• Downloads
  • Threats
    • Adware
    • Browser Hijacking
    • Rogue Anti Spyware
    • Virus
  • Questions and Answers
  • Recover Encrypted Files
  • Free Malware Removal Tools

My AntiSpyware

Free antispyware software, Online Scanners, Instructions on how to remove spyware and malware.

Menu
  • Downloads
  • Threats
    • Adware
    • Browser Hijacking
    • Rogue Anti Spyware
    • Virus
  • Questions and Answers
  • Recover Encrypted Files
  • Free Malware Removal Tools
Home › Rogue Anti Spyware › Tutorials - HowTo › How to remove Additional Guard (Uninstall instructions)

How to remove Additional Guard (Uninstall instructions)

Myantispyware team November 22, 2009     10 Comments    

Additional Guard is a rogue antispyware program. It is a clone of Windows Additional Guard, which is also a fake antivirus program. Both programs are from the family of VirusDoctor scareware. It is distributed through malicious web sites that are disguised as online anti spyware scanners. It will stat that your computer is infected and you must install the software to clean your PC. The software is a trojan downloader. Once started, it will install the Additional Guard and create numerous files with random names in %UserProfile%\Recent folder. The files are made to appear as infections, but are in reality harmless.

Once running, Additional Guard will perform a scan of your computer and display false scan results. It will state that your computer is infected with adware, malware and trojans and that you should purchase the software to remove these infections. Of course, these infections are all fake, because Additional Guard identifies harmless files as dangerous infections. So you can safely ignore the scan results.

Additional_Guard_scan_results
Additional Guard – scan results

While Additional Guard is running, it blocks Task Manager and legitimate antivirus and antispyware programs (Kaspersky Antivirus, DrWeb, AdAware, McAfee, Norton AV and much more). Your computer will display fake warnings and fake security alerts from your Windows task bar. Some of the alerts:

System alert!
Suspicious software which may be malicious has been
detected on your PC. Click here to remove this threat
immediately using Additional Guard.

System message
Your PC may still infected with dangerous viruses.
Additional Guard protection is needed to prevent data loss
and avoid theft of your personal data and credit card details.
Click here to activate protection.

Warning! Virus Detected
Threat detected: Trojan-PSW.Win32.Dripper

Also Additional Guard will hijack Internet Explorer and randomly shows a “There is a problem with this websites`s secuirty” warning page. Of course, all of these alerts and warnings are scam and like scan false results should be ignored! If you find that your system is infected with this malware, then most importantly, do not purchase it. Instead, uninstall Additional Guard from your PC as soon as possible. Please follow the guidelines below to remove this infection.

More screen shoots of Additional Guard



Symptoms in a HijackThis Log

O1 – Hosts: 74.125.45.100 4-open-davinci.com
O1 – Hosts: 74.125.45.100 securitysoftwarepayments.com
O1 – Hosts: 74.125.45.100 privatesecuredpayments.com
O1 – Hosts: 74.125.45.100 secure.privatesecuredpayments.com
O1 – Hosts: 74.125.45.100 getantivirusplusnow.com
O1 – Hosts: 74.125.45.100 secure-plus-payments.com
O1 – Hosts: 74.125.45.100 www.getantivirusplusnow.com
O1 – Hosts: 74.125.45.100 www.secure-plus-payments.com
O1 – Hosts: 74.125.45.100 www.getavplusnow.com
O1 – Hosts: 74.125.45.100 www.securesoftwarebill.com
O1 – Hosts: 74.125.45.100 secure.paysecuresystem.com
O1 – Hosts: 74.125.45.100 paysoftbillsolution.com
O4 – HKLM\..\Run: [Additional Guard] “C:\Documents and Settings\All Users\Application Data\17c1f\WIf9a.exe” /s /d

Use the following instructions to remove Additional Guard (Uninstall instructions)

Download MalwareBytes Anti-malware (MBAM). Close all programs and Windows on your computer.

Double Click mbam-setup.exe to install the application. When the installation begins, keep following the prompts in order to continue with the installation process. Do not make any changes to default settings and when the program has finished installing, make sure a checkmark is placed next to Update Malwarebytes’ Anti-Malware and Launch Malwarebytes’ Anti-Malware, then click Finish.

If an update is found, it will download and install the latest version.

Once the program has loaded you will see window similar to the one below.

malwarebytes-antimalware1
Malwarebytes Anti-Malware Window

Select Perform Quick Scan, then click Scan, it will start scanning your computer for Additional Guard infection. This procedure can take some time, so please be patient.

When the scan is complete, click OK, then Show Results to view the results. You will see a list of infected items similar as shown below. Note: list of infected items may be different than what is shown in the image below.

Additional_Guard_remove
Malwarebytes Anti-malware, list of infected items

Make sure that everything is checked, and click Remove Selected for start Additional Guard removal process. When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.

