Home Malware Programs Rogue Anti-Spyware Programs Guard Pro

Guard Pro

Posted: January 8, 2010

Guard Pro is a rogue anti-spyware program which aims to pilfer your money in exchange for a useless product. The unregistered version of Guard Pro spreads via browser-hijacking methods or through trojans that use security exploits in order to infiltrate your computer. Once active, Guard Pro displays numerous fake and annoying pop-up windows claiming your computer is infected, or it will report various fabricated results from a fake system scan. Guard Pro will try to scare you into purchasing the full version of Guard Pro. Do not fall for this trickery and have Guard Pro removed from the system immediately.

File System Modifications

  • The following files were created in the system:
    # File Name
    1 %Documents and Settings%\[UserName]\Application Data\Guard Pro
    2 %Documents and Settings%\[UserName]\Application Data\Guard Pro\BackUp
    3 %Documents and Settings%\[UserName]\Application Data\Guard Pro\cookies.sqlite
    4 %Documents and Settings%\[UserName]\Application Data\Guard Pro\mozcrt19.dll
    5 %Documents and Settings%\[UserName]\Application Data\Guard Pro\Quarantine Items
    6 %Documents and Settings%\[UserName]\Application Data\Guard Pro\RootLib
    7 %Documents and Settings%\[UserName]\Application Data\Guard Pro\sqlite3.dll
    8 %Documents and Settings%\[UserName]\Application Data\Microsoft\Internet Explorer\Quick Launch\Guard Pro.lnk
    9 %Documents and Settings%\[UserName]\Desktop\Guard Pro.lnk
    10 %Documents and Settings%\[UserName]\Start Menu\Guard Pro.lnk
    11 %Documents and Settings%\[UserName]\Start Menu\Programs\Guard Pro.lnk
    12 %Documents and Settings%\All Users\Application Data\117fc
    13 %Documents and Settings%\All Users\Application Data\117fc\VH339.exe
    14 %Documents and Settings%\All Users\Application Data\117fc\VHOOK.ico
    15 %Documents and Settings%\All Users\Application Data\VHMELHOOOK
    16 %Documents and Settings%\All Users\Application Data\VHMELHOOOK\VHJJOOK.cfg
    17 mozcrt19.dll
    18 sqlite3.dll

Registry Modifications

  • The following newly produced Registry Values are:
    HKEY..\..\..\..{Subkeys}HKEY_CURRENT_USER\Software\3HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download "RunInvalidSignatures" = "1?HKEY..\..\..\..{RegistryKeys}HKEY_CLASSES_ROOT\CLSID\{3F2BBC05-40DF-11D2-9455-00104BC936FF}HKEY_CLASSES_ROOT\trial_ca8cf.DocHostUIHandlerHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\..{RunKeys}HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "Guard Pro"

Related Posts

One Comment

  • converse goode says:

    tHINK THIS ANTI-VIRUS HAS TOOK MY MONEY BECAUSE THERE IS NO NUMBER YOU CAN REACH THEM AND THE CUSTOMER SERVICE LINK DO NOT WORK

Loading...