SpywareGuard2008

SpywareGuard2008

Found: 
2008-10-13
Known system changes: 

Created Files

  • %Desktop%Spyware Guard 2008.lnk
  • %Windir%reged.exe
  • %Windir%spoolsystem.exe
  • %Windir%syscert.exe
  • %Windir%sysexplorer.exe
  • %Windir%vmreg.dll
  • %Windir%sys.com

Created Folders

  • %ProgramFiles%Spyware Guard 2008
  • %CommonStartMenu%Spyware Guard 2008
  • %ProgramFiles%Spyware Guard 2008

Registry Entries

  • Key: HKEY_CURRENT_USER\software\spyware guard
  • Value:
  • Data:
  • Key: HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\spyware guard 2008
  • Value:
  • Data:
  • Key: HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run
  • Value: spywareguard
  • Data:
  • Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
  • Value: spywareguard
  • Data: C:\Documents and Settings\%userprofile%\Desktop\d191d05514d2272258d61b5c98500261spywareguard.exe
  • Key: HKEY_CURRENT_USER\Software\Spyware Guard 2008
  • Value:
  • Data:
  • Key: HKEY_CLASSES_ROOT\CLSID\{53060826-BE77-4318-BB1E-B88F2DF4DEC8}
  • Value:
  • Data:
  • Key: HKEY_CLASSES_ROOT\CLSID\{8CA47D9C-CE53-4369-9EB2-53AA4292F303}
  • Value:
  • Data:
  • Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
  • Value: ieModule
  • Data: {8CA47D9C-CE53-4369-9EB2-53AA4292F303}
  • Key: HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLs
  • Value: url2
  • Data: http://sguardscan.com/
  • Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
  • Value: spywareguard
  • Data: C:\Program Files\Spyware Guard 2008\spywareguard.exe
  • Key: HKEY_CLASSES_ROOT\CLSID\{293CD179-F950-4D60-BBB5-FCCC4A992B48}
  • Value:
  • Data:
  • Key: HKEY_CLASSES_ROOT\CLSID\{FF39D1F8-1EBF-48CA-B09A-764AF1175F57}
  • Value:
  • Data:
  • Key: HKEY_LOCAL_MACHINE\SOFTWARE\Spyware Guard 2009
  • Value:
  • Data:
  • Key: HKEY_CLASSES_ROOT\CLSID\{6CC348FE-AC79-437B-BE61-E664F5C54ED9}
  • Value:
  • Data:
  • Key: HKEY_CLASSES_ROOT\CLSID\{FF524719-85E5-43F2-B0AE-181F8063E7C8}
  • Value:
  • Data:
  • Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ceedbffaaddbaefc
  • Value:
  • Data:
  • Key: HKEY_LOCAL_MACHINE\SOFTWARE\Spyware Guard
  • Value:
  • Data:
  • Key: HKEY_LOCAL_MACHINE\SOFTWARE\Spyware Guard 2008
  • Value:
  • Data:
  • Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
  • Value: spywareguard
  • Data: C:\Documents and Settings\%userprofile%\Desktop\RESEARCH\1badd200b0182c248a6a007fc0d19a1c.exe