|
| How to remove Additional Guard rogue anti-spyware By dwarkarao
01-08-2010
| | |
Cyber criminals have now released a new product called Additional Guard. These are the people who earlier released many rogue anti-spyware programs as Windows Additional Guard, System Defender, Enterprise Suite and many others. This new product called Additional Guard gets itself installed without observing any authentication requirements.
Additional Guard uses false security warnings and alerts to frighten people and make them buy a license of the software. It comes up with various pop-ups and system scans just to show that your system is under threat. It also states that your system is not protected or infected with malware and recommends you to pay and buy this application. It will show up so many warnings and alert messages that with make you feel annoyed so much.
How can we remove Additional Guard?
It has two ways of removing it one is manually and the other is automatically. Manually it can be deleted by removing all the related system registry files. The files which are to be deleted are listed below: - %UserProfile%\Application Data\2565da61\AG345d.exe
- %UserProfile%\Application Data\2565da61\278.mof
- %UserProfile%\Application Data\2565da61\mozcrt19.dll
- %UserProfile%\Application Data\2565da61\sqlite3.dll
- %UserProfile%\Application Data\2565da61\AG.ico
- %UserProfile%\Application Data\2565da61\AGSys
- %UserProfile%\Application Data\2565da61\AGSys\vd952342.bd
- %UserProfile%\Application Data\2565da61\ag.cfg
- %UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch\Additional Guard.lnk
- %UserProfile%\Application Data\Additional Guard\cookies.sqlite
- %UserProfile%\Desktop\Additional Guard.lnk
- %UserProfile%\Recent\cb.exe
- %UserProfile%\Recent\CLSV.tmp
- %UserProfile%\Recent\ddv.dll
- %UserProfile%\Recent\dudl.drv
- %UserProfile%\Recent\energy.dll
- %UserProfile%\Recent\energy.sys
- %UserProfile%\Recent\exec.exe
- %UserProfile%\Recent\fan.drv
- %UserProfile%\Recent\FS.dll
- %UserProfile%\Recent\PE.drv
- %UserProfile%\Recent\ppal.exe
- %UserProfile%\Recent\SICKBOY.tmp
- %UserProfile%\Recent\tjd.sys
- %UserProfile%\Start Menu\Additional Guard.lnk
- %UserProfile%\Start Menu\Programs\Additional Guard.lnk
- %Program Files%\Mozilla Firefox\searchplugins\search.xml
The registry entries that need to be removed are as follows: - HKEY_CLASSES_ROOT\CLSID\{3F2BBC05-40DF-11D2-9455-00104BC936FF}
- HKEY_CLASSES_ROOT\xp_7a9be.DocHostUIHandler
- HKEY_CURRENT_USER\Software\Classes\Software\Micros oft\Internet Explorer\SearchScopes “URL” = “http: // searc h-gala.com/?&uid=220&q={searchTerms}”
- HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download “RunInvalidSignatures” = “1″
- HKEY_CLASSES_ROOT\Software\Microsoft\Internet Explorer\SearchScopes “URL” = “http :// sea...-gala.com/?&uid=220&q={searchTerms}”
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run “Additional Guard”
Note: You need to be extra careful while dealing with these files as they are the system registry files and a small mistake can land up in big trouble. |
|