How to remove Windows Additional Guard rogue anti-spyware

Malware Description:
Windows Additional Guard has been lately recognized as a rogue anti-spyware program. The traits Windows Additional Guard is exhibiting enabled us to associate it with such badware apps as Windows Guard Pro, Ultimate System Guard, Malware Catcher, Windows Protection Suite and some other potentially hazardous programs.The core of Windows Additional Guard activity consists in displaying fake virus detection reports and then telling the PC user he/she needs to register its licensed software for extermination of the previously detected malicious stuff. Since Windows Additional Guard is a rogue, another one of its basics is backdoor intrusion – so you are very unlikely to notice this malware infiltrating your system. Having installed, Windows Additional Guard will overwhelm your computer routine with its constantly bombarding pop-ups that state your PC is critically infected and needs a cure. An additional element of these misinforming tactics is Windows Additional Guard scanners that report tons of infections without actually checking your system for real. Once Windows Additional Guard succeeds to produce the impression that the compromised PC is under a great risk, the program proceeds and recommends the confused user to install its full version in exchange for an online payment. Beyond doubt, Windows Additional Guard is not worth the money it asks, nor is it worth a penny. Windows Additional Guard is a fake, so remove the malware ASAP if located.

Malware Type: Rogue Anti-Spyware

Malware Author: dreamakerlab

Threat Level: Critical

Advice: Immediately remove and scan for additional malware

Windows Additional Guard Free Scanner and Remover: Download Now

Windows Additional Guard Screenshot:

Windows Additional Guard

How to remove Windows Additional Guard and affiliated threats manually:
Manual removal of Windows Additional Guard is a feasible objective if you have sufficient expertise in dealing with program files, processes, .dll files and registry entries.

The files to be deleted are listed below:

  • %Documents and Settings%\All Users\Application Data\345d567
  • %Documents and Settings%\All Users\Application Data\345d567\578.mof
  • %Documents and Settings%\All Users\Application Data\345d567\mozcrt19.dll
  • %Documents and Settings%\All Users\Application Data\345d567\sqlite3.dll
  • %Documents and Settings%\All Users\Application Data\345d567\WI345d.exe
  • %Documents and Settings%\All Users\Application Data\345d567\WINAG.ico
  • %Documents and Settings%\All Users\Application Data\345d567\WINAGSys
  • %Documents and Settings%\All Users\Application Data\345d567\WINAGSys\vd952342.bd
  • %Documents and Settings%\All Users\Application Data\WINAGSys
  • %Documents and Settings%\All Users\Application Data\WINAGSys\winag.cfg
  • %UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Additional Guard.lnk
  • %UserProfile%\Application Data\Windows Additional Guard
  • %UserProfile%\Application Data\Windows Additional Guard\cookies.sqlite
  • %UserProfile%\Desktop\Windows Additional Guard.lnk
  • %UserProfile%\Recent\ANTIGEN.tmp
  • %UserProfile%\Recent\cb.exe
  • %UserProfile%\Recent\CLSV.tmp
  • %UserProfile%\Recent\ddv.dll
  • %UserProfile%\Recent\dudl.drv
  • %UserProfile%\Recent\energy.dll
  • %UserProfile%\Recent\energy.sys
  • %UserProfile%\Recent\exec.exe
  • %UserProfile%\Recent\fan.drv
  • %UserProfile%\Recent\FS.dll
  • %UserProfile%\Recent\PE.drv
  • %UserProfile%\Recent\ppal.exe
  • %UserProfile%\Recent\SICKBOY.tmp
  • %UserProfile%\Recent\tjd.sys
  • %UserProfile%\Start Menu\Windows Additional Guard.lnk
  • %UserProfile%\Start Menu\Programs\Windows Additional Guard.lnk
  • %Program Files%\Mozilla Firefox\searchplugins\search.xml

The registry entries that need to be removed are as follows:

  • HKEY_CLASSES_ROOT\CLSID\{3F2BBC05-40DF-11D2-9455-00104BC936FF}
  • HKEY_CLASSES_ROOT\WI345d.DocHostUIHandler
  • HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes “URL” => “http://search-gala.com/?&uid=7&q={searchTerms}”
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform “967907703″
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “Windows Additional Guard”

Please, be aware that manual removal of Windows Additional Guard is a cumbersome process and does not always ensure complete deletion of the malware, due to the fact that some files might be hidden or may get reanimated automatically afterwards. Moreover, manual interference of this kind may cause damage to the system. That’s why we strongly recommend automatic removal of Windows Additional Guard, which will save your time and enable avoiding any system malfunctions and guarantee the needed result.

Download Windows Additional Guard Remover

Like This Article? Let Others Know!

Post a Comment: