Winguard-2009.com
Winguard-2009.com, or Win-guard2009.microsoft.com, is a malicious website created to promote the rogue anti-spyware program Antivirus System PRO. You won't ever see this website unless your browser has been hijacked by trojans programmed to work for Antivirus PRO. Winguard2009.microsoft.com produces a fake Internet Explorer warning which claims that the website you are browsing is malicious. The warning will urge you to download Antivirus System PRO. Do not be fooled by these lies and have Antivirus PRO and its accomplice threats removed immediately.
File System Modifications
- The following files were created in the system:
# File Name 1 %ProgramFiles%\Antivirus System PRO\Antivirussystempro.exe 2 %ProgramFiles%\Antivirus System PRO\uninstall.exe 3 c:\WINDOWS\sysguard.exe
Registry Modifications
- The following newly produced Registry Values are:
HKEY..\..\..\..{Subkeys}HKEY_CURRENT_USER\Software\AvScanHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "system tool"HKEY_LOCAL_MACHINE\SOFTWARE\Antivirus System PROHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BAD4551D-9B24-42cb-9BCD-818CA2DA7B63}HKEY..\..\..\..{RegistryKeys}HKEY_CLASSES_ROOT\CLSID\{BAD4551D-9B24-42cb-9BCD-818CA2DA7B63}HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\..{RunKeys}HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run �Antivirus System PRO�HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad "eModule"HKEY_LOCAL_MACHINE\Software\[APPLICATION]\Microsoft\Windows\CurrentVersion\Uninstall..{Uninstaller}Antivirus System PRO
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.