Dezinstalare Additional Guard – Ghid pentru Devirusare

Additional Guard este unprogram anti-spyware de tip rogue din familia Wini. Este promovat prin intermediul unor Troieni care pretind sa fie codec-uri video sau actualizari flash absolut necesare pentru a urmari continutul online.
Programul va afisa numeroase alerte false si va efectua scanari ale PC-ului detectand in mod eronat sute de infectii.
Toate acestea au scopul de a induce in eroare utilizatorul, cu scopul de a achizitiona acest program. Fisierele detectate sunt fie inexistente, fie curate, iar alertele nu trebuie luate in considerare.

Pentru a scapa de acest nepoftit cititi detaliile de mai jos:

Programul creeaza urmatoarele fisiere\foldere:

• c:\Documents and Settings\All Users\Application Data\117fc
• c:\Documents and Settings\All Users\Application Data\117fc\WI339.exe
• c:\Documents and Settings\All Users\Application Data\117fc\WINAG.ico
• c:\Documents and Settings\All Users\Application Data\117fc\2414.mof
• c:\Documents and Settings\All Users\Application Data\117fc\mozcrt19.dll
• c:\Documents and Settings\All Users\Application Data\117fc\sqlite3.dll
• c:\Documents and Settings\All Users\Application Data\117fc\Quarantine Items
• c:\Documents and Settings\All Users\Application Data\117fc\WINAGSys
• c:\Documents and Settings\All Users\Application Data\117fc\WINAGSys\vd952342.bd
• c:\Documents and Settings\All Users\Application Data\WINAGSys
• c:\Documents and Settings\All Users\Application Data\WINAGSys\winag.cfg
• %UserProfile%\Application Data\Additional Guard
• %UserProfile%\Application Data\Additional Guard\cookies.sqlite
• %UserProfile%\Application Data\Additional Guard\Instructions.ini
• %UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch\Additional Guard.lnk
• %UserProfile%\Desktop\Additional Guard.lnk
• %UserProfile%\Start Menu\Additional Guard.lnk
• %UserProfile%\Start Menu\Programs\Additional Guard.lnk
• c:\Program Files\Mozilla Firefox\searchplugins\search.xml
• %UserProfile%\Recent\ANTIGEN.drv
• %UserProfile%\Recent\ANTIGEN.tmp
• %UserProfile%\Recent\cid.dll
• %UserProfile%\Recent\CLSV.tmp
• %UserProfile%\Recent\ddv.dll
• %UserProfile%\Recent\eb.drv
• %UserProfile%\Recent\eb.exe
• %UserProfile%\Recent\energy.dll
• %UserProfile%\Recent\energy.sys
• %UserProfile%\Recent\exec.exe
• %UserProfile%\Recent\exec.tmp
• %UserProfile%\Recent\fan.drv
• %UserProfile%\Recent\FS.drv
• %UserProfile%\Recent\FS.exe
• %UserProfile%\Recent\kernel32.drv
• %UserProfile%\Recent\PE.sys
• %UserProfile%\Recent\ppal.exe

Ii sunt asociate cheile registry:

HKEY_CURRENT_USER\Software\3
HKEY_CLASSES_ROOT\CLSID\{3F2BBC05-40DF-11D2-9455-00104BC936FF}
HKEY_CLASSES_ROOT\xp_e0ebf.DocHostUIHandler
HKEY_CURRENT_USER\Software\Classes\Software\Microsoft\Internet Explorer\SearchScopes “URL” = “http://search-gala.com/?&uid=7&q={searchTerms}”
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download “RunInvalidSignatures” = “1″
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform “[xSP_2:117fc3395e69e29f71abba93a68c4181_7]”
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform “99660903″
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run “Additional Guard”

In log-ul HijackThis apar urmatoarele intrari:

O4 – HKLM\..\Run: [Additional Guard] “C:\Documents and Settings\All Users\Application Data\117fc\WI339.exe” /s /d

DEVIRUSARE: Descarcati, instalati si scanati Pc-ul cu Malwarebytes Anti-Malware. Stergeti la final toate infectiile gasite, apasand “Remove selected”.

Daca ai reusit sa cureti aceasta infectie, iti recomand sa cumperi versiunea PRO a Malwarebytes Anti-Malware pentru a te proteja si pe viitor de astfel de amenintari, avand in vedere ca nu au fost detectate\eliminate de antivirusul tau actual.