VirtualGuardPlus
VirtualGuardPlus, also known as Virtual Guard Plus, is a rogue anti-spyware program and clone of VirtualPCGuard. VirtualGuardPlus may have installed in your computer system with the help of Trojan Zlob. Once Zlob is installed, it will generate fake popups and fake system warning messages "informing" you about supposed spyware infections. In reality, the only malicious infection you're most likely to have is VirtualGuardPlus itself. VirtualGuardPlus displays these rogue messages to make you believe you're infected with spyware and then offer you VirtualGuardPlus's licensed program to remove the imaginary infections.
VirtualGuardPlus is also able to emulate a fake system scan and generate a list of spyware infections as a result. Do not be scared, these spyware infections found on your system are only meant to scare you and push you into purchasing rogue VirtualGuardPlus's licensed program. All links provided by VirtualGuardPlus will probably redirect you to VirtualGuardPlus's website or other rogue websites that promote VirtualGuardPlus as a real spyware remover. It is advised that you get rid of VirtualGuardPlus without hesitation. VirtualGuardPlus is a scam created to steal $49.95-79.95 from gullible users.
File System Modifications
- The following files were created in the system:
# File Name 1 %UserProfile%\Application Data\VirusGuardPlus 2 %UserProfile%\Application Data\VirusGuardPlus\Logs 3 %UserProfile%\Application Data\VirusGuardPlus\Logs\threats.log 4 c:\Documents and Settings\All Users\Application Data\SalesMon 5 c:\Documents and Settings\All Users\Application Data\SalesMon\Data 6 c:\Documents and Settings\All Users\Desktop\VirusGuardPlus.lnk 7 c:\Documents and Settings\All Users\Start Menu\Programs\VirusGuardPlus 8 c:\Documents and Settings\All Users\Start Menu\Programs\VirusGuardPlus\Contact Customer Support.lnk 9 c:\Documents and Settings\All Users\Start Menu\Programs\VirusGuardPlus\Uninstall VirusGuardPlus.lnk 10 c:\Documents and Settings\All Users\Start Menu\Programs\VirusGuardPlus\VirusGuardPlus.lnk 11 c:\Program Files\Common Files\VirusGuardPlus 12 c:\Program Files\Common Files\VirusGuardPlus\bm.exe 13 c:\Program Files\Common Files\VirusGuardPlus\ugac.exe 14 c:\Program Files\VirusGuardPlus 15 c:\Program Files\VirusGuardPlus\Activate.exe 16 c:\Program Files\VirusGuardPlus\al.dat 17 c:\Program Files\VirusGuardPlus\Config 18 c:\Program Files\VirusGuardPlus\Config\pgs.xml 19 c:\Program Files\VirusGuardPlus\Dat 20 c:\Program Files\VirusGuardPlus\Dat\Activate.dat 21 c:\Program Files\VirusGuardPlus\Dat\BkSites.dat 22 c:\Program Files\VirusGuardPlus\Dat\bnlink.dat 23 c:\Program Files\VirusGuardPlus\Dat\cd.dat 24 c:\Program Files\VirusGuardPlus\Dat\incmp.dat 25 c:\Program Files\VirusGuardPlus\Dat\index.dat 26 c:\Program Files\VirusGuardPlus\Dat\pv.dat 27 c:\Program Files\VirusGuardPlus\dhlp.dll 28 c:\Program Files\VirusGuardPlus\Engines 29 c:\Program Files\VirusGuardPlus\Engines\AWBase 30 c:\Program Files\VirusGuardPlus\Engines\AWBase\database 31 c:\Program Files\VirusGuardPlus\Engines\AWBase\database\enemies.dat 32 c:\Program Files\VirusGuardPlus\Engines\AWBase\vbpv.dat 33 c:\Program Files\VirusGuardPlus\Engines\PGBase 34 c:\Program Files\VirusGuardPlus\Engines\PGBase\vbpv.dat 35 c:\Program Files\VirusGuardPlus\Engines\plugins 36 c:\Program Files\VirusGuardPlus\Engines\plugins\BORLNDMM.DLL 37 c:\Program Files\VirusGuardPlus\Engines\plugins\SCANADWR.DLL 38 c:\Program