Spyware descriptions, detection and removal

Internet Security Guard

January 16th, 2012
Home » Rogue Antispyware » Internet Security Guard

Repair and protect your computer easily. Download Internet Security Guard removal tool

Internet Security Guard description

Internet Security Guard is a rogue anti-spyware application which spreads via trojan. Trojan horse enters the system through its vulnerabilities and leaves a door for the parasite to sneak. Malware gains to trick user into believing their PC is infected and seeks to force user purchase “full” version of Internet Security Guard scam.

Once active it starts to imitate computer scans and displays numerous fake warning messages that state about computer infections. For example:

Address space conflict
Warning! Access conflict detected
An unidentified program is trying to access system process address space.

System Message
Your PC may still be infected with dangerous viruses. Internet Security Guard protection is needed to prevent data loss and avoid theft of your personal data and credit card details. Click here to activate protection.

Memory access problem
WindowsErrorForm has encountered a problem at address 0×1FC408.
We are sorry for the inconvenience.

Do not fall for this scam because malware is not able to provide any actual computer protection service. It only gains to force use to buy rogue program. Do not waste your money for this bogus application but use decent anti-spyware tool and get rid of Internet Security Guard immediately.

Manual Internet Security Guard Removal

Internet Security Guard processes:

PE.exe
ISa76.exe
ANTIGEN.exe
energy.exe
SM.exe
Help: A Guideline of Killing Malicious Processes

Internet Security Guard registry values:

HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes
HKEY_CURRENT_USER\Software\3
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun
HKEY_CLASSES_ROOT\CLSID\{3F2BBC05-40DF-11D2-9455-00104BC936FF}
HKEY_CLASSES_ROOT\IS9c5_8027.DocHostUIHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\_avp32.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ackwin32.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\adaware.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\av360.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\McSACore.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\zapsetup3001.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\zatutor.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\zonalm2601.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\zonealarm.exe
HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes "URL" = "http://findgala.com/?&uid=8027&q={searchTerms}"
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer "PRS" = "http://127.0.0.1:27777/?inj=%ORIGINAL%"
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download "RunInvalidSignatures" = "1"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform "879905773703"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform "feed/7.1.08027"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer "DisallowRun" = "1"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun "0" = "msseces.exe"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun "1" = "MSASCui.exe"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun "10" = "avgscanx.exe"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun "11" = "avgcfgex.exe"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun "12" = "avgemc.exe"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun "13" = "avgchsvx.exe"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun "14" = "avgcmgr.exe"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun "15" = "avgwdsvc.exe"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun "3" = "egui.exe"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun "4" = "avgnt.exe"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun "5" = "avcenter.exe"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun "6" = "avscan.exe"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun "7" = "avgfrw.exe"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun "8" = "avgui.exe"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun "9" = "avgtray.exe"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "Internet Security Guard"
HKEY_CLASSES_ROOT\Software\Microsoft\Internet Explorer\SearchScopes "URL" = "http://findgala.com/?&uid=8027&q={searchTerms}"
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download "CheckExeSignatures" = "no"
Help: How to edit windows registry entries

Internet Security Guard DLLs:

CLSV.dll
eb.dll
gid.dll
SM.dll

Other malicious Internet Security Guard files:

%AppData%\Internet Security Guard\
%AppData%\Internet Security Guard\cookies.sqlite
%AppData%\Internet Security Guard\Instructions.ini
%AppData%\Microsoft\Internet Explorer\Quick Launch\Internet Security Guard.lnk
%CommonAppData%\79b35\
%CommonAppData%\79b35\ISa76.exe
%CommonAppData%\79b35\ISG.ico
%CommonAppData%\ISEUG\
%CommonAppData%\ISEUG\ISKIYFOAG.cfg
%UserProfile%\Desktop\Internet Security Guard.lnk
%UserProfile%\Recent\ANTIGEN.exe
%UserProfile%\Recent\cb.drv
%UserProfile%\Recent\CLSV.dll
%UserProfile%\Recent\eb.dll
%UserProfile%\Recent\energy.exe
%UserProfile%\Recent\energy.tmp
%UserProfile%\Recent\fan.sys
%UserProfile%\Recent\fix.sys
%UserProfile%\Recent\FW.drv
%UserProfile%\Recent\gid.dll
%UserProfile%\Recent\PE.exe
%UserProfile%\Recent\ppal.sys
%UserProfile%\Recent\SICKBOY.tmp
%UserProfile%\Recent\sld.sys
%UserProfile%\Recent\SM.dll
%UserProfile%\Recent\SM.exe
%UserProfile%\Recent\snl2w.drv
%UserProfile%\Recent\tjd.tmp
%UserProfile%\Start Menu\Internet Security Guard.lnk
%UserProfile%\Start Menu\Programs\Internet Security Guard.lnk

The manual removal of files and registries should be performed by experienced users. A system can be badly affected if any error is done during the manual removal. We recommend using automatic removal tools to delete Internet Security Guard, if you are not familiar with deleting malware manually.

Spyware Doctor for Internet Security Guard removal

Tags: Internet Security Guard Internet SecurityGuard InternetSecurity Guard InternetSecurityGuard

Spyware descriptions, detection and removal

Internet Security Guard

Internet Security Guard description

Manual Internet Security Guard Removal

Leave a Reply