I have to admit, I’m getting very tired of writing about the latest rogue software threat circulating on the Internet. Frankly, I find it extremely depressing.
There seems to be no end to this stuff, and keeping up with it is becoming increasingly more difficult when you consider, there are already more than 370 rogue applications circulating on the Internet.
Crafty cyber-crooks are at it again with the release of CoreGuard 2009 Antivirus, yet another rogue security application seeking out unaware users in order to infect their computers, and to steal their money.
In this case, the crooks want the victims to purchase CoreGuard 2009 for $76.50 to clean the infected machine – which of course it won’t.
Like all rogue security applications, Core Guard 2009 is a master at using Trojans, and fake advertising, to convince unaware Internet users to install this parasitic application.
With a little luck, some hard work on your part and using the recommended removal tools, you can hopefully stomp on Core Guard 2009.
Fortunately, from what I can determine, Core Guard 2009 must be downloaded voluntarily, from rogue security software websites, or from “adult” websites. This method does not limited the scope of this parasite, in my view, since many typical users are well trained in clicking on virtually everything they see on the Internet. Delivery methods used by this parasite include dropping a Trojan, which may go on to download other harmful software.
Once installed, this parasite can impact a computer in a number of ways including changing Internet browser settings, connecting to the internet, delivering adware, disguising itself to remain hidden from the user, and running as a background process.
The objective of CoreGuard 2009, which is the objective of all Rogue Security Software, is to convince the victim to pay for the “full” version of the application, as described above, in order to remove what are, in fact, false positives that this program is designed to display on the infected computer in various ways, including fake scan results, pop-ups and system tray notifications.
Generally, reputable anti-spyware software is capable of detecting rogue software if it attempts to install, or on a malware scan. But this is not always the case. Anti-malware programs that rely on a definition database can be behind the curve in recognizing the newest threats.
A good partial solution to this problem is to ensure you have installed, and are running, an anti-malware application such as ThreatFire, free from PC Tools. This type of program operates using heuristics, or behavioral analysis to identify newer threats.
Rogue Security Software unfortunately, is usually very sophisticated and can write itself into multiple parts of the operating system, and in many cases, it can hide its files, registry entries, running process and services, making the infection difficult to find, and extremely difficult to remove.
You can find the very substantial list of files and folders created by this application at Quick Heal.
If you are a victim of CoreGuard 2009, or other Rogue Security Software, the following removal solutions will be very useful.
Affected Systems: Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003, Windows XP
Removal Solutions:
411 Spyware – How to Remove CoreGuard Antivirus 2009. This site contains tools and instructions for removing most rogue software. If you have an interest in Internet related security issues, I recommend that you bookmark this site.
Bleeping Computer – Remove CoreGuard Antivirus 2009 (Removal Instructions). Bleeping Computer is a web site where help is available for many computer related problems, including the removal of rogue software.
SmitFraudFix, available for download at Geekstogo is a free tool that is continuously updated to assist victims of rogue security applications including the removal of CoreGuard2009.
MalwareBytes, a very reliable anti-malware company, offers the free version of MalwareBytes’ Anti-Malware, a highly rated anti-malware application which is capable of removing many newer rogue applications. I recommend that you download and install this free application in any event and use it as a secondary malware scanner due to its strong overall performance.
Please note: A high degree of computer operating system knowledge is a prerequisite to the successful removal of Rogue Security Software. If you lack this experience, it would be preferable that you enlist the aid of a computer savvy friend, or a professional.
Despite using any, or all, of the recommended tools, you may find that Rogue software is still resident on your system. This is possible due to the number of variations involved with this type of malware. In such a case, reformatting of the Hard Drive and a clean installation of the operating system may be the only alternative.
What can you do to ensure you are protected, or to reduce the chances you will become a victim?
The following are actions (familiar to regular readers of this site), that you can take to protect your computer system:
When surfing the web – Stop. Think. Click
Don’t open unknown email attachments
Don’t run programs of unknown origin
Disable hidden filename extensions
Keep all applications (including your operating system) patched
Turn off your computer or disconnect from the network when not in use
Disable Java, JavaScript, and ActiveX if possible
Disable scripting features in email programs
Make regular backups of critical data
Make a boot disk in case your computer is damaged or compromised
Turn off file and printer sharing on your computer.
Install a personal firewall on your computer.
Install anti-virus and anti-spyware software and ensure it is configured to automatically update when you are connected to the Internet
Ensure the anti-virus software scans all email attachments
Be proactive when it comes to your computer’s security; make sure you have adequate software based protection to reduce the chances that your machine will become infected.
I recommend that you ensure that the current anti- malware applications, which you depend on to protect your system, are up to the task by reading “The 35 Best Free Applications” on this site.
If you missed “Rogue Security Software on the Rise – What You Need to Know Now!” you can read it on this site.
Bill Mullins' Weblog - Tech Thoughts 
Pingback: » CoreGuard 2009 Antivirus – Help and Removal Instructions « Bill … » Free Software
keep your chin up Bill we are reading and savor your tips and advice.
Thanks Threio,
How’s that Phillies web site coming along?
Bill
I have to hand it to these guys, they’re getting pretty good at their graphics, its easy to see how some people fall for this. The tough part is that they continuously update their package to change with the anti-malware guys definitions, and once their in they invite their friends in for the party. Get rid of one thing and something else pops up.
Have a good one.
Mark
Hey Mark,
You’re so right. Frankly, if I got this type of infection I would reformat and reinstall. There is no sure way to tell if the infection has been eradicated otherwise. Definitely shows the need for a back-up plan.
Thanks for this.
Bill