Windows Additional Guard is new and very dangerous fake security application. Parasite is successor of infamous Windows System Suite and Windows Protection Suite. Windows Additional Guard is promoted via backdoor Trojans and misleading online scanners. Once, Windows Additional Guard gets in touch with your system it will create numerous fake infections in order to detect them as threats in further full system scans. Also Windows Additional Guard will be configured to start automatically every time you login into Windows. You will find out that your Internet Explorer and Mozilla Firefox are hijacked and they use Search-gala.com search engine instead of legitimate ones. While running, parasite will also flood your system with fake security alerts in order to convince you that your computer is seriously infected and you must purchase licensed version to solve all problems. Moreover, Windows Additional Guard will constantly perform full system scan and list you misleading scan results. But you must remember that all displayed infections was created by Windows Additional Guard, and are absolutely harmless. The only infection which you have on your board is Windows Additional Guard. We advise you to remove Windows Additional Guard immediately.
Type: Rogue Anti-Spyware
Malware Author: dreamakerlab
Threat Level: High
Screenshot:
How to remove Windows Additional Guard manually:It's possible to remove Windows Additional Guard manually, but you have to be very experienced in dealing with registry entries, program files and .dll files.
The files to be deleted:
c:\Documents and Settings\All Users\Application Data\345d567
c:\Documents and Settings\All Users\Application Data\345d567\578.mof
c:\Documents and Settings\All Users\Application Data\345d567\mozcrt19.dll
c:\Documents and Settings\All Users\Application Data\345d567\sqlite3.dll
c:\Documents and Settings\All Users\Application Data\345d567\WI345d.exe
c:\Documents and Settings\All Users\Application Data\345d567\WINAG.ico
c:\Documents and Settings\All Users\Application Data\345d567\WINAGSys
c:\Documents and Settings\All Users\Application Data\345d567\WINAGSys\vd952342.bd
c:\Documents and Settings\All Users\Application Data\WINAGSys
c:\Documents and Settings\All Users\Application Data\WINAGSys\winag.cfg
%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Additional Guard.lnk
%UserProfile%\Application Data\Windows Additional Guard
%UserProfile%\Application Data\Windows Additional Guard\cookies.sqlite
%UserProfile%\Desktop\Windows Additional Guard.lnk
%UserProfile%\Recent\ANTIGEN.tmp
%UserProfile%\Recent\cb.exe
%UserProfile%\Recent\CLSV.tmp
%UserProfile%\Recent\ddv.dll
%UserProfile%\Recent\dudl.drv
%UserProfile%\Recent\energy.dll
%UserProfile%\Recent\energy.sys
%UserProfile%\Recent\exec.exe
%UserProfile%\Recent\fan.drv
%UserProfile%\Recent\FS.dll
%UserProfile%\Recent\PE.drv
%UserProfile%\Recent\ppal.exe
%UserProfile%\Recent\SICKBOY.tmp
%UserProfile%\Recent\tjd.sys
%UserProfile%\Start Menu\Windows Additional Guard.lnk
%UserProfile%\Start Menu\Programs\Windows Additional Guard.lnk
c:\Program Files\Mozilla Firefox\searchplugins\search.xml
Remove registry entries:
HKEY_CLASSES_ROOT\CLSID\{3F2BBC05-40DF-11D2-9455-00104BC936FF}
HKEY_CLASSES_ROOT\WI345d.DocHostUIHandler
HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes "URL" => "http://search-gala.com/?&uid=7&q={searchTerms}"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform "967907703"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "Windows Additional Guard"
HKEY_CLASSES_ROOT\WI345d.DocHostUIHandler
HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes "URL" => "http://search-gala.com/?&uid=7&q={searchTerms}"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform "967907703"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "Windows Additional Guard"
Please be careful because manual removal of Windows Additional Guard may seriously damage operational system and sensitive data. Also there is a big possibility of incomplete removal, because some files could be hidden and program could re-install itself after you delete files and registry entries. So we strongly recommend you to use automatical removal tool.
No comments:
Post a Comment