Home Malware Programs Malware PSGuard

PSGuard

Posted: March 28, 2006

PSGuard is a corrupt illegally distributed anti-malware application. It is secretly installed to victim PCs by many trojans, which usually are variants of the Smitfraud spyware.

File System Modifications

  • The following files were created in the system:
    # File Name
    1 core.dll
    2 intell32.exe
    3 localization.dll
    4 oleext.dll
    5 oleext32.dll
    6 psguard.exe
    7 psguardinstall.exe
    8 uninstiu.exe
    9 wndsystem.dll
    10 wppp.html

Registry Modifications

  • The following newly produced Registry Values are:
    HKEY..\..\..\..{RegistryKeys}HKEY_CURRENT_USERControlPanelDesktopWallpaper=%System%wppp.htmlHKEY_CURRENT_USERControlPanelDesktopWallpaperStyle=0HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesExplorerNoActiveDesktopChanges=1HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesSystemNoDispAppearancePage=1HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesSystemNoDispBackgroundPage=1HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRunPSGuardHKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRunintell32.exeHKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionUninstallInternetUpdateHKEY_LOCAL_MACHINESOFTWAREShudderLTDPSGuard
  • The following CLSID's were detected:
    HKEY..\..\{CLSID Path}F61D1CE1-5199-4B57-B59E-C6819EA92F3B982392F9-9C65-48B4-B667-3459C46630D1F4364EEC-31F5-4B8B-A7E0-3B6394C9D23FF100A342-3AC5-47FF-B5B3-FCDB6FC9F016E0D6C30A-B9A3-4181-8099-3B0D5A2B98AFD6A7D177-0B2F-4283-B2E8-B6310A45E606D5D6E9B5-30D5-4457-AC8B-399205F50411CF1674CC-EC9A-4AEE-996E-65A8F7C0B0E4CB9385AB-8541-4B2F-A363-48F64C612993C6E2A22C-B3A8-43A4-B5EC-A5BB671AB3F7B803D266-A08D-4A4C-9604-6D35689ABE09B26B5883-F15F-4283-B3D5-A1728077DE47A917B2F3-A9BF-477C-A0E3-0382D0376159A20F5672-7486-4D27-BD2B-E555E4692C5FA00E2305-7001-4200-BA00-5779F9A3E7D38EC33B7D-9953-4EDB-ACE2-D4C1059686018B6C0168-BAAC-4C7C-911E-0132590F56617B6A3434-8625-4ABF-B79D-09D98C2498C44723879B-8F52-4BE7-9994-626AFA5393663A350193-C7F7-4E10-B347-02FF4C3CC4E92C462D06-3BA0-48BB-9282-BB6519FE86E928FEDB90-53C7-4928-994A-CEE78260650720F8B70D-9F16-4DCB-8788-90A0498E46B91C94EA51-3800-4F08-B5DC-A5B67823FFEA1BD98DFD-2DA9-4C54-85D7-BE03A0F9C48717E02586-A91D-4A9D-A74E-187B05DFFE6F15DC7116-E58E-4395-A45A-A1C99B17C030

2 Comments

  • Joshua Issac says:

    This is a good set of instructions. When my computer was infected with PSGuard, I could not use the Add/Remove Programs section to remove the virus. It just would not uninstall. I could not open Internet Explorer, which was then my only browser, and I my antivirus (Panda Antivirus Platinum) kept closing immediately after I launched it. Finally, I remembered System Restore to restore my computer and then deleted the files. How do the virus makers expect me to buy their software if I can't even open Internet Explorer? I have not seen any response to PS Guard like mine anywhere on the Internet. Strange!

  • juan arizaga says:

    voy a probarlo

Loading...