Dezinstalare Additional Guard – Ghid pentru Devirusare

Additional Guard este unprogram anti-spyware de tip rogue din familia Wini. Este promovat prin intermediul unor Troieni care pretind sa fie codec-uri video sau actualizari flash absolut necesare pentru a urmari continutul online.
Programul va afisa numeroase alerte false si va efectua scanari ale PC-ului detectand in mod eronat sute de infectii.
Toate acestea au scopul de a induce in eroare utilizatorul, cu scopul de a achizitiona acest program. Fisierele detectate sunt fie inexistente, fie curate, iar alertele nu trebuie luate in considerare.

Pentru a scapa de acest nepoftit cititi detaliile de mai jos:

Programul creeaza urmatoarele fisiere\foldere:

  • c:\Documents and Settings\All Users\Application Data\117fc
  • c:\Documents and Settings\All Users\Application Data\117fc\WI339.exe
  • c:\Documents and Settings\All Users\Application Data\117fc\WINAG.ico
  • c:\Documents and Settings\All Users\Application Data\117fc\2414.mof
  • c:\Documents and Settings\All Users\Application Data\117fc\mozcrt19.dll
  • c:\Documents and Settings\All Users\Application Data\117fc\sqlite3.dll
  • c:\Documents and Settings\All Users\Application Data\117fc\Quarantine Items
  • c:\Documents and Settings\All Users\Application Data\117fc\WINAGSys
  • c:\Documents and Settings\All Users\Application Data\117fc\WINAGSys\vd952342.bd
  • c:\Documents and Settings\All Users\Application Data\WINAGSys
  • c:\Documents and Settings\All Users\Application Data\WINAGSys\winag.cfg
  • %UserProfile%\Application Data\Additional Guard
  • %UserProfile%\Application Data\Additional Guard\cookies.sqlite
  • %UserProfile%\Application Data\Additional Guard\Instructions.ini
  • %UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch\Additional Guard.lnk
  • %UserProfile%\Desktop\Additional Guard.lnk
  • %UserProfile%\Start Menu\Additional Guard.lnk
  • %UserProfile%\Start Menu\Programs\Additional Guard.lnk
  • c:\Program Files\Mozilla Firefox\searchplugins\search.xml
  • %UserProfile%\Recent\ANTIGEN.drv
  • %UserProfile%\Recent\ANTIGEN.tmp
  • %UserProfile%\Recent\cid.dll
  • %UserProfile%\Recent\CLSV.tmp
  • %UserProfile%\Recent\ddv.dll
  • %UserProfile%\Recent\eb.drv
  • %UserProfile%\Recent\eb.exe
  • %UserProfile%\Recent\energy.dll
  • %UserProfile%\Recent\energy.sys
  • %UserProfile%\Recent\exec.exe
  • %UserProfile%\Recent\exec.tmp
  • %UserProfile%\Recent\fan.drv
  • %UserProfile%\Recent\FS.drv
  • %UserProfile%\Recent\FS.exe
  • %UserProfile%\Recent\kernel32.drv
  • %UserProfile%\Recent\PE.sys
  • %UserProfile%\Recent\ppal.exe


Ii sunt asociate cheile registry:

HKEY_CURRENT_USER\Software\3
HKEY_CLASSES_ROOT\CLSID\{3F2BBC05-40DF-11D2-9455-00104BC936FF}
HKEY_CLASSES_ROOT\xp_e0ebf.DocHostUIHandler
HKEY_CURRENT_USER\Software\Classes\Software\Microsoft\Internet Explorer\SearchScopes “URL” = “http://search-gala.com/?&uid=7&q={searchTerms}”
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download “RunInvalidSignatures” = “1”
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform “[xSP_2:117fc3395e69e29f71abba93a68c4181_7]”
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform “99660903”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run “Additional Guard”

In log-ul HijackThis apar urmatoarele intrari:

O4 – HKLM\..\Run: [Additional Guard] “C:\Documents and Settings\All Users\Application Data\117fc\WI339.exe” /s /d

DEVIRUSARE: Descarcati, instalati si scanati Pc-ul cu Malwarebytes Anti-Malware. Stergeti la final toate infectiile gasite, apasand “Remove selected”.

Daca ai reusit sa cureti aceasta infectie, iti recomand sa cumperi versiunea PRO a Malwarebytes Anti-Malware pentru a te proteja si pe viitor de astfel de amenintari, avand in vedere ca nu au fost detectate\eliminate de antivirusul tau actual.

Administrator FaraVirusi.com
voluntar al Comodo Malware Research Team, expert Malwarebytes Anti-Malware

3 responses to “Dezinstalare Additional Guard – Ghid pentru Devirusare”

  1. Mikay

    Tot Malwarebytes Anti-Malware e baza in devirusari 🙂

  2. Mada

    Eu am folosit Malwarebytes anti-malware si nu ma ajutat cu nimic,adica nu am scapat de Adittional guard.am urmat instructiunile de folosire ale programului Malwarebytes..si la sf imi spune sa dau restart ptr k unele din cele cu virusi nu au putut fi sterse.dau restart si degeaba….ce pot face in cazul asta?

Leave a Reply