Additional Guard

From Wiki-Security, the free encyclopedia of computer security

Additional Guard Information
Type: Spyware
Analysis: Installs & gathers info from a PC without user permission.
Infection: By downloading freeware & shareware.
Symptoms: Changes PC settings, excessive popups & slow PC performance.
Detection Tool: >>> Download SpyHunter's Spyware Scanner <<<

SpyHunter's spyware scanner is intended to quickly scan and identify spyware on your PC. If you wish to eliminate spyware from your PC and prevent future spyware attacks, we recommend you buy SpyHunter's spyware removal tool, which includes full technical support and a Spyware HelpDesk to tackle spyware that is uniquely affecting your PC.
IE Alert:

If you are using Internet Explorer and can not download SpyHunter, please use a different browser like Firefox or Chrome.

Additional Guard is not what it might seem; rather than being some kind of supplemental security software, it is, in fact, a rogue anti-virus application. Basically, Additional Guard is a scam. Its origin has been traced to Russia in 2009, and it is exactly the same rogue anti-virus software as Enterprise Suite, System Defender, and Live PC Care. The only difference between them is that wherever an instance of the name occurs, each of them uses its own name.

Additional Guard's Misleading Appearance

Additional Guard scam capitalizes on two things: a general, popular fear of viruses and identity theft, and the tendency for people to trust anything that looks as if it's from Microsoft. Additional Guard has a home screen that is intended to look as if it is a component of Windows Security Center, which uses the Security Center shield logo and header in the same location. Additional Guard just adds the word "Advanced" to the header, so that it has the logo and then reads, "Windows Advanced Security Center". Then there is even the same mention of Security Essentials as is used in Windows Security Center, and the Security Center icons, which Additional Guard is obviously using without permission. All of this has been carefully put together in order to deceive you into thinking that Additional Guard is something like Security Center plus extra features, when nothing could be farther from the truth.

The Additional Guard home screen has several mentions of its requirement that you "activate" it to get "ultimate protection", and these appear regardless of whatever scare tactics Additional Guard is engaged in at the moment. If your computer is infected with Additional Guard, you will hear about this activation for "ultimate" protection constantly. Additional Guard will set itself up to run automatically when you start Windows, and it will run fake system scans (complete with progress bar animations), with a list of fabricated results. Actually, Additional Guard creates these empty files when it installs itself, so that it can "find" them later, and the only real threat is Additional Guard. It can also generate pop-up warnings that tell you that your system is under attack, or that your files are infected with something awful. No matter what it does, Additional Guard will prompt you to activate the software, which costs money.

If you follow the prompts to the site that claims to be charging the "activation" fee, paying that money will not actually get you anything, because there is no real software to activate. If, on the other hand, you do not go to that site on your own, there's a pretty good chance that Additional Guard will hijack your browser and take you there anyway, displaying its own bogus payment site instead of whatever you were trying to look at online.

Where Can You Get the Additional Guard Infection?

In case you are wondering how Additional Guard came to be on your computer in the first place, really there are two possibilities. Additional Guard is behind some of the phony "free scan" ads you might come across online, and if you click on one of the ads and opt for the “scan”, what happens is that Additional Guard actually installs itself. The other possible method of infection is for the Additional Guard infection to be the purpose, or goal, of an infection with a Trojan. So, the Trojan sneaks in, and then it downloads Additional Guard. Typically, when this happens, the Trojan is hidden in some file online that you download because it seems harmless or mundane, like a plugin or codec.

No matter how frustrating Additional Guard may be, and no matter how real it may look, remember that Additional Guard is not real anti-virus software. It is not actually capable of scanning for or removing viruses. Do not let Additional Guard manipulate you into throwing away your money.

To check your computer for Additional Guard, download SpyHunter Spyware Detection Tool.

SpyHunter spyware detection tool is only a scanner meant to assist you in detecting Additional Guard and other threats. If you detect the presence of Additional Guard on your PC, you have the opportunity to purchase the SpyHunter removal tool to remove any traces of Additional Guard.


Detection of Additional Guard (Recommended)

Additional Guard is difficult to detect and remove. Additional Guard is not likely to be removed through a convenient "uninstall" feature. Additional Guard, as well as other spyware, can re-install itself even after it appears to have been removed.

You also run the risk of damaging your computer since you're required to find and delete sensitive files in your system such as DLL files and registry keys. It is recommended you use a good spyware remover to remove Additional Guard and other spyware, adware, trojans and viruses on your computer.

Run a Additional Guard scan/check to successfully detect all Additional Guard files with the SpyHunter Spyware Detection Tool. If you wish to remove Additional Guard, you can either purchase the SpyHunter spyware removal tool to remove Additional Guard or follow the Additional Guard manual removal method provided in the "Remedies and Prevention" section.

Method of Infection

There are many ways your computer could get infected with Additional Guard. Additional Guard can come bundled with shareware or other downloadable software.

Another method of distributing Additional Guard involves tricking you by displaying deceptive pop-up ads that may appear as regular Windows notifications with links which look like buttons reading Yes and No. No matter which "button" that you click on, a download starts, installing Additional Guard on your system. Additional Guard installs on your computer through a trojan and may infect your system without your knowledge or consent.

If you think you may already be infected with Additional Guard, use this SpyHunter Spyware dectection tool to detect Additional Guard and other common Spyware infections. After detection of Additional Guard, the next advised step is to remove Additional Guard with the purchase of the SpyHunter Spyware removal tool.


