Home Malware Programs Rogue Anti-Spyware Programs Smart Guard Protection

Smart Guard Protection

Posted: December 9, 2013

Threat Metric

Ranking: 14,764
Threat Level: 10/10
Infected PCs: 1,728
First Seen: December 9, 2013
Last Seen: September 10, 2023
OS(es) Affected: Windows

Smart Guard Protection Screenshot 1A new spinoff of a well-known family of fraudulent security products, Smart Guard Protection poses as an anti-malware tool, but actually is the very threat that Smart Guard Protection pretends to block from attacking your PC. While Smart Guard Protection delivers pop-up system alerts and imitations of system-scanning features that may appear to be protecting your PC, Smart Guard Protection also is just as busy blocking your software and hijacking your browser. Considering the extensively negative history malware experts have linked to Smart Guard Protection's family, the truly 'smart' thing to do always is to uninstall Smart Guard Protection with any real anti-malware program that you find sufficiently reliable.

A Treacherous Change in Your PC's Guards

A common example of the perpetual 'rebranding' cycle of the rogue anti-malware industry, Smart Guard Protection is a new version of WinWeb Security, similar to others like Antivirus Security, System Security, AntiSpyware Pro 2009, Total Security, Total Security 2009, Security Tool, Trojan.RogueAV.a.gen, System Adware Scanner 2010, FakeAlert-KW.e, Advanced Security Tool 2010, System Tool 2011, MS Removal Tool, Antivirus Center, Security Shield, Personal Shield Pro, Advanced PC Shield 2012, Security Sphere 2012 and Futurro Antivirus. Typical distribution methods for Smart Guard Protection and similar PC threats include fake advertisements displaying inaccurate security alerts, compromised software patches, spam e-mail attachments and even the non-consensual drive-by-download attacks of compromised websites. Since the WinWebSec family sees regular development to launch new 'products' like Smart Guard Protection, updated anti-malware protection is important for detecting this scamware reliably.

Smart Guard Protection is designed with the appearance of an anti-malware product in mind and imitates the pop-up warnings and system scanning functions you're likely to associate with these types of programs. However, unlike actual anti-malware products, Smart Guard Protection delivers fake system information that's intended to cause alarm and force you to purchase its registered version. Other than giving money and confidential information to criminals, there are no real effects from purchasing Smart Guard Protection, and malware experts certainly don't recommend it.

Protecting Your System Against a Guard with a Knife Aimed for Your Back

As potentially harmful as Smart Guard Protection's fake alerts and scans may be, Smart Guard Protection also includes a substantial sidearm of attacks meant to restrict your ability to use your computer at all. Smart Guard Protection should be expected to block many programs on your computer by focusing on security-related software, such as the Registry Editor, Task Manager and Windows Defender. Although Smart Guard Protection doesn't block Internet Explorer, Smart Guard Protection does hijack it and redirect that browser to fraudulent warning pages. The overall state of security for any PC infected by Smart Guard Protection may, therefore, be described as questionable.

Although deleting Smart Guard Protection obviously is the best response you can have to its attacks, Smart Guard Protection may try to block any anti-malware programs that are able to remove Smart Guard Protection efficiently. Using standard security techniques like booting into Safe Mode or booting through a USB device can provide the added security required to disable Smart Guard Protection and other threats, allowing you to focus on disinfecting your PC without any obstacles.

Smart Guard Protection Screenshot 2Smart Guard Protection Screenshot 3Smart Guard Protection Screenshot 4Smart Guard Protection Screenshot 5Smart Guard Protection Screenshot 6Smart Guard Protection Screenshot 7Smart Guard Protection Screenshot 8

Technical Details

File System Modifications

Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.

The following files were created in the system:



file.exe File name: file.exe
Size: 556.03 KB (556032 bytes)
MD5: 6d9c2f51784e9f698e618c4cc8cb6810
Detection count: 60
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: August 5, 2016
security_cleaner.exe File name: security_cleaner.exe
Size: 519.56 KB (519568 bytes)
MD5: ff7b883435e3c38e141363908f5c9ad3
Detection count: 37
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: December 10, 2013
%CommonAppData%\WaDprnV7\DD1 File name: %CommonAppData%\WaDprnV7\DD1
Group: Malware file
%CommonAppData%\WaDprnV7 File name: %CommonAppData%\WaDprnV7
Group: Malware file
%CommonAppData%\WaDprnV7\WaDprnV7.exe.manifest File name: %CommonAppData%\WaDprnV7\WaDprnV7.exe.manifest
Mime Type: unknown/manifest
Group: Malware file
%CommonAppData%\WaDprnV7\WaDprnV7.exe File name: %CommonAppData%\WaDprnV7\WaDprnV7.exe
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
%CommonAppData%\WaDprnV7\WaDprnV7kassgxDq.lg File name: %CommonAppData%\WaDprnV7\WaDprnV7kassgxDq.lg
Mime Type: unknown/lg
Group: Malware file
%CommonAppData%\WaDprnV7\WaDprnV7.ico File name: %CommonAppData%\WaDprnV7\WaDprnV7.ico
Mime Type: unknown/ico
Group: Malware file

Registry Modifications

The following newly produced Registry Values are:

File name without pathSmart Guard Protection support.urlSmart Guard Protection.lnkHKEY..\..\{Value}HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system "EnableLUA" = 0HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "AS2014" = "%CommonAppData%\WaDprnV7\WaDprnV7.exe"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore "RPSessionInterval" = 0HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system "EnableVirtualization" = 0 HKEY..\..\..\..{RegistryKeys}Control Panel\don't load\wscui.cplSOFTWARE\Microsoft\Windows\CurrentVersion\Run\AS2014Run keysAS2014

Additional Information

The following directories were created:
%ALLUSERSPROFILE%\gpng7pl3%AppData%\Microsoft\Windows\Start Menu\Programs\Smart Guard Protection
The following messages's were detected:
# Message
1Warning! Infected file detected.
We strongly recommend activating full edition of your antivirus software for repairing threats.
2Warning! Infected file detected
Location: File System
Behavior description: Destroys and infects system files.
Suspicious activity detected in the application notepad.exe to the behavior of the virus Win32/Conficker.X. For your security and to avoid loss of data, the operation of application cmd.exe has been temporarily restricted.
3Warning! Network attack attempt detected.
To keep the computer safe, the threat must be blocked.
4Windows Security Center
Warning! Suspicious activity detected.
Virus activity detected.
Attempt to change configuration files detected.
Rootkit embedding attempt detected.

Loading...