Fake Anti Spyware.GuardPcs - Spyware Detector

Home / Spyware Encyclopedia / Fake Anti Spyware.GuardPcs

Fake Anti Spyware.GuardPcs Technical Details

Category	Fake Anti Spyware
Discovered	12/16/2009 3:05:51 PM
Modified	12/29/2009 1:25:09 PM
Threat Level	High

Category Description

These are programs which look like any legitimate program but usually download without users permission, entice users into buying them by showing fake results to improve users PC performance. They may also download spyware and other unwanted programs.

Description

GuardPcs is Rogue Security Program. GuardPcs usually installed itself onto your PC without your permission, through Vundo Trojan, Virus or fake software. It uses aggressive and deceptive techniques to frighten the user into purchasing the program. It gives exaggerated report and claims of spyware found or false positives but will not remove spyware unless the user purchases the program.

Notice

Summary

The following http urls were started: NA

The hosts file was updated with the following url-to-ip mappings:

127.0.0.1	localhost
127.0.0.1	download.windowsupdate.com
127.0.0.1	http://update.microsoft.com

The following internet connection was established:

85.12.25.111 : 80

Process		guardpcs.exe
Drivers		N/A
Folder Created		%DAS.AU.SM.P%\GuardPcs %PF%\GuardPcs Software

The following Files were created:

Name	Version	Publisher	Signature (MD5)	File Size (in KB)
..\guardpcs\guardpcs.exe	1.2.0.63	Secure Software	29fbf11a748becf5af54741e401ea5b9	1638912
..\001e68b6.exe			c63f804fe088a9899df2e129247bc564	40448
..\guardpcs.exe			c352c8b4f6772299ea63c341c9b3f786	1734841

The following Registry Entries were created:

•	..\Software\Microsoft\Windows\CurrentVersion\Run\\"000ce576.exe"\"%win.sys32%\000ce576.exe"
•	..\Software\Microsoft\Windows\CurrentVersion\Run\\"guardpcs.exe"\"%pf%\guardpcs software\guardpcs\guardpcs.exe"
•	..\Software\Classes\*\"001e60f9.exe"\"3735936696"
•	..\Software\guardpcs
•	..\Software\Microsoft\Windows\CurrentVersion\Run\\"001e4fd6.exe"\"%win.sys32%\001e4fd6.exe"
•	..\Software\Classes\*\"000be56a.exe"\"3735936644"
•	..\Software\Classes\*\"001e68b6.exe"\"3735936696"
•	..\Software\Microsoft\Windows\CurrentVersion\Run\\"000be56a.exe"\"%win.sys32%\000be56a.exe"
•	..\Software\Microsoft\Windows\CurrentVersion\Run\\"001e68b6.exe"\"%win.sys32%\001e68b6.exe"
•	..\Software\Classes\*\"001e4fd6.exe"\"3735936696"
•	..\Software\Microsoft\Windows\CurrentVersion\Uninstall\guardpcs
•	..\Software\Microsoft\Windows\CurrentVersion\Run\\"001e60f9.exe"\"%win.sys32%\001e60f9.exe"
•	..\Software\Classes\*\"000ce576.exe"\"3735936645"

The following images were captured:

Recommendation to remove Fake Anti Spyware.GuardPcs

Spyware Detector can remove Fake Anti Spyware.GuardPcs, and thousands of other Spyware automatically and instantly. Click here to download Spyware Detector and scan for free.

Download Spyware Detector and Scan for FREE

Search Threats