Home Rogue Websites Win-guard2009.microsoft.com

Win-guard2009.microsoft.com

Posted: November 24, 2009

Win-guard2009.microsoft.com is a website created to serve the malicious goals of the rogue anti-spyware program Antivirus System Pro. You are not likely to ever see this website, unless your browser has been hijacked by various trojans programmed to work for this rogue anti-spyware. Win-guard2009.microsoft.com (or Winguard2009.microsoft.com) looks like an Internet Explorer warning, which claims the page you were browsing is malicious. It also urges you to download Antivirus System PRO. Do not be fooled by these lies and have Win-guard2009.microsoft.com and it's accomplice threats removed immediately.

File System Modifications

  • The following files were created in the system:
    # File Name
    1 %ProgramFiles%\Antivirus System PRO\Antivirussystempro.exe
    2 %ProgramFiles%\Antivirus System PRO\uninstall.exe
    3 c:\WINDOWS\sysguard.exe

Registry Modifications

  • The following newly produced Registry Values are:
    HKEY..\..\..\..{Subkeys}HKEY_CURRENT_USER\Software\AvScanHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “system tool”HKEY_LOCAL_MACHINE\SOFTWARE\Antivirus System PROHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BAD4551D-9B24-42cb-9BCD-818CA2DA7B63}HKEY..\..\..\..{RegistryKeys}HKEY_CLASSES_ROOT\CLSID\{BAD4551D-9B24-42cb-9BCD-818CA2DA7B63}HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\..{RunKeys}HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run “Antivirus System PRO”HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad “ieModule”HKEY_LOCAL_MACHINE\Software\[APPLICATION]\Microsoft\Windows\CurrentVersion\Uninstall..{Uninstaller}Antivirus System PRO
Loading...