Jump to content

Windows Software Guard Adware Removal Instructions


Recommended Posts

The Emsisoft malware research team has discovered a new outbreak of the Windows Software Guard adware. Emsisoft Anti-Malware detects this malware as Adware.Win32.WindowsSoftwareGuard.

Windows Software Guard is a rogue application. This is another variant of Windows Wise Protection, Windows Software Protection, Windows Problems Protector, Windows Shield Center, Windows Problems Remover, Windows Health Center, Windows Antispyware Solution, Windows Universal Tools, Windows Risk Eliminator, Windows Security & Control, Windows Utility Tool, Windows Optimization & Security, Windows Optimization Center and Privacy Guard 2010. A rogue application tries to trick you by displaying false positive/misleading scan results report, which says that your computer has a problem, or infected with viruses or trojan, but you will not be able to fix it before you purchase.

Create new file:

  • %UserProfile%Application Data%random%.exe

Create/modify registry entries:

  • HKEY_CURRENT_USERsoftwareMicrosoftWindows NTCurrentVersionWinlogon
    (String) Shell = %UserProfile%Application Data%random%.exe
  • HKEY_LOCAL_MACHINEsoftwareMicrosoftWindows NTCurrentVersionSystemRestore
    (DWORD) DisableSR = 0×00000001 (1)
  • HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversionImage File Execution Optionsegui.exe
    (String) Debugger = svchost.exe
  • HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversionImage File Execution Optionsekrn.exe
    (String) Debugger = svchost.exe
  • HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversionImage File Execution Optionsmsascui.exe
    (String) Debugger = svchost.exe
  • HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversionImage File Execution Optionsmsmpeng.exe
    (String) Debugger = svchost.exe
  • HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversionImage File Execution Optionsmsseces.exe
    (String) Debugger = svchost.exe

Screenshots:

Adware.Win32.WindowsSoftwareGuard_1-400x

Adware.Win32.WindowsSoftwareGuard_2-400x

Adware.Win32.WindowsSoftwareGuard_3-400x

Adware.Win32.WindowsSoftwareGuard_4-400x

Adware.Win32.WindowsSoftwareGuard_5.png

Adware.Win32.WindowsSoftwareGuard_6-400x

Adware.Win32.WindowsSoftwareGuard_7-400x

How to remove the infection of Windows Software Guard (Adware.Win32.WindowsSoftwareGuard)?

To delete this malware infection, please download and install Emsisoft Anti-Malware. Run a full scan on all drives and move all detected items to the quarantine.



View the full article
Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...