Rogue software details: Coreguard Antivirus 2009

Coreguard Antivirus 2009 is a rogue security application. In order to remove it, find out what files and registry entries to look for below.

Known system changes:

Files
c:\Desktop\Coreguard 2009.lnk
c:\Desktop\Coreguard Antivirus.lnk

Folders
c:\ProgramFiles\Coreguard Antivirus 2009
c:\CommonPrograms\Coreguard Antivirus 2009

Registry entries
Key: HKEY_CURRENT_USER\Software\CoreGuard
Key: HKEY_CLASSES_ROOT\CLSID\
{5E2121EE-0300-11D4-8D3B-444553540000}
Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\
CurrentVersion\Uninstall\Coreguard Antivirus 2009
Key: HKEY_CURRENT_USER\Software\Microsoft\Windows\
CurrentVersion\Run
Value: Coreguard Antivirus 2009
Data: C:\Program Files\Coreguard Antivirus 2009\
Coreguard 2009.exe
Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\
CurrentVersion\Shell Extensions\Approved
Value: {5E2121EE-0300-11D4-8D3B-444553540000}
Data: CoreGuard Antivirus 2009 extension

Source: Lavasoft Malware Lab’s Rogue Gallery.




Share this