Additional Guard is a rogue antispyware program. It is a clone of Windows Additional Guard, which is also a fake antivirus program. Both programs are from the family of VirusDoctor scareware. It is distributed through malicious web sites that are disguised as online anti spyware scanners. It will stat that your computer is infected and you must install the software to clean your PC. The software is a trojan downloader. Once started, it will install the Additional Guard and create numerous files with random names in %UserProfile%\Recent folder. The files are made to appear as infections, but are in reality harmless.
Once running, Additional Guard will perform a scan of your computer and display false scan results. It will state that your computer is infected with adware, malware and trojans and that you should purchase the software to remove these infections. Of course, these infections are all fake, because Additional Guard identifies harmless files as dangerous infections. So you can safely ignore the scan results.
Additional Guard – scan results
While Additional Guard is running, it blocks Task Manager and legitimate antivirus and antispyware programs (Kaspersky Antivirus, DrWeb, AdAware, McAfee, Norton AV and much more). Your computer will display fake warnings and fake security alerts from your Windows task bar. Some of the alerts:
Suspicious software which may be malicious has been
detected on your PC. Click here to remove this threat
immediately using Additional Guard.
Your PC may still infected with dangerous viruses.
Additional Guard protection is needed to prevent data loss
and avoid theft of your personal data and credit card details.
Click here to activate protection.
Warning! Virus Detected
Threat detected: Trojan-PSW.Win32.Dripper
Also Additional Guard will hijack Internet Explorer and randomly shows a “There is a problem with this websites`s secuirty” warning page. Of course, all of these alerts and warnings are scam and like scan false results should be ignored! If you find that your system is infected with this malware, then most importantly, do not purchase it. Instead, uninstall Additional Guard from your PC as soon as possible. Please follow the guidelines below to remove this infection.
More screen shoots of Additional Guard
Symptoms in a HijackThis Log
O1 – Hosts: 126.96.36.199 4-open-davinci.com
O1 – Hosts: 188.8.131.52 securitysoftwarepayments.com
O1 – Hosts: 184.108.40.206 privatesecuredpayments.com
O1 – Hosts: 220.127.116.11 secure.privatesecuredpayments.com
O1 – Hosts: 18.104.22.168 getantivirusplusnow.com
O1 – Hosts: 22.214.171.124 secure-plus-payments.com
O1 – Hosts: 126.96.36.199 www.getantivirusplusnow.com
O1 – Hosts: 188.8.131.52 www.secure-plus-payments.com
O1 – Hosts: 184.108.40.206 www.getavplusnow.com
O1 – Hosts: 220.127.116.11 www.securesoftwarebill.com
O1 – Hosts: 18.104.22.168 secure.paysecuresystem.com
O1 – Hosts: 22.214.171.124 paysoftbillsolution.com
O4 – HKLM\..\Run: [Additional Guard] “C:\Documents and Settings\All Users\Application Data\17c1f\WIf9a.exe” /s /d
Use the following instructions to remove Additional Guard (Uninstall instructions)
Download MalwareBytes Anti-malware (MBAM). Close all programs and Windows on your computer.
Double Click mbam-setup.exe to install the application. When the installation begins, keep following the prompts in order to continue with the installation process. Do not make any changes to default settings and when the program has finished installing, make sure a checkmark is placed next to Update Malwarebytes’ Anti-Malware and Launch Malwarebytes’ Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded you will see window similar to the one below.
Malwarebytes Anti-Malware Window
Select Perform Quick Scan, then click Scan, it will start scanning your computer for Additional Guard infection. This procedure can take some time, so please be patient.
When the scan is complete, click OK, then Show Results to view the results. You will see a list of infected items similar as shown below. Note: list of infected items may be different than what is shown in the image below.
Malwarebytes Anti-malware, list of infected items
Make sure that everything is checked, and click Remove Selected for start Additional Guard removal process. When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.
Note: if you need help with the instructions, then post your questions in our Spyware Removal forum.
Additional Guard creates the following files and folders
C:\Documents and Settings\All Users\Application Data\WINAGSys
%UserProfile%\Application Data\Additional Guard
C:\Documents and Settings\All Users\Application Data\17c1f\WIf9a.exe
C:\Documents and Settings\All Users\Application Data\WINAGSys\winag.cfg
%UserProfile%\Application Data\Additional Guard\Instructions.ini
%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch\Additional Guard.lnk
%UserProfile%\Start Menu\Additional Guard.lnk
%UserProfile%\Start Menu\Programs\Additional Guard.lnk
Additional Guard creates the following registry keys and values