Windows Software Guard
Threat Scorecard
EnigmaSoft Threat Scorecard
EnigmaSoft Threat Scorecards are assessment reports for different malware threats which have been collected and analyzed by our research team. EnigmaSoft Threat Scorecards evaluate and rank threats using several metrics including real-world and potential risk factors, trends, frequency, prevalence, and persistence. EnigmaSoft Threat Scorecards are updated regularly based on our research data and metrics and are useful for a wide range of computer users, from end users seeking solutions to remove malware from their systems to security experts analyzing threats.
EnigmaSoft Threat Scorecards display a variety of useful information, including:
Ranking: The ranking of a particular threat in EnigmaSoft’s Threat Database.
Severity Level: The determined severity level of an object, represented numerically, based on our risk modeling process and research, as explained in our Threat Assessment Criteria.
Infected Computers: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
See also Threat Assessment Criteria.
Threat Level: | 100 % (High) |
Infected Computers: | 5 |
First Seen: | February 10, 2011 |
Last Seen: | January 8, 2020 |
OS(es) Affected: | Windows |
If you know malware, then Windows Software Guard should look awfully familiar. It is just the next iteration in a line of rogue security programs that all look exactly the same, and behave exactly the same. Windows Software Guard is, with the exception of its name, identical to Windows Software Protection, Windows Safety Protection, Windows Health Center, and countless other scams from the same group of people in Russia. These things just get re-named periodically, in an attempt to avoid suspicion. Make no mistake – Windows Software Guard is a parasite, like all the rest.
Table of Contents
Windows Software Guard’s Familiar Infection Pattern
The symptoms of Windows Software Guard are nothing new. Once the malware is downloaded and installed (with its own fake installation wizard), it will set itself up to run when Windows starts by altering the registry. On startup, Windows Software Guard may prevent you from even seeing the desktop, and instead it will display its own fake user interface screen, which will run a fake system scan. This scan will always generate a list of results, which Windows Software Guard will warn that it cannot remove unless you purchase a license for the phony software.
Although it is possible to access the desktop once the fake scan has finished, Windows Software Guard will prevent you from using your computer in most ways. Windows Software Guard will prevent you from opening Task Manager, it will tell you that your ordinary programs are infected, and it will give you warning messages that claim that Firefox is a keylogger. The alerts and error messages are very frequent; also, aside from the crazy claims about the software on your system, it will claim that there are serious problems with the lsass.exe service and that there are registry errors that might suggest tampering. (That's true, but only because Windows Software Guard alters the registry!)
How Windows Software Guard Relies on a Trojan
The most common mode of infection for rogue anti-virus programs in the family of Windows Software Guard is by way of a Trojan, which is usually called the Microsoft Security Essentials Trojan. This Trojan is hidden in various places online, especially in fake video codecs and plugin updates, so that you will download it without knowing it. The next thing that happens is you start seeing alerts popping up from the system tray, and these alerts look as if they're coming from Microsoft Security Essentials. They will always claim that some sort of horrible threat has been detected by MSE, and then say that a "recommended" piece of software has been found and is available for download. If you decide to download this bogus recommended software, you are downloading Windows Software Guard. Windows Software Guard isn't capable of performing any security functions, and, furthermore, Microsoft Security Essentials would never promote a download in the way that the Trojan does.
There are reported cases of the Windows Software Guard parasite infecting systems as a worm, and replicating itself across computers, and reports of the malware being downloaded during a "free online scan" at a malicious site which claims to have the goal of removing viruses from your computer. However, it appears to be the case that these modes of infection are far less common than infection by way of the Microsoft Security Essentials Trojan.
What is Windows Software Guard’s Intention?
Windows Software Guard will constantly prompt you to pay for its software – in a licensed or full version. There really is a payment site, where the con-artists behind this malware will gladly charge your credit card and then do absolutely nothing in return. Windows Software Guard is incapable of getting any better, gaining capability, or being unlocked, because it is fake from the beginning. Instead of paying for it, remove it!
SpyHunter Detects & Remove Windows Software Guard
File System Details
# | File Name | MD5 |
Detections
Detections: The number of confirmed and suspected cases of a particular threat detected on
infected computers as reported by SpyHunter.
|
---|---|---|---|
1. | ambeea.exe | cc726c0602fd7e2674e68d1a7849ff2e | 2 |
Submit Comment
Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.