Additional Guard
From Wiki-Security, the free encyclopedia of computer security
|
|||||||||||||||||||||
To check your computer for Additional Guard, download
SpyHunter Spyware Detection Tool.
SpyHunter spyware detection tool is only a scanner meant to assist you in detecting Additional Guard and other threats. If you detect the presence of Additional Guard on your PC, you have the opportunity to purchase the SpyHunter removal tool to remove any traces of Additional Guard.
Contents |
Detection of Additional Guard (Recommended)
Additional Guard is difficult to detect and remove. Additional Guard is not likely to be removed through a convenient "uninstall" feature. Additional Guard, as well as other spyware, can re-install itself even after it appears to have been removed.
You also run the risk of damaging your computer since you're required to find and delete sensitive files in your system such as DLL files and registry keys. It is recommended you use a good spyware remover to remove Additional Guard and other spyware, adware, trojans and viruses on your computer.
Run a Additional Guard scan/check to successfully detect all Additional Guard files with the SpyHunter Spyware Detection Tool. If you wish to remove Additional Guard, you can either purchase the SpyHunter spyware removal tool to remove Additional Guard or follow the Additional Guard manual removal method provided in the "Remedies and Prevention" section.
Method of Infection
There are many ways your computer could get infected with Additional Guard. Additional Guard can come bundled with shareware or other downloadable software.
Another method of distributing Additional Guard involves tricking you by displaying deceptive pop-up ads that may appear as regular Windows notifications with links which look like buttons reading Yes and No. No matter which "button" that you click on, a download starts, installing Additional Guard on your system. Additional Guard installs on your computer through a trojan and may infect your system without your knowledge or consent.
If you think you may already be infected with Additional Guard, use this SpyHunter Spyware dectection tool to detect Additional Guard and other common Spyware infections. After detection of Additional Guard, the next advised step is to remove Additional Guard with the purchase of the SpyHunter Spyware removal tool.
Symptoms
Additional Guard may attempt to change your computer's desktop, hijack your browser, monitor your Internet browsing activities, change system files, and can do this without your knowledge or permission. Therefore, it is strongly recommended to remove all traces of Additional Guard from your computer.
Remedies and Prevention
Additional Guard, as well as other Spyware, are constantly evolving and becoming more advanced to avoid detection. Additional Guard along with its variants can install in different locations and even when you try to uninstall it you find they reappear when you reboot your computer.
Install a good anti-spyware software
When there's a large number of traces of Spyware, for example Additional Guard, that have infected a computer, the only remedy may be to automatically run a Spyware scan from a good anti-spyware software designed to detect Additional Guard and other types of spyware.
Remove Additional Guard manually
Another method to remove Additional Guard is to manually delete Additional Guard files in your system. Detect and remove the following Additional Guard files:
Processes
- %UserProfile%\Application Data\2565da61\AG345d.exe
- %UserProfile%\Recent\cb.exe
- %UserProfile%\Recent\exec.exe
- %UserProfile%\Recent\ppal.exe
- c:\Documents and Settings\All Users\Application Data\117fc\WI339.exe
- %UserProfile%\Recent\eb.exe
- %UserProfile%\Recent\FS.exe
DLLs
- %UserProfile%\Application Data\2565da61\mozcrt19.dll
- %UserProfile%\Application Data\2565da61\sqlite3.dll
- %UserProfile%\Recent\ddv.dll
- %UserProfile%\Recent\energy.dll
- %UserProfile%\Recent\FS.dll
- c:\Documents and Settings\All Users\Application Data\117fc\mozcrt19.dll
- c:\Documents and Settings\All Users\Application Data\117fc\sqlite3.dll
- %UserProfile%\Recent\cid.dll
Other Files
- %UserProfile%\Application Data\2565da61\278.mof
- %UserProfile%\Application Data\2565da61\AG.ico
- %UserProfile%\Application Data\2565da61\AGSys
- %UserProfile%\Application Data\2565da61\AGSys\vd952342.bd
- %UserProfile%\Application Data\2565da61\ag.cfg
- %UserProfile%\Application Data\Additional Guard\cookies.sqlite
- %UserProfile%\Desktop\Additional Guard.lnk
- %UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch\Additional Guard.lnk
- %UserProfile%\Recent\CLSV.tmp
- %UserProfile%\Recent\dudl.drv
- %UserProfile%\Recent\energy.sys
- %UserProfile%\Recent\fan.drv
- %UserProfile%\Recent\PE.drv
- %UserProfile%\Recent\SICKBOY.tmp
- %UserProfile%\Recent\tjd.sys
- %UserProfile%\Start Menu\Additional Guard.lnk
- %UserProfile%\Start Menu\Programs\Additional Guard.lnk
- %Program Files%\Mozilla Firefox\searchplugins\search.xml
- c:\Documents and Settings\All Users\Application Data\117fc
- c:\Documents and Settings\All Users\Application Data\117fc\WINAG.ico
- c:\Documents and Settings\All Users\Application Data\117fc\Quarantine Items
- c:\Documents and Settings\All Users\Application Data\117fc\WINAGSys
- c:\Documents and Settings\All Users\Application Data\117fc\WINAGSys\vd952342.bd
- c:\Documents and Settings\All Users\Application Data\WINAGSys
- c:\Documents and Settings\All Users\Application Data\117fc\2414.mof
- c:\Documents and Settings\All Users\Application Data\WINAGSys\winag.cfg
- %UserProfile%\Application Data\Additional Guard
- %UserProfile%\Application Data\Additional Guard\Instructions.ini
- c:\Program Files\Mozilla Firefox\searchplugins\search.xml
- %UserProfile%\Recent\ANTIGEN.drv
- %UserProfile%\Recent\ANTIGEN.tmp
- %UserProfile%\Recent\eb.drv
- %UserProfile%\Recent\exec.tmp
- %UserProfile%\Recent\FS.drv
- %UserProfile%\Recent\kernel32.drv
- %UserProfile%\Recent\PE.sys
- Additional Guard
- Additional Guard.lnk
- %AppData%\Additional Guard
Registry Keys
- HKEY_CLASSES_ROOT\CLSID\{3F2BBC05-40DF-11D2-9455-00104BC936FF}
- HKEY_CLASSES_ROOT\xp_7a9be.DocHostUIHandler
- HKEY_CURRENT_USER\Software\Classes\Software\Microsoft\Internet Explorer\SearchScopes "URL" = "http://search-gala.com/?&uid=220&q={searchTerms}"
- HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download "RunInvalidSignatures" = "1?
- HKEY_CLASSES_ROOT\Software\Microsoft\Internet Explorer\SearchScopes "URL" = "http://search-gala.com/?&uid=220&q={searchTerms}"
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "Additional Guard"
Known Variants
VirusBurst is a re-branded variant of other well-known rogue anti-spyware programs, including SpywareQuake, SpyFalcon, SpywareStrike, SpySheriff, SpyHeal and many other pseudonyms.
External links
|
Spyware
infects over 80% of all PCs.
Your PC could be infected with Spyware! |
- Remove Additional Guard - Easy Additional Guard removal steps. Parasite database on how to remove spyware and rogue anti-spyware programs.
- McAfee Threat Center - Library of detailed information on viruses.
- How Spyware And The Weapons Against It Are Evolving
- Crimeware: Trojans & Spyware
- Windows System Update - Latest bug fixes for Microsoft Windows
- Manual Removal Instructions for Additional Guard - Learn how to remove Additional Guard.
|