Win-guard2009.microsoft.com
Win-guard2009.microsoft.com is a fake security webpage that advises potential victims to purchase Antivirus System PRO. Trojans assist in the spread of Win-guard2009.microsoft.com by modifying the browser settings of an infected PC, and redirecting searches to Win-guard2009.microsoft.com. Win-guard2009.microsoft.com may appear to display a legitimate IE warning but do not be fooled, it is fake. Antivirus System PRO is a rogue security application and Win-guard2009.microsoft.com is a misleading site that must be removed.
File System Details
Win-guard2009.microsoft.com may create the following file(s):
| # | File Name |
Detections
Detections: The number of confirmed and suspected cases of a particular threat detected on
infected computers as reported by SpyHunter.
|
|---|---|---|
| 1. | %ProgramFiles%\Antivirus System PRO\Antivirussystempro.exe | |
| 2. | c:\WINDOWS\sysguard.exe | |
| 3. | %ProgramFiles%\Antivirus System PRO\uninstall.exe |
Registry Details
Win-guard2009.microsoft.com may create the following registry entry or registry entries:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad “ieModule”
HKEY_LOCAL_MACHINE\SOFTWARE\Antivirus System PRO
HKEY_CURRENT_USER\Software\AvScan
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Antivirus System PRO
HKEY_CLASSES_ROOT\CLSID\{BAD4551D-9B24-42cb-9BCD-818CA2DA7B63}
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “system tool”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run “Antivirus System PRO”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BAD4551D-9B24-42cb-9BCD-818CA2DA7B63}