Files\VirusGuardPlus\Engines\plugins\SCANBCDR.DLL 39 c:\Program Files\VirusGuardPlus\Engines\plugins\SCANDLDR.DLL 40 c:\Program Files\VirusGuardPlus\Engines\plugins\SCANDOS1.DLL 41 c:\Program Files\VirusGuardPlus\Engines\plugins\SCANEMUL.DLL 42 c:\Program Files\VirusGuardPlus\Engines\plugins\SCANFUNC.DLL 43 c:\Program Files\VirusGuardPlus\Engines\plugins\SCANKRNL.DLL 44 c:\Program Files\VirusGuardPlus\Engines\plugins\SCANMCR1.DLL 45 c:\Program Files\VirusGuardPlus\Engines\plugins\SCANOTHR.DLL 46 c:\Program Files\VirusGuardPlus\Engines\plugins\SCANSCR.DLL 47 c:\Program Files\VirusGuardPlus\Engines\plugins\SCANTOOL.DLL 48 c:\Program Files\VirusGuardPlus\Engines\plugins\SCANTROJ.DLL 49 c:\Program Files\VirusGuardPlus\Engines\plugins\SCANWIN1.DLL 50 c:\Program Files\VirusGuardPlus\Engines\plugins\UNACPU.DLL 51 c:\Program Files\VirusGuardPlus\Engines\plugins\UNADBX.DLL 52 c:\Program Files\VirusGuardPlus\Engines\plugins\unamscan.dll 53 c:\Program Files\VirusGuardPlus\Engines\plugins\UNMIME.DLL 54 c:\Program Files\VirusGuardPlus\Engines\plugins\UNPACK.DLL 55 c:\Program Files\VirusGuardPlus\Engines\plugins\UNPACKS.DLL 56 c:\Program Files\VirusGuardPlus\Engines\plugins\UNPACKS2.DLL 57 c:\Program Files\VirusGuardPlus\Engines\plugins\UNPEPACK.DLL 58 c:\Program Files\VirusGuardPlus\Engines\plugins\UpDate 59 c:\Program Files\VirusGuardPlus\Engines\plugins\UpDate\UA27601.DLL 60 c:\Program Files\VirusGuardPlus\Engines\plugins\UpDate\UA27602.DLL 61 c:\Program Files\VirusGuardPlus\Engines\plugins\UpDate\UA27603.DLL 62 c:\Program Files\VirusGuardPlus\Engines\plugins\UpDate\UA27604.DLL 63 c:\Program Files\VirusGuardPlus\Engines\plugins\UpDate\UADAILY.DLL 64 c:\Program Files\VirusGuardPlus\Engines\plugins\vbpv.dat 65 c:\Program Files\VirusGuardPlus\FWSettings.bin 66 c:\Program Files\VirusGuardPlus\Graphics 67 c:\Program Files\VirusGuardPlus\Graphics\cross.gif 68 c:\Program Files\VirusGuardPlus\Graphics\ga6p.gif 69 c:\Program Files\VirusGuardPlus\Graphics\kb.url 70 c:\Program Files\VirusGuardPlus\Graphics\main.ico 71 c:\Program Files\VirusGuardPlus\Graphics\mini.ico 72 c:\Program Files\VirusGuardPlus\Graphics\Online.url 73 c:\Program Files\VirusGuardPlus\Graphics\support.ico 74 c:\Program Files\VirusGuardPlus\Graphics\Support.url 75 c:\Program Files\VirusGuardPlus\Graphics\uninstall.ico 76 c:\Program Files\VirusGuardPlus\history.db 77 c:\Program Files\VirusGuardPlus\LA 78 c:\Program Files\VirusGuardPlus\LA\lapv.dat 79 c:\Program Files\VirusGuardPlus\LA\License.rtf 80 c:\Program Files\VirusGuardPlus\main.log 81 c:\Program Files\VirusGuardPlus\pgs.exe 82 c:\Program Files\VirusGuardPlus\ptask.exe 83 c:\Program Files\VirusGuardPlus\reload.exe 84 c:\Program Files\VirusGuardPlus\ResErrors.log 85 c:\Program Files\VirusGuardPlus\scnkrnl.dll 86 c:\Program Files\VirusGuardPlus\settings.ini 87 c:\Program Files\VirusGuardPlus\sqlite3.dll 88 c:\Program Files\VirusGuardPlus\Tools 89 c:\Program Files\VirusGuardPlus\Tools\pblock.dll 90 c:\Program Files\VirusGuardPlus\Tools\sbiebho.dll 91 c:\Program Files\VirusGuardPlus\unins000.dat 92 c:\Program Files\VirusGuardPlus\unins000.exe 93 c:\Program Files\VirusGuardPlus\Up 94 c:\Program Files\VirusGuardPlus\Up\ASupdater.dat 95 c:\Program Files\VirusGuardPlus\Up\gup.exe 96 c:\Program Files\VirusGuardPlus\Up\PGupdater.dat 97 c:\Program Files\VirusGuardPlus\Up\UBupdater.dat 98 c:\Program Files\VirusGuardPlus\Up\up.dat 99 c:\Program Files\VirusGuardPlus\Up\updater.dat 100 c:\VirusGuardPlus 101 c:\VirusGuardPlus\AVQuar 102 c:\WINDOWS\system32\atl71.dll 103 c:\WINDOWS\system32\capicom.dll 104 c:\WINDOWS\system32\drivers\dhlp.sys 105 c:\WINDOWS\system32\mfc71.dll 106 c:\WINDOWS\system32\msvcp71.dll 107 c:\WINDOWS\system32\msxml3a.dll 108 d:\VirusGuardPlus 109 d:\VirusGuardPlus\AVQuar
Registry Modifications
