Index Introduction Database Detailed Entries Updates Concise List HJT Forums Rogues Message Board

Rogues - WiniGuard family

Currently, there are 39 variants (that I know) of the rogue security software known as WiniGuard. The applications can be manually downloaded and installed, or if your system is vulnerable (without current, adequate protection), they may be installed by a downloader - without the user's consent. They may seem to be a viable alternative to tools available from respected names in this field such as Kaspersky, Symantec, Trend Micro, McAfee, CA, F-Secure, et al but read on.

The twist here is that when they are installed they create numerous fake program files that are detected by the program as malware - use these fake threats to goad the user into buying a full license for the application to remove these threats - that don't really exist. The fake programs installed are actually harmless and pose no threat to your computer and are just used to validate the fake scan.

Please note that throughout this page I only refer to the HijackThis (or HJT) startup entries and not all associated files - to keep in with the theme of the rest of the site.

WiniGuard

The following image (© Symantec) shows the report screen for WiniGuard (click on the image for a larger version - applies throughout):

WiniGuard

HijackThis (or HJT) log startup entry identified:

External links:

Any removal guide referred to below uses MalwareBytes Anti-Malware, which incorporates the functionality from their popular (but now discontinued) RogueRemover products:

MalwareBytes Anti-Malware

Variants

Before dealing with the individual variants, here are some screenshots from some of them (© BleepingComputer) showing the common user interface:

BlockDefense QuickHealCleaner SaveKeeper SystemCop TrustWarrior WiniBlueSoft

Index

BlockDefense SaveDefense SoftBarrier SystemWarrior
BlockScanner SaveKeep SoftCop TrustCop
BlockKeeper SaveKeeper SoftSafeness TrustFighter
BlockProtector SaveSoldier SoftSoldier TrustNinja
BlockWatcher SecureFighter SoftStronghold TrustSoldier
QuickHealCleaner SecureVeteran SoftVeteran TrustWarrior
SafeFighter SecureWarrior SystemCop WiniBlueSoft
SafetyKeeper SecurityFighter SystemFighter WiniFighter
SaveArmor SecuritySoldier SystemIron WiniShield
SaveDefender ShieldSafeness SystemVeteran  

BlockDefense

Main HJT log entry:

Other identified HJT log entries:

External links:

BlockScanner

Main HJT log entry:

External links:

BlockKeeper

Main HJT log entry:

Other identified HJT log entries:

External links:

BlockProtector

Main HJT log entry:

Other identified HJT log entries:

External links:

BlockWatcher

Main HJT log entry:

Other identified HJT log entries:

External links:

QuickHealCleaner

Main HJT log entry:

External links:

SafeFighter

Main HJT log entry:

Other identified HJT log entries:

External links:

SafetyKeeper

Main HJT log entry:

Other identified HJT log entries:

External links:

SaveArmor

Main HJT log entry:

Other identified HJT log entries:

External links:

SaveDefender

Main HJT log entry:

Other identified HJT log entries:

External links:

SaveDefense

Main HJT log entry:

External links:

SaveKeep

Main HJT log entry:

Other identified HJT log entries:

External links:

SaveKeeper

Main HJT log entry:

Other identified HJT log entries:

External links:

SaveSoldier

Main HJT log entry:

External links:

SecureFighter

Main HJT log entry:

Other identified HJT log entries:

External links:

SecureVeteran

Main HJT log entry:

Other identified HJT log entries:

External links:

SecureWarrior

Main HJT log entry:

Other identified HJT log entries:

External links:

SecurityFighter

Main HJT log entry:

Other identified HJT log entries:

External links:

SecuritySoldier

Main HJT log entry:

Other identified HJT log entries:

External links:

ShieldSafeness

Main HJT log entry:

Other identified HJT log entries:

External links:

SoftBarrier

Main HJT log entry:

External links:

SoftCop

Main HJT log entry:

Other identified HJT log entries:

External links:

SoftSafeness

Main HJT log entry:

Other identified HJT log entries:

External links:

SoftSoldier

Main HJT log entry:

Other identified HJT log entries:

External links:

SoftStronghold

Main HJT log entry:

Other identified HJT log entries:

External links:

SoftVeteran

Main HJT log entry:

Other identified HJT log entries:

External links:

SystemCop

Main HJT log entry:

External links:

SystemFighter

Main HJT log entry:

External links:

SystemIron

Main HJT log entry:

External links:

SystemVeteran

Main HJT log entry:

Other identified HJT log entries:

External links:

TrustCop

Main HJT log entry:

Other identified HJT log entries:

External links:

TrustFighter

Main HJT log entry:

Other identified HJT log entries:

External links:

TrustNinja

Main HJT log entry:

External links:

TrustSoldier

Main HJT log entry:

Other identified HJT log entries:

External links:

TrustWarrior

Main HJT log entry:

Other identified HJT log entries:

External links:

WiniBlueSoft

Main HJT log entry:

Other identified HJT log entries:

External links:

WiniFighter

Main HJT log entry:

External links:

WiniShield

Main HJT log entry:

External links:

Back to Rogues - Overview

Copyright © Pacman's Portal, 2001 - 2016
Powered by Malwarebytes
All rights reserved

Valid XHTML 1.0 Transitional

Privacy Policy Site Map Home