Note: if you need help with the instructions, then post your questions in our Spyware Removal forum.

Additional Guard creates the following files and folders

C:\Documents and Settings\All Users\Application Data\WINAGSys
%UserProfile%\Application Data\Additional Guard
C:\Documents and Settings\All Users\Application Data\17c1f\WIf9a.exe
C:\Documents and Settings\All Users\Application Data\WINAGSys\winag.cfg
%UserProfile%\Application Data\Additional Guard\Instructions.ini
%UserProfile%\Desktop\Additional Guard.lnk
%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch\Additional Guard.lnk
%UserProfile%\Start Menu\Additional Guard.lnk
%UserProfile%\Start Menu\Programs\Additional Guard.lnk

Additional Guard creates the following registry keys and values

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\additional guard

Rogue Anti Spyware Tutorials - HowTo

Author: Myantispyware team

Myantispyware is an information security website created in 2004. Our content is written in collaboration with Cyber Security specialists, IT experts, under the direction of Patrik Holder and Valeri Tchmych, founders of Myantispyware.com.

10 Comments

  1. jacob tenenhaus
    ― December 2, 2009 - 9:20 am  Reply

    want to get rid of additional guard

  2. Patrik
    ― December 2, 2009 - 9:36 am  Reply

    Jacob, if the instructions above does not help you, then ask for help in our Spyware removal forum.

  3. Chaim Casper
    ― December 5, 2009 - 10:07 pm  Reply

    I’ve used Malwarebytes Anti-malware and Spybot twice (after making sure it was up to date). Malware says it removed Additional Guard but it is still there. Spybot removes all but 15 infections which it says it can’t remove. So Additional Guard is still on my system. Any advice?

  4. Patrik
    ― December 5, 2009 - 10:57 pm  Reply

    Chaim, open a new topic in our Spyware removal forum. I will help you.

  5. greg
    ― December 13, 2009 - 9:21 am  Reply

    patrik, you rock. I fight these everyday and just wanted to say thank you for your time and effort… this is a particularly pernicious nasty…. thanks buddy. (i still haven’t gotten rid of it but i’m hitting it with EVERYTHING)

  6. scott
    ― December 17, 2009 - 2:10 pm  Reply

    Client has this booger on a single PC. Malware found 167 infections and I removed. Symantec Endpoint also found a few traces and quarantined as well!

    I’ve also done a search for

  7. Mike
    ― December 18, 2009 - 1:34 am  Reply

    dont forget to first run is safe mode…… then run Malware

  8. pia
    ― December 21, 2009 - 1:14 pm  Reply

    thankyou vry much..m really thankful to your malware.it helped me getting rid of additional guard which proved to be a constant headache for me and ofcourse my computer.i just want thank you with utmost respect.thankyou again.

  9. JM
    ― December 21, 2009 - 3:46 pm  Reply

    I cannot delete Additional Guard, Malware does not find it, SUPERAntiSpyware neither. What can I do? Thanks in advance.

  10. Patrik
    ― December 22, 2009 - 7:36 am  Reply

    JM, probably your PC is infected with a new variant of the rogue. Ask for help in our Spyware removal forum.

Leave a Reply Cancel reply




New Guides

Painter chrome extension virus
Painter Chrome extension (Virus removal guide)
Zpwnan.com scam
Zpwnan.com Virus Removal Guide
News-kayamo.com scam
News-kayamo.com Virus Removal Guide
Lan01.bid scam
Lan01.bid Virus Removal Guide
Venturionus.com scam
Venturionus.com Virus Removal Guide

Follow Us

Search

Useful Guides

ads by adware
How to remove Adware from Windows 10 (Virus removal guide)
How to reset Internet Explorer settings to default
How to remove pop-up ads [Chrome, Firefox, IE, Opera, Edge]
Iphone Calendar virus spam
Iphone Calendar Virus/Spam (Removal guide)
remove android virus
How to remove virus from Android phone

Recent Posts

How to remove Koobface worm (Removal guide)
How to use ESET Online Scanner
How to remove SecureKeeper (Uninstall instructions)
How to remove System Defender (Uninstall instructions)
How to remove Enterprise Suite (Uninstall instructions)

MYANTISPYWARE.COM

  • About Us
  • Contact Us
  • Privacy Policy

NEED A HELP ?

If you're seeing unwanted pop-ups or ads in your web-browser, you might have an adware installed on your computer. Use the following guide to stop pop-up ads and remove malicious software. Or ask for help here.

Links

  • Downloads
  • Instructions
  • Questions and Answers
  • Free Malware Removal Tools
Copyright © 2004 - 2022 Myantispyware.com - Free antispyware programs and Spyware Removal Instructions.