Windows Software Guard

Posted: February 7, 2011

Threat Metric

The Threat Meter is a malware assessment that SpywareRemove.com's research team is able to give every identifiable malware threat. Our Threat Meter includes several criteria based off of specific malware threats to value their severity, reach and volume. The Threat Meter is able to give you a numerical breakdown of each threat's initial Threat Level, Detection Count, Volume Count, Trend Path and Percentage Impact. The overall ranking of each threat in the Threat Meter is a basic breakdown of how all threats are ranked within our own extensive malware database. The scoring for each specific malware threat can be easily compared to other emerging threats to draw a contrast in its particular severity. The Threat Meter is a useful tool in the endeavor of seeking a solution to remove a threat or pursue additional analytical research for all types of computer users.

The following fields listed on the Threat Meter containing a specific value, are explained in detail below:

Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.

Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.

Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.

Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.

% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.

Threat Level:	10/10
Infected PCs:	12

First Seen:	February 10, 2011
Last Seen:	January 8, 2020
OS(es) Affected:	Windows

Just one more rotating face glued onto system-damaging, money-stealing rogue code, Windows Software Guard should be treated with all the hostility one would have towards any standard virus. Strongly related to previous false system security software like Windows Safety Protection and Windows Software Protection, it will present fake error messages to try to cajole the user to purchase it. Do yourself a favor by distinguishing between this rogue scanner and true security software.

How You Got Stuck with Windows Software Guard

Windows Software Guard infects systems indirectly, primarily by using the fake Microsoft Security Essentials Trojan. This Trojan attempts to slip onto your system undetected, and will create false alert messages that attempt to pass themselves off as being from Microsoft or otherwise having legitimacy. The key to spotting this Trojan is to notice the point at which it tries to recommend a rogue. The false alarm messages look like the following:

"Threat prevention solution found
Security system analysis has revealed critical file system vulnerability caused by severe malware attacks.
Risk of system files infection:
The detected vulnerability may result in unauthorized access to private information and hard drive data with a serious possibility of irreversible data loss and unstable PC performance. To remove the malware please run a full system scan. Press ‘OK’ to install the software that will be used to initiate system files check. To complete the installation process please reboot your computer."

Note the typo! At this point, Fake Microsoft Security Essentials may install a rogue anti-spyware program from a wide possible range. Right now there's over half a dozen possible rogue programs served up onto unwilling hard drives this way, and the number is growing almost every week! The dice are rolled, and sometimes Windows Software Guard pops up. Rogue anti-spyware programs use deception to acquire the user's cash. By keeping yourself well-informed on this delivery method, you can protect your system from all rogue anti-spyware programs sharing it, including Windows Software Guard.

Windows Software Guard Symptoms

Although very new, much of Windows Software Guard's code has been recycled from other rogue programs, enabling it to have a wide range of functions. Since Windows Software Guard makes sure that it runs with every normal system start, you'll notice symptoms of this infection quickly and frequently. Possible symptoms include:

Inaccurate error messages. Like many rogue programs, Windows Software Guard often prefers to give out error messages indicated to a key-logged browser or other modifications to important system files such as lsass.exe or the registry. This is intended to cause immediate panic in the user, so that they'll do whatever it takes to fix the (actually illusory) problem.
Problems running other programs. Windows Software Guard may do this to create a fake problem situation for it to cry wolf over. On other occasions, the rogue anti-spyware program will shut a process down to keep itself from being uninstalled.
Pop-ups and browser hijacking. This is to direct the user to the Windows Software Guard site or another site that's designed to steal the user's money. Pay particular attention to the sites you're on and their verifications when infected with this rogue anti-spyware program.

Slaying the Beast Before It Slays Your Wallet

Because it's so new, specific tools for removing Windows Software Guard aren't widely circulated yet. To delete Windows Software Guard should still be a fairly simple job; however, since it works along the same lines as other older rogue programs. Be ready to use Safe Mode and multiple legitimate anti-malware software products. Don't forget to clean out that rogue-delivering Trojan, either, or you may just find yourself reinfected again!

Technical Details

File System Modifications

Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.

The following files were created in the system:

%APPDATA%\ambeea.exe

File name: ambeea.exe
Size: 2.22 MB (2229760 bytes)
MD5: cc726c0602fd7e2674e68d1a7849ff2e
Detection count: 5
File type: Executable File
Mime Type: unknown/exe
Path: %APPDATA%
Group: Malware file
Last Updated: January 8, 2020