKey
HKEY_CLASSES_ROOT\IS9c5_8027.DocHostUIHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ackwin32.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\zapsetup3001.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\zatutor.exe
HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer "PRS" = "http://127.0.0.1:27777/?inj=%ORIGINAL%"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer "DisallowRun" = "1"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun "3" = "egui.exe"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun "6" = "avscan.exe"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun "9" = "avgtray.exe"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun "12" = "avgemc.exe"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun "15" = "avgwdsvc.exe"
HKEY_CLASSES_ROOT\Software\Microsoft\Internet Explorer\SearchScopes "URL" = "http://findgala.com/?&uid=8027&q={searchTerms}"
HKEY_CLASSES_ROOT\CLSID\{3F2BBC05-40DF-11D2-9455-00104BC936FF}
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\adaware.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\McSACore.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\zonealarm.exe
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download "RunInvalidSignatures" = "1"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform "feed/7.1.08027"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun "1" = "MSASCui.exe"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun "5" = "avcenter.exe"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun "8" = "avgui.exe"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun "11" = "avgcfgex.exe"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun "14" = "avgcmgr.exe"
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download "CheckExeSignatures" = "no"
HKEY_CURRENT_USER\CurrentVersion\Run "Internet Security Guard" "%CommonAppData%\[RANDOM CHARACTERS]\[RANDOM CHARACTERS].exe" /s /d
HKEY_CURRENT_USER\Software\3
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\_avp32.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\av360.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\zonalm2601.exe
HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes "URL" = "http://findgala.com/?&uid=8027&q={searchTerms}"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform "879905773703"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun "0" = "msseces.exe"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun "4" = "avgnt.exe"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun "7" = "avgfrw.exe"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun "10" = "avgscanx.exe"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun "13" = "avgchsvx.exe"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "Internet Security Guard"

More Details on Internet Security Guard

The following URL's were found:
Tip: We recommend blocking the domain names as well as the IP addresses associated with them.
  • save-secure.com
  • securityearth.net
  • www5.internet-security-guard.com
The following messages associated with Internet Security Guard were found:
Address space conflict
Warning! Access conflict detected
An unidentified program is trying to access system process address space.
Memory access problem
WindowsErrorForm has encountered a problem at address 0x1FC408.
We are sorry for the inconvenience.
System Message
Your PC may still be infected with dangerous viruses. Internet Security Guard protection is needed to prevent data loss and avoid theft of your personal data and credit card details. Click here to activate protection.

Site Disclaimer

Enigmasoftware.com is not associated, affiliated, sponsored or owned by the malware creators or distributors mentioned on this article. This article should NOT be mistaken or confused in being associated in any way with the promotion or endorsement of malware. Our intent is to provide information that will educate computer users on how to detect, and ultimately remove, malware from their computer with the help of SpyHunter and/or manual removal instructions provided on this article.

This article is provided "as is" and to be used for educational information purposes only. By following any instructions on this article, you agree to be bound by the disclaimer. We make no guarantees that this article will help you completely remove the malware threats on your computer. Spyware changes regularly; therefore, it is difficult to fully clean an infected machine through manual means.