Windows Additional Guard
Windows Additional Guard is another type of bogus security program created mainly to gain monetary income for its developer. Visiting malicious web site will download and install this malware on computers without user’s intervention. Publishing these web sites has an specific objective of spreading Windows Additional Guard to users who are connected to Internet. If successfully installed on computer, Windows Additional Guard will continuously display alert messages informing user of malware activity. Removing these threats is possible according to Additional Guard. However, it will only proceed when you purchase the licensed version of it.
Another possible way to get rid of the threat is to eliminate the threat presenter itself. Taking out Windows Additional Guard from your PC will stop the annoyances. Once you delete the rogue software, you will enjoy a better computing experience. Pop-up alerts, task bar messages and repeated advertisements will end instantaneously.
Now that you know how Windows Additional Guard causes trouble to one’s computer, its about time to learn the basic of its removal. The malware drops some files in various location of your hard drive (Technical Details section has this list). It creates registry entries to ensure its start-up configuration. Deleting both primary components from the system will stop Windows Additional Guard’s operation.
Screen Shot Images:
Technical Details and Additional Information:
Damage Level: Medium
Systems Affected: Windows 9x, 2000, XP, Vista, Windows 7
[expand title="View More" swaptitle="Hide This"]Malware Behavior
When the rogue program is running inside the system, it will provide several browser hijacking and fake pop-up alerts like the following:
Added Registry Entries:“Warning! Your computer is infected
Warning! Trojan Found!
Threat detected: Trojan
File name: eb.exe
Threat name: Trojan-Spy.HTML.Bayfraud.hn
Recommended: Please click “Remove all” to eliminate all possible threats and protect Your PC”Insecure Internet activity. Threat of virus attack
Due to Internet browsing your PC can easily get infected with viruses, worms, and Trojans without your knowledge, and that can lead to system slowdown, freezes and crashes. Also insecure Internet activity can result in revealing your personal information. To get full advanced real-time protection your PC ant Internet activity, install an antivirus and antispyware software.
We recommend you to protect your PC now and continue safe Internet browsing.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "Windows Additional Guard"
HKEY_CLASSES_ROOT\CLSID\{3F2BBC05-40DF-11D2-9455-00104BC936FF}
HKEY_CLASSES_ROOT\WI345d.DocHostUIHandler
HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes "URL" => "http://search-gala.com/?&uid=7&q={searchTerms}"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform "967907703"
Associated Files and Folders:C:\Program Files\Mozilla Firefox\searchplugins\search.xml C:\Documents and Settings\All Users\Application Data\423t865 C:\Documents and Settings\All Users\Application Data\423t865\578.mof C:\Documents and Settings\All Users\Application Data\423t865\mozcrt19.dll C:\Documents and Settings\All Users\Application Data\423t865\sqlite3.dll C:\Documents and Settings\All Users\Application Data\423t865\WI345d.exe %UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Additional Guard.lnk %UserProfile%\Application Data\Windows Additional Guard %UserProfile%\Application Data\Windows Additional Guard\cookies.sqlite %UserProfile%\Desktop\Windows Additional Guard.lnk %UserProfile%\Recent\ANTIGEN.tmp %UserProfile%\Recent\cb.exe %UserProfile%\Recent\CLSV.tmp %UserProfile%\Recent\ddv.dll %UserProfile%\Recent\dudl.drv %UserProfile%\Recent\energy.dll %UserProfile%\Recent\energy.sys %UserProfile%\Recent\exec.exe %UserProfile%\Recent\fan.drv %UserProfile%\Recent\FS.dll %UserProfile%\Recent\PE.drv %UserProfile%\Recent\ppal.exe %UserProfile%\Recent\SICKBOY.tmp %UserProfile%\Recent\tjd.sys %UserProfile%\Start Menu\Windows Additional Guard.lnk %UserProfile%\Start Menu\Programs\Windows Additional Guard.lnk
How to Remove Windows Additional Guard
1. Kill any running process that belongs to Windows Additional Guard.
- Press Ctrl+Alt+Del on your keyboard.
- When Windows Task Manager appears, look for the following files and click End Task.
345d.exe or (random).exe
2. Delete all registry entries that belong to this malware.
- Press [Windows Key]+R on your keyboard.
- In the 'Open' dialog box, type regedit. This will open registry editor.
- Find and delete the following:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "Windows Additional Guard"
- Close registry editor. Changes made will be save automatically.
3. Scan the computer with antivirus program.
- Connect to Internet and open your antivirus software. Please Update to obtain the latest database and necessary files.
- Restart the computer in Safe Mode.
- Just before Windows logo begins to load press F8 on your keyboard.
- On Windows Advanced Boot Options, select Safe Mode and press Enter.
4. Delete all files dropped by Windows Additional Guard.
- While still in Safe Mode, search and delete malicious files. Please refer to 'Associated Files and Folders.'