Remove Internet Security Guard

Another creation of hackers is targeting computers all over the world. Internet Security Guard is reported to be a deceitful rogueware application which is trying to beguile unsuspecting PC users into thinking they are about to download and install a reliable AV tool. Not only that, but the deceitful intruder will do anything to mislead PC users into thinking they can rely on its services. The fraudulent application will not let people know about its intentions. It will also not reveal that it cannot provide effective security services and its presence will put the whole system in danger. The truth is that Internet Security Guard is useless software aimed at taking your money and misusing your personal and credit card details. For that reason, this program has to be treated as a malicious intruder and its plan has to be stopped as soon as possible.

Internet Security Guard is known to be a member of the Rogue.VirusDoctor family. This attacker uses all the tricks common for fake AV applications. The intruder is spread in two ways – the first of them is through the use of fake online scans. The fake system scan will claim that there are many infections on your computer, and you need to download some file to fix the problems. However, you will not be told that thus you will transfer the malicious computer virus Internet Security Guard right to your machine. Another way of spreading this infection is via compromised web pages which exploit vulnerabilities in programs which are currently running on a targeted PC. The bogus application uses the vulnerabilities to penetrate into more and more computers.

Figure 1. Internet Security Guard 2012 GUI

After Internet Security Guard has managed to enter into your PC, the program will load automatically. It will generate many infected files in the %UserProfile%\Recent\ directory. Some of them contain random characters in their names and others have the name ANTIGEN.exe or energy.exe. The malicious application will pretend to scan your system for compromised files and system errors, but the scan results will show the files created by the intruder itself. Internet Security Guard will show a list of the infected files and claim that you have to remove them as soon as possible. However, even if you try to delete these files, Internet Security Guard will not allow you to do that. It will claim that the files can be removed only with the help of the full version of the fake AV application.



To be even more convincing, Internet Security Guard will display numerous pop-up messages. All of them will warn you about serious system problems and errors. The alerts will imitate legitimate security warnings, but they will, in fact, show only fake information to scare you into buying the scam application. The warnings will show the following problems:

System Message

Your PC may still be infected with dangerous viruses. Internet Security Guard protection is needed to prevent data loss and avoid theft of your personal data and credit card details. Click here to activate protection.

Memory access problem

WindowsErrorForm has encountered a problem at address 0x1FC408.
We are sorry for the inconvenience.
Address space conflict

Warning! Access conflict detected

An unidentified program is trying to access system process address space.

Do not believe in any of these fake messages and scan results. Ignore them and remember that Internet Security Guard is just another creation of cyber criminals which is aimed at taking your money. This fake AV application will not only put your whole system in danger, but it will even make it possible for other malicious intruders to penetrate into it. To protect your machine, remove the attacker immediately. Make sure that you have deleted all the files it has created. Moreover, do not reveal any information to Internet Security Guard. Both your personal and financial details will be used in a dishonest way.

Internet Security Guard Manual Removal Instructions:

Stop These Internet Security Guard Processes:
(Learn how to do this)

[random].exe

Find and Delete These Internet Security Guard Files:
(Learn how to do this)

%AllUsersProfile%\Application Data\5c678c\mozcrt19.dll
%AllUsersProfile%\Application Data\5c678c\sqlite3.dll
%AllUsersProfile%\Application Data\5c678c\
%AllUsersProfile%\Application Data\5c678c\Quarantine Items\
%AllUsersProfile%\Application Data\5c678c\BackUp\
%AllUsersProfile%\Application Data\5c678c\ISGSys\
%AllUsersProfile%\Application Data\5c678c\5285.mof
%AllUsersProfile%\Application Data\5c678c\IS5c6_8027.exe
%AllUsersProfile%\Application Data\5c678c\ISG.ico
%AllUsersProfile%\Application Data\5c678c\mozcrt19.dll
%AllUsersProfile%\Application Data\5c678c\sqlite3.dll
%AllUsersProfile%\Application Data\ISVLVYG\
%AllUsersProfile%\Application Data\ISVLVYG\ISVJG.cfg
%AppData%\Internet Security Guard\
%AppData%\Internet Security Guard\Instructions.ini
%AppData%\Internet Security Guard\cookies.sqlite
%AppData%\Microsoft\Internet Explorer\Quick Launch\Internet Security Guard.lnk
%UserProfile%\Desktop\Internet Security Guard.lnk
%UserProfile%\Start Menu\Internet Security Guard.lnk
%UserProfile%\Start Menu\Programs\Internet Security Guard.lnk

Remove These Internet Security Guard Registry Values:
(Learn how to do this)

HKEY_LOCAL_MACHINE\software\Classes\CLSID\{3F2BBC05-40DF-11D2-9455-00104BC936FF}
HKEY_LOCAL_MACHINE\software\Classes\CLSID\{3F2BBC05-40DF-11D2-9455-00104BC936FF}\LocalServer32
HKEY_LOCAL_MACHINE\software\Classes\CLSID\{3F2BBC05-40DF-11D2-9455-00104BC936FF}\ProgID
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\agent.exe
HKHKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\pctsAuxs.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\pctsGui.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\pctsSvc.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\pctsTray.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\egui.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msmpeng.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msascui.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msseces.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ekrn.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\egui.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ekrn.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msmpeng.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avastui.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msseces.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avastsvc.exe
There are more under same branch, referencing major antivirus program executables.

Free Antispyware Scan

Tags: , ,

By

Trackbacks

  1. [...] but eliminate it as soon as you spot it on your PC with the help of a genuine AV program. You can easily remove Internet Security Guard by removing its malicious files and [...]

Speak Your Mind

*