1. Symantec/
  2. Security Response/
  3. SystemGuard2009

SystemGuard2009

Updated:
March 20, 2009 3:19:53 PM
Type:
Misleading Application
Name:
System Guard 2009
Publisher:
System Guard
Risk Impact:
Medium
Systems Affected:
Windows
Behavior
The program must be manually installed.

The program reports false or exaggerated system security threats on the computer.





The user is then prompted to pay for a full license of the application in order to remove the threats.





Installation
When the program is executed, it creates the following files:
  • %CurrentFolder%\conf.cfg
  • %CurrentFolder%\mbase.vdb
  • %CurrentFolder%\quarantine.vdb
  • %CurrentFolder%\queue.vdb
  • %CurrentFolder%\vbase.vdb


It also creates the following folder:
%CurrentFolder%\quarantine

Next, it creates the following registry subkey:
HKEY_LOCAL_MACHINE\System Guard 2009

The program then creates the following registry entry so that it executes whenever Windows starts:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\"systemguard" = "[PATH TO EXECUTABLE]"
Summary| Technical Details| Removal

Search Threats

Search by name
Example: W32.Beagle.AG@mm
STAR Antimalware Protection Technologies
2016 Internet Security Threat Report, Volume 21
  • Twitter
  • Facebook
  • LinkedIn
  • Google+
  • YouTube