Windows Software Guard

Threat Scorecard

Threat Level: 100 % (High)
Infected Computers: 5
First Seen: February 10, 2011
Last Seen: January 8, 2020
OS(es) Affected: Windows

Windows Software Guard Image

If you know malware, then Windows Software Guard should look awfully familiar. It is just the next iteration in a line of rogue security programs that all look exactly the same, and behave exactly the same. Windows Software Guard is, with the exception of its name, identical to Windows Software Protection, Windows Safety Protection, Windows Health Center, and countless other scams from the same group of people in Russia. These things just get re-named periodically, in an attempt to avoid suspicion. Make no mistake – Windows Software Guard is a parasite, like all the rest.

 

Windows Software Guard’s Familiar Infection Pattern

The symptoms of Windows Software Guard are nothing new. Once the malware is downloaded and installed (with its own fake installation wizard), it will set itself up to run when Windows starts by altering the registry. On startup, Windows Software Guard may prevent you from even seeing the desktop, and instead it will display its own fake user interface screen, which will run a fake system scan. This scan will always generate a list of results, which Windows Software Guard will warn that it cannot remove unless you purchase a license for the phony software.

Although it is possible to access the desktop once the fake scan has finished, Windows Software Guard will prevent you from using your computer in most ways. Windows Software Guard will prevent you from opening Task Manager, it will tell you that your ordinary programs are infected, and it will give you warning messages that claim that Firefox is a keylogger. The alerts and error messages are very frequent; also, aside from the crazy claims about the software on your system, it will claim that there are serious problems with the lsass.exe service and that there are registry errors that might suggest tampering. (That's true, but only because Windows Software Guard alters the registry!)

 

How Windows Software Guard Relies on a Trojan

The most common mode of infection for rogue anti-virus programs in the family of Windows Software Guard is by way of a Trojan, which is usually called the Microsoft Security Essentials Trojan. This Trojan is hidden in various places online, especially in fake video codecs and plugin updates, so that you will download it without knowing it. The next thing that happens is you start seeing alerts popping up from the system tray, and these alerts look as if they're coming from Microsoft Security Essentials. They will always claim that some sort of horrible threat has been detected by MSE, and then say that a "recommended" piece of software has been found and is available for download. If you decide to download this bogus recommended software, you are downloading Windows Software Guard. Windows Software Guard isn't capable of performing any security functions, and, furthermore, Microsoft Security Essentials would never promote a download in the way that the Trojan does.

There are reported cases of the Windows Software Guard parasite infecting systems as a worm, and replicating itself across computers, and reports of the malware being downloaded during a "free online scan" at a malicious site which claims to have the goal of removing viruses from your computer. However, it appears to be the case that these modes of infection are far less common than infection by way of the Microsoft Security Essentials Trojan.

What is Windows Software Guard’s Intention?

Windows Software Guard will constantly prompt you to pay for its software – in a licensed or full version. There really is a payment site, where the con-artists behind this malware will gladly charge your credit card and then do absolutely nothing in return. Windows Software Guard is incapable of getting any better, gaining capability, or being unlocked, because it is fake from the beginning. Instead of paying for it, remove it!ScreenshotScreenshotScreenshotScreenshotScreenshotScreenshotScreenshotScreenshotScreenshotScreenshotScreenshotScreenshotScreenshotScreenshotScreenshotScreenshotScreenshotScreenshotScreenshotScreenshotScreenshot

SpyHunter Detects & Remove Windows Software Guard

File System Details

Windows Software Guard may create the following file(s):
# File Name MD5 Detections
1. ambeea.exe cc726c0602fd7e2674e68d1a7849ff2e 2

Trending

Most Viewed

Loading...