The Emsi Software malware research team has discoverd a new outbreak of the Virus Protector adware. a-squared Anti-Malware detects this malware as Adware.Win32.VirusProtector.

VirusProtector is a rogue security program. Virus Protector create numerous harmless files with random names on your computer that will be detected as malware when the program scans your computer, but will not allow you to remove them until you purchase it.

Create new files:

• %SystemRoot%\%random%.exe
• %SystemRoot%\%random%.dll
• %SystemRoot%\system32\%random%.exe
• %SystemRoot%\system32\%random%.dll
• %SystemRoot%\system32\drivers\%random%.exe
• %SystemRoot%\system32\drivers\%random%.dll

Create/modify registry entries:

• HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Windows\LoadAppInit_DLLs, 0×00000001 (1)
• HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Windows\AppInit_DLLs, %random%.dll
• HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\Shell, %random%.exe

Screenshots:

How to remove the infection of Virus Protector (Adware.Win32.VirusProtector)?

To delete this malware infection, please download and install a-squared Anti-Malware. Run a full scan on all drives and move all detected items to the quarantine.

The Emsi Software malware research team has discoverd a new outbreak of the Dr. Guard adware. a-squared Anti-Malware detects this malware as Adware.Win32.DrGuard.

Dr. Guard is a rogue security program. This rogue application tries to trick you by displaying false positive/misleading scan results report, which says that your computer is infected with viruses or trojan, but you will not be able to delete them before you purchase.

Create new files:

• %ProgramFiles%\Dr. Guard\activate.ico
• %ProgramFiles%\Dr. Guard\buy.ico
• %ProgramFiles%\Dr. Guard\drg.db
• %ProgramFiles%\Dr. Guard\drgext.dll
• %ProgramFiles%\Dr. Guard\drghook.dll
• %ProgramFiles%\Dr. Guard\drguard.exe
• %ProgramFiles%\Dr. Guard\help.ico
• %ProgramFiles%\Dr. Guard\scan.ico
• %ProgramFiles%\Dr. Guard\settings.ico
• %ProgramFiles%\Dr. Guard\splash.mp3
• %ProgramFiles%\Dr. Guard\uninstall.exe
• %ProgramFiles%\Dr. Guard\update.ico
• %ProgramFiles%\Dr. Guard\virus.mp3
• %ProgramFiles%\Dr. Guard\about.ico
• %AllUsersProfile%\Desktop\License.txt
• %UserProfile%\Desktop\Dr. Guard.lnk
• %UserProfile%\Desktop\Dr. Guard Support.lnk
• %UserProfile%\Start Menu\Programs\Dr. Guard\Activate.lnk
• %UserProfile%\Start Menu\Programs\Dr. Guard\Buy.lnk
• %UserProfile%\Start Menu\Programs\Dr. Guard\Dr. Guard.lnk
• %UserProfile%\Start Menu\Programs\Dr. Guard\Dr. Guard Support.lnk
• %UserProfile%\Start Menu\Programs\Dr. Guard\Scan.lnk
• %UserProfile%\Start Menu\Programs\Dr. Guard\Settings.lnk
• %UserProfile%\Start Menu\Programs\Dr. Guard\Update.lnk
• %UserProfile%\Start Menu\Programs\Dr. Guard\About.lnk

Create new registry entries:

• HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5E2121EE-0300-11D4-8D3B-444553540000}
• HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5E2121EE-0300-11D4-8D3B-444553540000}\InprocServer32
• HKEY_LOCAL_MACHINE\software\Dr. Guard
• HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Uninstall\Dr. Guard
• HKEY_CURRENT_USER\software\Microsoft\Windows\CurrentVersion\Run, “Dr. Guard”

Screenshots:

How to remove the infection of Dr. Guard (Adware.Win32.DrGuard)?

To delete this malware infection, please download and install a-squared Anti-Malware. Run a full scan on all drives and move all detected items to the quarantine.