Security Guard 2012

6 October 2011 Rogue 0 Comment

Security Guard 2012 introduces self as an effective antivirus program,. It presents a variety of tasks like Privacy Protection and Firewall. Most likely it has what other legitimate antivirus security suite has to offer. What separates Security Guard 2012 from other genuine antivirus software is its ability to get inside the PC even without the need for it. It install self without your consent. For this, it was another inclusion to the list of potentially unwanted program.

Security Guard 2012 uses many forms of ways to spread. Trojan is widely used to infect computers that are connected through the Internet. It is primary approach of the Trojan. Systems that presently possess this Trojan will suffer from browser redirection that often ends up viewing malicious web sites. On that web site awaits a script that instantly downloads and installs Security Guard 2012. One thing that Trojan did prior to this is to eliminate presence of antivirus program so that Security Guard 2012 can penetrate you system without detection. When inside, the malware directly infect several system files and modifies Windows registry to gain an access on start-up.

The only time users can notice of Security Guard 2012 presence is when it begins to pop-up excessive alert messages. Security Guard 2012 also performs its own virus scan each time you open the computer. To sum it all, this malware pour all efforts to scare you and hope that you will purchase the paid version of Security Guard 2012. Some may think that acquiring the licensed version is the only solution to all of these problems, but it is not. You can end Security Guard 2012′s infestation by the procedures we have provided on this page.

Screen Shot Images:

Technical Details and Additional Information:

Damage Level: Medium

Systems Affected: Windows 9x, 2000, XP, Vista, Windows 7

Characteristics (Analysis)
This malware uses random start-up file name to avoid uniform detected of security application.
Example: etr652uidxz.exe

Security Guard 2012 and other rogue software will make additional entries under the registry key allowing them to run at start-up.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run.

Similar to other cases, this fake program drops files on the following folders:
Windows XP – C:\Windows\System32, C:\Users\, C:\Documents and Settings\\Application Data and C:\Documents and Settings\\Start Menu\
For Windows Vista and Windows 7 – C:\Windows\System32, C:\Users\, C:\Users\\AppData\Roaming, C:\Users\\AppData\Roaming\Microsoft\Windows\Start Menu

Deceptive Actions
Once Security Guard 2012 is running on the computer, it will never stop displaying fake security alerts in order to intimidate you and persuade to acquire the license version of the program. Some alerts will contain this messages:

Warning: Infection is Detected
Windows has found spyware infection on your computer!
Click here to update your Windows antivirus software

Warning! Infection found
Unauthorized sending E-MAIL with subject “RE:” to was CANCELLED.

Warning! Infection found
Unwanted software (malware) or tracking cookies have been found during last scan. It is highly recommended to remove it from your computer.
Keylogger Zeus was detected and put in quarantine.
Keylogger Zeus is a very dangerous software used by criminals to steal personal data such as credit card information, access to banking accounts, passwords to social networks and e-mails.

Related Registry Entries:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "(random characters)" 

Associated Files and Folders:

%AppData%\SwscY0wcHqxGpFoSecurity Guard 2012.ico
%StartMenu%\Programs\Security Guard 2012\
%StartMenu%\Programs\Security Guard 2012\Security Guard 2012.lnk
%System%\(random characters).exe
%UserProfile%\Desktop\Security Guard 2012.lnk 
%AppData%\(random characters)
%AppData%\(random characters)
%AppData%\(random characters)
%AppData%\ldr.ini

This guide requires a tool called Malwarebytes' Anti-Malware. It is a free tool designed to eradicate various computer infections. MBAM scanner is distributed for free.

Boot Windows in Safe Mode With Networking

1. First thing to do is to reboot the computer in Safe Mode with Networking to avoid Security Guard 2012 from loading at start-up. You may want to print this procedure as we have to restart the computer to complete the removal process.
- Restart the computer.
- Before Windows begins to load, press F8 on your keyboard.
- It will display an Advanced Boot Options menu. Please select Safe Mode with Networking.
- Windows will now start in Safe Mode.

Remove Security Guard 2012 with MalwareBytes' Anti-Malware

2. Download removal tool from this page and save it on your Desktop or any location on your PC.
3. When finish downloading, double-click on the file to install the application.
4. Follow the prompts and install with default configuration.
5. Before the installation completes, you need to update the database.

6. Click Finish. Program will run automatically and you will be prompt to update the program before doing a scan. Please update.
7. When finished updating, the tool will run. Select Perform full scan on main screen to check your computer thoroughly.
8. When scanning is finished click on Show Results.
9. Make sure that all detected threats are checked, click on Remove Selected. This will delete all files and registry entries that belongs to Security Guard 2012.
10. Restart your computer.

Note: If Security Guard 2012 prevents mbam-setup.exe from downloading. Download the software from another computer. Renaming it to something like 'anything.exe' can help elude the malware.