Sysguard2010.microsoft.com
Sysguard2010.microsoft.com or Sysguard2010.com is an illegitimate website that maliciously advertises the rogueware Antivirus System PRO. Sysguard2010.microsoft.com enters victims' computers through Trojans that are able to modify the Hosts file. The Trojan will ensure that the victim is frequently redirected to Sysguard2010.microsoft.com. Sysguard2010.microsoft.com looks like an Internet Explorer warning page claiming that the user has been browsing a dangerous website. The warning page also comes with a recommendation to purchase Antivirus System PRO in order to continue browsing. Sysguard2010.microsoft.com is a misleading website and Antivirus System PRO is a useless program that should be removed.
File System Details
Sysguard2010.microsoft.com may create the following file(s):
| # | File Name |
Detections
Detections: The number of confirmed and suspected cases of a particular threat detected on
infected computers as reported by SpyHunter.
|
|---|---|---|
| 1. | c:\WINDOWS\system32\iehelper.dll | |
| 2. | %ProgramFiles%\Antivirus System PRO\quarantine.vdb | |
| 3. | %ProgramFiles%\Antivirus System PRO\mbase.vdb | |
| 4. | %ProgramFiles%\Antivirus System PRO\conf.cfg | |
| 5. | %ProgramFiles%\Antivirus System PRO\queue.vdb |
Registry Details
Sysguard2010.microsoft.com may create the following registry entry or registry entries:
HKEY_LOCAL_MACHINE\SOFTWARE\Antivirus System PRO
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad “ieModule”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BAD4551D-9B24-42cb-9BCD-818CA2DA7B63}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run “Antivirus System PRO”
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “system tool”
HKEY_CLASSES_ROOT\CLSID\{BAD4551D-9B24-42cb-9BCD-818CA2DA7B63}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Antivirus System PRO
HKEY_CURRENT_USER\Software\AvScan
