XLGuarder – XLG Security Center
XLGuarder or XLG Security Center is considered as a bogus security application, opposite to its name. XLG Security Center will pop-up exaggerated scan results on computer and advice user to register (with pay) the program, a trick commonly used by rogue software.
XLG Security Center normally utilizes a harmful Trojan like Vundo and Zlob to successfully penetrate a target computer. At first, Trojan will eliminate presence of anti-virus program to install XLG Security Center without catching user’s attention. Once loaded, the rogue software will provide numerous warning alerts stating presence of several threats. Each time Windows starts, the rogue program will run a virus scan that issues fake reports. As you may notice, the rogue program plays deceptive moves in order to convince you that computer is infected. Do not fall into this trick. Instead, scan the computer with legitimate security program. As expected it will turn out that XLG Security Center is a threat that requires immediate removal.
Screen Shot Image:
Technical Details and Additional Information:
Damage Level: Medium
Systems Affected: Windows 9x, 2000, XP, Vista
Characteristics (Analysis)
XLG Security Center is a fake security application. Unlike Trojans and viruses, rogue programs will not infect other files on the compromised computer. However, as stated above, XLG Security Center is associated with Trojan that can harm the computer and cause instability when not take care off.
Trojan can end running process that belongs to anti-virus programs. It may also block certain Windows tools like registry editor, task manager and control panel. Additional registry entries by the Trojan make the rogue program to execute every time Windows starts.
Added Registry Entries:HKEY_ALL_USERS\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\"Shell" = "%Windir%\sysutils\sysutil.exe"Associated Files and Folders:
%UserProfile%\Start Menu\Programs\Protection\Uninstall XLG.lnk %Windir%\iebho.dll %Windir%\sysutils\settings.ini %Windir%\sysutils\sounds\01.wav %Windir%\sysutils\sysutil.exe %Windir%\sysutils\sysutil_s.exe %Windir%\sysutils\uninstall.exe %Windir%\sysutils\warning\alertpage.jpg %Windir%\sysutils\warning\spacer.gif %Windir%\sysutils\warning\warningpage.html %Windir%\sysutils\winsystip.exe
precisesecurity
Jul 24, 2008 @ 09:43:18
1. Temporarily Disable System Restore (Windows Me/XP/Vista/7) . [how to]
2. Update the virus definitions.
3. Reboot Windows in Safe Mode. [how to]
4. Run a full system scan and clean/delete all infected file(s)
5. Delete/Modify any values added to the registry. [how to edit registry]
Navigate to and delete the following registry entry:
HKEY_ALL_USERS\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\”Shell” = “%Windir%\sysutils\sysutil.exe”
Navigate to and delete the following registry subkeys:
HKEY_ALL_USERS\Software\sysutils
HKEY_CLASSES_ROOT\CLSID\{D032570A-5F63-4812-A094-87D007C23012}
HKEY_CLASSES_ROOT\iebho.TIEAdvBHO
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D032570A-5F63-4812-A094-87D007C23012}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\sysutils
6. Exit registry editor and restart Windows.
7. In order to make sure that threat is completely eliminated, carry out a full scan of your system using AntiVirus and Antispyware Software. Another way to delete the virus using various Antivirus Program without the need to install can be done with Online Virus Scanner.
Tony
Sep 24, 2008 @ 16:50:23
The best way to deal with all of these Nasty little thing is Malwarebytes, gets them every time.