Winguard-2009.com
Winguard-2009.com is a rogue website that uses a browser hijacking Trojan to spread. Winguard-2009.com maliciously promotes the purchase of Antivirus System PRO - a fake security application. Winguard-2009.com uses a number of gimmicks to trick users into believing that their computers are infected with numerous parasites. Once the Trojan has entered a system, it will modify the hosts file to ensure that the victim is redirected to Winguard-2009.com. Winguard-2009.com will display a fake security warning page and present an option to purchase Antivirus System PRO. Do not fall for bogus warnings displayed on Winguard-2009.com. Antivirus System PRO is a malicious program that should not be purchased.
File System Details
Winguard-2009.com may create the following file(s):
| # | File Name |
Detections
Detections: The number of confirmed and suspected cases of a particular threat detected on
infected computers as reported by SpyHunter.
|
|---|---|---|
| 1. | %ProgramFiles%\Antivirus System PRO\uninstall.exe | |
| 2. | c:\WINDOWS\sysguard.exe | |
| 3. | %ProgramFiles%\Antivirus System PRO\Antivirussystempro.exe |
Registry Details
Winguard-2009.com may create the following registry entry or registry entries:
HKEY_LOCAL_MACHINE\SOFTWARE\Antivirus System PRO
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad "eModule"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BAD4551D-9B24-42cb-9BCD-818CA2DA7B63}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run �Antivirus System PRO�
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "system tool"
HKEY_CLASSES_ROOT\CLSID\{BAD4551D-9B24-42cb-9BCD-818CA2DA7B63}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Antivirus System PRO
HKEY_CURRENT_USER\Software\AvScan
