Threat Database Rogue Anti-Spyware Program Windows Additional Guard

Windows Additional Guard

Windows Additional Guard is a rogue anti-spyware application originating from the same family as Ultimate System Guard, Windows Guard Pro, Malware Catcher and Windows Protection Suite. Due to affiliated trojans infiltrating the computer via security exploits, Windows Additional Guard is installed onto the system and from there, begins launching various fake security alerts. Along with the fictitious and sometimes grossly exaggerated infection reports supplied by the counterfeit system scans, these tactics ensure the user is intimidated enough into purchasing the fake spyware remover Windows Additional Guard in order to combat these non-existent threats.

File System Details

Windows Additional Guard creates the following file(s):
# File Name Detections
1. %Documents and Settings%\All Users\Application Data\345d567\WI345d.exe N/A
2. %UserProfile%\Recent\energy.dll N/A
3. %UserProfile%\Recent\FS.dll N/A
4. %Documents and Settings%\All Users\Application Data\345d567\sqlite3.dll N/A
5. %UserProfile%\Recent\ddv.dll N/A
6. %UserProfile%\Recent\exec.exe N/A
7. %UserProfile%\Recent\tjd.sys N/A
8. %Documents and Settings%\All Users\Application Data\345d567\mozcrt19.dll N/A
9. %UserProfile%\Recent\cb.exe N/A
10. %UserProfile%\Recent\energy.sys N/A
11. %UserProfile%\Recent\ppal.exe N/A
12. %Documents and Settings%\All Users\Application Data\345d567\WINAGSys N/A
13. %Documents and Settings%\All Users\Application Data\WINAGSys\winag.cfg N/A
14. %UserProfile%\Application Data\Windows Additional Guard\cookies.sqlite N/A
15. %UserProfile%\Recent\CLSV.tmp N/A
16. %UserProfile%\Recent\PE.drv N/A
17. %UserProfile%\Start Menu\Programs\Windows Additional Guard.lnk N/A
18. %Documents and Settings%\All Users\Application Data\345d567\578.mof N/A
19. %Documents and Settings%\All Users\Application Data\WINAGSys N/A
20. %UserProfile%\Application Data\Windows Additional Guard N/A
21. %UserProfile%\Recent\ANTIGEN.tmp N/A
22. %UserProfile%\Recent\fan.drv N/A
23. %UserProfile%\Start Menu\Windows Additional Guard.lnk N/A
24. %Documents and Settings%\All Users\Application Data\345d567 N/A
25. %Documents and Settings%\All Users\Application Data\345d567\WINAGSys\vd952342.bd N/A
26. %UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Additional Guard.lnk N/A
27. %UserProfile%\Desktop\Windows Additional Guard.lnk N/A
28. %UserProfile%\Recent\dudl.drv N/A
29. %UserProfile%\Recent\SICKBOY.tmp N/A
30. %Program Files%\Mozilla Firefox\searchplugins\search.xml N/A

Registry Details

Windows Additional Guard creates the following registry entry or registry entries:
HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes "URL" => http://search-gala.com/?&uid=7&q={searchTerms}
HKEY_CLASSES_ROOT\WI345d.DocHostUIHandler
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "Windows Additional Guard"
HKEY_CLASSES_ROOT\CLSID\{3F2BBC05-40DF-11D2-9455-00104BC936FF}
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform "967907703"

Related Posts

Trending

Most Viewed

Loading...