Additional Guard may attempt to change your computer's desktop, hijack your browser, monitor your Internet browsing activities, change system files, and can do this without your knowledge or permission. Therefore, it is strongly recommended to remove all traces of Additional Guard from your computer.

Remedies and Prevention

Additional Guard, as well as other Spyware, are constantly evolving and becoming more advanced to avoid detection. Additional Guard along with its variants can install in different locations and even when you try to uninstall it you find they reappear when you reboot your computer.

Install a good anti-spyware software

When there's a large number of traces of Spyware, for example Additional Guard, that have infected a computer, the only remedy may be to automatically run a Spyware scan from a good anti-spyware software designed to detect Additional Guard and other types of spyware.

Remove Additional Guard manually

Another method to remove Additional Guard is to manually delete Additional Guard files in your system. Detect and remove the following Additional Guard files:


  • %UserProfile%\Application Data\2565da61\AG345d.exe
  • %UserProfile%\Recent\cb.exe
  • %UserProfile%\Recent\exec.exe
  • %UserProfile%\Recent\ppal.exe
  • c:\Documents and Settings\All Users\Application Data\117fc\WI339.exe
  • %UserProfile%\Recent\eb.exe
  • %UserProfile%\Recent\FS.exe


  • %UserProfile%\Application Data\2565da61\mozcrt19.dll
  • %UserProfile%\Application Data\2565da61\sqlite3.dll
  • %UserProfile%\Recent\ddv.dll
  • %UserProfile%\Recent\energy.dll
  • %UserProfile%\Recent\FS.dll
  • c:\Documents and Settings\All Users\Application Data\117fc\mozcrt19.dll
  • c:\Documents and Settings\All Users\Application Data\117fc\sqlite3.dll
  • %UserProfile%\Recent\cid.dll

Other Files

  • %UserProfile%\Application Data\2565da61\278.mof
  • %UserProfile%\Application Data\2565da61\AG.ico
  • %UserProfile%\Application Data\2565da61\AGSys
  • %UserProfile%\Application Data\2565da61\AGSys\
  • %UserProfile%\Application Data\2565da61\ag.cfg
  • %UserProfile%\Application Data\Additional Guard\cookies.sqlite
  • %UserProfile%\Desktop\Additional Guard.lnk
  • %UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch\Additional Guard.lnk
  • %UserProfile%\Recent\CLSV.tmp
  • %UserProfile%\Recent\dudl.drv
  • %UserProfile%\Recent\energy.sys
  • %UserProfile%\Recent\fan.drv
  • %UserProfile%\Recent\PE.drv
  • %UserProfile%\Recent\SICKBOY.tmp
  • %UserProfile%\Recent\tjd.sys
  • %UserProfile%\Start Menu\Additional Guard.lnk
  • %UserProfile%\Start Menu\Programs\Additional Guard.lnk
  • %Program Files%\Mozilla Firefox\searchplugins\search.xml
  • c:\Documents and Settings\All Users\Application Data\117fc
  • c:\Documents and Settings\All Users\Application Data\117fc\WINAG.ico
  • c:\Documents and Settings\All Users\Application Data\117fc\Quarantine Items
  • c:\Documents and Settings\All Users\Application Data\117fc\WINAGSys
  • c:\Documents and Settings\All Users\Application Data\117fc\WINAGSys\
  • c:\Documents and Settings\All Users\Application Data\WINAGSys
  • c:\Documents and Settings\All Users\Application Data\117fc\2414.mof
  • c:\Documents and Settings\All Users\Application Data\WINAGSys\winag.cfg
  • %UserProfile%\Application Data\Additional Guard
  • %UserProfile%\Application Data\Additional Guard\Instructions.ini
  • c:\Program Files\Mozilla Firefox\searchplugins\search.xml
  • %UserProfile%\Recent\ANTIGEN.drv
  • %UserProfile%\Recent\ANTIGEN.tmp
  • %UserProfile%\Recent\eb.drv
  • %UserProfile%\Recent\exec.tmp
  • %UserProfile%\Recent\FS.drv
  • %UserProfile%\Recent\kernel32.drv
  • %UserProfile%\Recent\PE.sys
  • Additional Guard
  • Additional Guard.lnk
  • %AppData%\Additional Guard

Registry Keys

  • HKEY_CLASSES_ROOT\CLSID\{3F2BBC05-40DF-11D2-9455-00104BC936FF}
  • HKEY_CLASSES_ROOT\xp_7a9be.DocHostUIHandler
  • HKEY_CURRENT_USER\Software\Classes\Software\Microsoft\Internet Explorer\SearchScopes "URL" = "{searchTerms}"
  • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download "RunInvalidSignatures" = "1?
  • HKEY_CLASSES_ROOT\Software\Microsoft\Internet Explorer\SearchScopes "URL" = "{searchTerms}"
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "Additional Guard"

External links

If you believe your computer is infected with spyware,
Wiki-Security recommends using SpyHunter's spyware detection tool to check for the latest spyware threats.

Disclaimer Information
This website, its content or any portion of this website is NOT affiliated with, connected to, or sponsored by Additional Guard or its creators in any way. This website does not advocate the actions or behavior of Additional Guard and its creators. Our objective is to provide Internet users with the know-how to detect and remove Additional Guard and other Internet threats.

The readers of this article should not mistake, confuse or associate this article to be an advertisement or a promotion of Additional Guard in any way. The content provided on this website is intended for educational or informational purposes and is provided "AS IS" with no warranties, and confers no rights.