Home Malware Programs Rogue Anti-Spyware Programs GuardBytes Plus

GuardBytes Plus

Posted: December 10, 2014

Threat Metric

Threat Level: 10/10
Infected PCs: 9
First Seen: December 10, 2014
OS(es) Affected: Windows

GuardBytes Plus is a rogue anti-malware scanner based on the FakeRean template. This family of scamware is noteworthy for providing different skins for new brand names and referencing different versions of Windows. Although it includes a new appearance, GuardBytes Plus shows few 'under the hood' modifications from prior rogue software from its family. However, GuardBytes Plus still can mislead its victims with its fake security scans, pop-up alerts and file blocking attacks. Infected PCs should be scanned with anti-malware utilities from within a sterile environment to uninstall GuardBytes Plus and any other threats.

A Byte-Based Guard over Unlawful Incomes

GuardBytes Plus is a new change to previous templates based on the fraudulent anti-malware features of the FakeRean family such as Antivirus 2008 Pro, Antivirus XP 2008, Windows Antivirus 2008, Vista Antivirus 2008, PC Clean Pro, Antivirus Pro 2009, Rogue.Vista Antivirus 2008, AntiSpy Safeguard, ThinkPoint, Spyware Protection 2010, Internet Antivirus 2011, Palladium Pro, XP Anti-Virus 2011, CleanThis, XP Security 2012, XP Home Security 2012 and AntiVirus PRO 2015. Its skin promotes GuardBytes Plus as a new security product capable of identifying threats. In direct contrast to these aesthetics, GuardBytes Plus is unaffiliated with any real security company and has no real security functions.

GuardBytes Plus's most visible effects include a range of diverse, fraudulent system alerts, and its ability to mimic the system scans of real anti-malware products. While GuardBytes Plus may identify various threats by their technical names, GuardBytes Plus doesn't attempt to identify any actual infections on the host PC, and can't remove real threatening software of any type.

Malware experts also linked other attacks to GuardBytes Plus, including both other attempts at fraud and a variety of anti-security functions:

  • GuardBytes Plus may modify your ability to launch other program files in ways that redirect you to more pop-up alerts.
  • GuardBytes Plus may hijack multiple brands of Web browsers and block your access to various sites, including the domains of PC security companies.
  • GuardBytes Plus may display a modified version of the Windows Security Center that includes false information promoting its services.
  • Other programs also may be blocked automatically, including Windows security tools like wuauserv (the Windows Update manager).

GuardBytes Plus requests the payment of its registration fee before GuardBytes Plus can remove any threats that supposedly are causing the above issues, despite their actually originating from GuardBytes Plus, itself.

When Defending Your PC and Your Income Intersect

GuardBytes Plus's explicit attempt at fraud makes it obvious that PC users will need to continue to exercise vigilance over their machines if they want to avoid being lured into paying for a non-functional product. Although none of GuardBytes Plus's attacks are irreversible, GuardBytes Plus is likely to take steps to prevent you from deleting GuardBytes Plus or using legitimate security tools, as long as GuardBytes Plus is active. As a direct solution to such attacks, malware experts can recommend booting your PC through removable devices or using built-in security features like Safe Mode, which can disable GuardBytes Plus outright. Afterward, you can proceed with deleting GuardBytes Plus with the anti-malware tools of your choice.

In spite of the disruptive nature of its attacks, there's nothing to gain by purchasing GuardBytes Plus's registered version, and both money and sensitive information usually are lost in the process of doing so. If you're in a position of questioning the legitimacy of a security application, malware experts suggest that you trace the history of the brand name. You also can watch for all of the standard symptoms of scamware, as noted at length in this text.

Technical Details

File System Modifications

Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.

The following files were created in the system:



%LOCALAPPDATA%\dtnlfnti.exe File name: dtnlfnti.exe
Size: 91.13 KB (91136 bytes)
MD5: dca219ee65cbe005a91ecd4ff96dddf5
Detection count: 9
File type: Executable File
Mime Type: unknown/exe
Path: %LOCALAPPDATA%
Group: Malware file
Last Updated: December 10, 2014

Additional Information

The following messages's were detected:
# Message
1GuardBytes Plus has blocked a program from accessing the internet - This program is infected with Trojan-BNK.Win32.Keylogger.gen Private data can be stolen by third parties, including credit card details and passwords

Loading...