1. /
  2. Security Response/
  3. TrojanGuarder

TrojanGuarder

Updated:
February 13, 2007 11:50:42 AM
Type:
Misleading Application
Publisher:
anit-viruses.net
Risk Impact:
Medium
File Names:
Trojan_Guarder_Gld.exe,Trojan Guarder.exe
Systems Affected:
Windows 2000, Windows 95, Windows 98, Windows CE, Windows NT, Windows Server 2003, Windows XP

When TrojanGuarder is executed, it performs the following actions:
  1. Creates some of the following files:
    • %ProgramFiles%\Trojan Guarder Gold Version\hook.dll
    • %ProgramFiles%\Trojan Guarder Gold Version\Products.htm
    • %ProgramFiles%\Trojan Guarder Gold Version\Trojan Guarder Help.chm
    • %ProgramFiles%\Trojan Guarder Gold Version\Trojan Guarder.exe
    • %ProgramFiles%\Trojan Guarder Gold Version\trojan.update
    • %ProgramFiles%\Trojan Guarder Gold Version\unins000.dat
    • %ProgramFiles%\Trojan Guarder Gold Version\unins000.exe
    • %ProgramFiles%\Trojan Guarder Gold Version\Visit Our Site.url
    • C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Trojan Guarder Gold Version.lnk
    • C:\Documents and Settings\All Users\Start Menu\Programs\Trojan Guarder Gold Version\Help.lnk
    • C:\Documents and Settings\All Users\Start Menu\Programs\Trojan Guarder Gold Version\Trojan Guarder Gold Version.lnk
    • C:\Documents and Settings\All Users\Start Menu\Programs\Trojan Guarder Gold Version\Uninstall.lnk
    • C:\Documents and Settings\All Users\Start Menu\Programs\Trojan Guarder Gold Version\Visit Our Site.lnk
    • C:\Documents and Settings\All Users\Start Menu\Programs\Trojan Guarder Gold Version.lnk
    • %UserProfile%\Desktop\Trojan Guarder Gold Version.lnk

      Note:

    • %ProgramFiles% is a variable that refers to the program files folder. By default, this is C:\Program Files.
    • %UserProfile% is a variable that refers to the current user's profile folder. By default, this is C:\Documents and Settings\[CURRENT USER] (Windows NT/2000/XP).

  2. Creates some of the following registry subkeys:

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Trojan Guarder Gold Version_is1
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.ptx
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.ptx\Exension
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.ptx\Exension\{223bd4fe-345e-ffae-3c9f-fe62375679e1}

  3. Adds the following registry entry:

    "ComStart" = "C:\Program Files\Trojan Guarder Gold Version\Trojan Guarder.exe"

    to the subkey:

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run


Summary| Technical Details| Removal

Search Threats

Search by name
Example: W32.Beagle.AG@mm
STAR Antimalware Protection Technologies
Internet Security Threat Report
Symantec DeepSight Screensaver