Coreguard Security Alert
"Coreguard Security" Alert is a fake system alert message that is known to be triggered by the rogue anti-spyware program CoreGuard Antivirus 2009. Usually when a users system has CoreGuard Antivirus 2009 installed, it pops up a message that states the following:
"Coreguard security alert.
Your computer is being attacked from a remote PC. Attack from 47.23.251.224:29650. Block your computer Internet access
to prevent system infection?
Windows Firewall has blocked this program from accepting connection from the Internet or a network. If you recognize the program or trust the publisher, you can unblock it. When should I unblock the program?"
It is recommended that you remove the "Coreguard Security" Alert infection, in addition to the CoreGuard Antivirus 2009 application.
File System Modifications
- The following files were created in the system:
# File Name 1 %UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch\Coreguard 2009.lnk 2 %UserProfile%\Desktop\Coreguard 2009.lnk 3 %UserProfile%\Start Menu\Programs\Coreguard Antivirus 2009\Coreguard 2009.lnk 4 %UserProfile%\Start Menu\Programs\Coreguard Antivirus 2009\Uninstall Coreguard Antivirus 2009.lnk 5 c:\Program Files\Coreguard Antivirus 2009\Help\images\buttons\offline.gif 6 c:\Program Files\Coreguard Antivirus 2009\Help\images\buttons\online.gif 7 c:\Program Files\Coreguard Antivirus 2009\Help\images\buttons\voice.gif 8 c:\Program Files\Coreguard Antivirus 2009\Help\images\delete.png 9 c:\Program Files\Coreguard Antivirus 2009\Help\images\info.png 10 c:\Program Files\Coreguard Antivirus 2009\Help\images\plus_circle.png 11 c:\Program Files\Coreguard Antivirus 2009\Help\images\tick.png 12 c:\Program Files\Coreguard Antivirus 2009\Help\images\warn.png 13 c:\Program Files\Coreguard Antivirus 2009\Help\reg.html 14 c:\Program Files\Coreguard Antivirus 2009\Help\support.png 15 c:\Program Files\Coreguard Antivirus 2009\Help\unreg.html
Registry Modifications
- The following newly produced Registry Values are:
HKEY..\..\..\..{Subkeys}HKEY_CURRENT_USER\Software\CoreGuardHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "Coreguard Antivirus 2009"HKEY..\..\..\..{RegistryKeys}HKEY_CLASSES_ROOT\CLSID\{5E2121EE-0300-11D4-8D3B-444553540000}HKEY_LOCAL_MACHINE\Software\[APPLICATION]\Microsoft\Windows\CurrentVersion\Uninstall..{Uninstaller}Coreguard Antivirus 2009
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.