Windows Additional Guard
Windows Additional Guard is a rogue anti-spyware application originating from the same family as Ultimate System Guard, Windows Guard Pro, Malware Catcher and Windows Protection Suite. Due to affiliated trojans infiltrating the computer via security exploits, Windows Additional Guard is installed onto the system and from there, begins launching various fake security alerts. Along with the fictitious and sometimes grossly exaggerated infection reports supplied by the counterfeit system scans, these tactics ensure the user is intimidated enough into purchasing the fake spyware remover Windows Additional Guard in order to combat these non-existent threats.
File System Details
Windows Additional Guard may create the following file(s):
| # | File Name |
Detections
Detections: The number of confirmed and suspected cases of a particular threat detected on
infected computers as reported by SpyHunter.
|
|---|---|---|
| 1. | %Documents and Settings%\All Users\Application Data\345d567\WI345d.exe | |
| 2. | %UserProfile%\Recent\energy.dll | |
| 3. | %UserProfile%\Recent\FS.dll | |
| 4. | %Documents and Settings%\All Users\Application Data\345d567\sqlite3.dll | |
| 5. | %UserProfile%\Recent\ddv.dll | |
| 6. | %UserProfile%\Recent\exec.exe | |
| 7. | %UserProfile%\Recent\tjd.sys | |
| 8. | %Documents and Settings%\All Users\Application Data\345d567\mozcrt19.dll | |
| 9. | %UserProfile%\Recent\cb.exe | |
| 10. | %UserProfile%\Recent\energy.sys | |
| 11. | %UserProfile%\Recent\ppal.exe | |
| 12. | %Documents and Settings%\All Users\Application Data\345d567\WINAGSys | |
| 13. | %Documents and Settings%\All Users\Application Data\WINAGSys\winag.cfg | |
| 14. | %UserProfile%\Application Data\Windows Additional Guard\cookies.sqlite | |
| 15. | %UserProfile%\Recent\CLSV.tmp | |
| 16. | %UserProfile%\Recent\PE.drv | |
| 17. | %UserProfile%\Start Menu\Programs\Windows Additional Guard.lnk | |
| 18. | %Documents and Settings%\All Users\Application Data\345d567\578.mof | |
| 19. | %Documents and Settings%\All Users\Application Data\WINAGSys | |
| 20. | %UserProfile%\Application Data\Windows Additional Guard | |
| 21. | %UserProfile%\Recent\ANTIGEN.tmp | |
| 22. | %UserProfile%\Recent\fan.drv | |
| 23. | %UserProfile%\Start Menu\Windows Additional Guard.lnk | |
| 24. | %Documents and Settings%\All Users\Application Data\345d567 | |
| 25. | %Documents and Settings%\All Users\Application Data\345d567\WINAGSys\vd952342.bd | |
| 26. | %UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Additional Guard.lnk | |
| 27. | %UserProfile%\Desktop\Windows Additional Guard.lnk | |
| 28. | %UserProfile%\Recent\dudl.drv | |
| 29. | %UserProfile%\Recent\SICKBOY.tmp | |
| 30. | %Program Files%\Mozilla Firefox\searchplugins\search.xml |
Registry Details
Windows Additional Guard may create the following registry entry or registry entries:
HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes "URL" => http://search-gala.com/?&uid=7&q={searchTerms}
HKEY_CLASSES_ROOT\WI345d.DocHostUIHandler
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "Windows Additional Guard"
HKEY_CLASSES_ROOT\CLSID\{3F2BBC05-40DF-11D2-9455-00104BC936FF}
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform "967907703"