- The following newly produced Registry Values are:
HKEY..\..\..\..{Subkeys}HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5C3F6257-3E00-45C2-88D5-CB0F3A17BF0E}HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6F87F145-DC2D-4766-AF03-3A3B96FFAD98}HKEY_CURRENT_USER\Software\Opera SoftwareHKEY_CURRENT_USER\Software\VirusGuardPlusHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C3F6257-3E00-45C2-88D5-CB0F3A17BF0E}HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6F87F145-DC2D-4766-AF03-3A3B96FFAD98}HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform "UGA6P11 2.2.366.12"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls "C:\WINDOWS\system32\atl71.dll"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls "C:\WINDOWS\system32\capicom.dll"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls "C:\WINDOWS\system32\mfc71.dll"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls "C:\WINDOWS\system32\msvcp71.dll"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls "C:\WINDOWS\system32\msxml3.dll"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls "C:\WINDOWS\system32\msxml3a.dll"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls "C:\WINDOWS\system32\msxml3r.dll"HKEY_LOCAL_MACHINE\SOFTWARE\ProductsHKEY_LOCAL_MACHINE\SOFTWARE\VirusGuardPlusHKEY_LOCAL_MACHINE\SOFTWARE\ugacHKEY..\..\..\..{RegistryKeys}HKEY_CLASSES_ROOT\AppID\pblock.DLLHKEY_CLASSES_ROOT\AppID\{EA7522F6-87CF-411e-8A55-19EE4344B676}HKEY_CLASSES_ROOT\CLSID\{079AA557-4A18-424A-8EEE-E39F0A8D41B9}\TypeLibHKEY_CLASSES_ROOT\CLSID\{3124C396-FB13-4836-A6AD-1317F1713688}\TypeLibHKEY_CLASSES_ROOT\CLSID\{3D813DFE-6C91-4A4E-8F41-04346A841D9C}\TypeLibHKEY_CLASSES_ROOT\CLSID\{3E784A01-F3AE-4DC0-9354-9526B9370EBA}\TypeLibHKEY_CLASSES_ROOT\CLSID\{4DD441AD-526D-4A77-9F1B-9841ED802FB0}\TypeLibHKEY_CLASSES_ROOT\CLSID\{5C3F6257-3E00-45c2-88D5-CB0F3A17BF0E}HKEY_CLASSES_ROOT\CLSID\{6F87F145-DC2D-4766-AF03-3A3B96FFAD98}HKEY_CLASSES_ROOT\Interface\{2933BF96-7B36-11D2-B20E-00C04F983E60}HKEY_CLASSES_ROOT\Interface\{2B8DE2FE-8D2D-11d1-B2FC-00C04FD915A9}HKEY_CLASSES_ROOT\Interface\{3EFAA428-272F-11D2-836F-0000F87A7782}HKEY_CLASSES_ROOT\Interface\{3EFAA429-272F-11D2-836F-0000F87A7782}HKEY_CLASSES_ROOT\Interface\{C90352F7-643C-4FBC-BB23-E996EB2D51FD}HKEY_CLASSES_ROOT\PopupBlocker.IEGPBHKEY_CLASSES_ROOT\PopupBlocker.IEGPB.1HKEY_CLASSES_ROOT\SBIEBHO.IEFWHKEY_CLASSES_ROOT\SBIEBHO.IEFW.2HKEY_CLASSES_ROOT\TypeLib\{D761645B-6B20-4698-AEE8-729981152A82}HKEY_CLASSES_ROOT\TypeLib\{EA7522F6-87CF-411E-8A55-19EE4344B676}HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\dhlpHKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\dhlpHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\..{RunKeys}HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "BMN"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "VirusGuardPlus"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "ugac"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce "overinstall"HKEY_LOCAL_MACHINE\Software\[APPLICATION]\Microsoft\Windows\CurrentVersion\Uninstall..{Uninstaller}UAVUN_is1
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.