Guard Pro
Guard Pro is a rogue anti-spyware program which aims to pilfer your money in exchange for a useless product. The unregistered version of Guard Pro spreads via browser-hijacking methods or through trojans that use security exploits in order to infiltrate your computer. Once active, Guard Pro displays numerous fake and annoying pop-up windows claiming your computer is infected, or it will report various fabricated results from a fake system scan. Guard Pro will try to scare you into purchasing the full version of Guard Pro. Do not fall for this trickery and have Guard Pro removed from the system immediately.
File System Modifications
- The following files were created in the system:
# File Name 1 %Documents and Settings%\[UserName]\Application Data\Guard Pro 2 %Documents and Settings%\[UserName]\Application Data\Guard Pro\BackUp 3 %Documents and Settings%\[UserName]\Application Data\Guard Pro\cookies.sqlite 4 %Documents and Settings%\[UserName]\Application Data\Guard Pro\mozcrt19.dll 5 %Documents and Settings%\[UserName]\Application Data\Guard Pro\Quarantine Items 6 %Documents and Settings%\[UserName]\Application Data\Guard Pro\RootLib 7 %Documents and Settings%\[UserName]\Application Data\Guard Pro\sqlite3.dll 8 %Documents and Settings%\[UserName]\Application Data\Microsoft\Internet Explorer\Quick Launch\Guard Pro.lnk 9 %Documents and Settings%\[UserName]\Desktop\Guard Pro.lnk 10 %Documents and Settings%\[UserName]\Start Menu\Guard Pro.lnk 11 %Documents and Settings%\[UserName]\Start Menu\Programs\Guard Pro.lnk 12 %Documents and Settings%\All Users\Application Data\117fc 13 %Documents and Settings%\All Users\Application Data\117fc\VH339.exe 14 %Documents and Settings%\All Users\Application Data\117fc\VHOOK.ico 15 %Documents and Settings%\All Users\Application Data\VHMELHOOOK 16 %Documents and Settings%\All Users\Application Data\VHMELHOOOK\VHJJOOK.cfg 17 mozcrt19.dll 18 sqlite3.dll
Registry Modifications
- The following newly produced Registry Values are:
HKEY..\..\..\..{Subkeys}HKEY_CURRENT_USER\Software\3HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download "RunInvalidSignatures" = "1?HKEY..\..\..\..{RegistryKeys}HKEY_CLASSES_ROOT\CLSID\{3F2BBC05-40DF-11D2-9455-00104BC936FF}HKEY_CLASSES_ROOT\trial_ca8cf.DocHostUIHandlerHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\..{RunKeys}HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "Guard Pro"
tHINK THIS ANTI-VIRUS HAS TOOK MY MONEY BECAUSE THERE IS NO NUMBER YOU CAN REACH THEM AND THE CUSTOMER SERVICE LINK DO NOT WORK