The details for the ErrorGuard downloader are:
Typical Name: setuperrorguard.exe
File Size: 157,745
The details for the ErrorGuard executable are:
Description: Error Guard
Copyright: Copyright 2005. (c) - Error-Guard Inc.
File Version: 126.96.36.199
Product Version: 2.05
Description of malware:
The ErrorGuard program appears to run under the guise of legitimacy. The program is represented to be a Windows
Security scanner. This program however can be downloaded without detection. It will then perform a scan of the
registry, and pop up a window stating that a certain amount of "Severe System Threats" were detected. It will
then prompt the user to pay for the program to correct the perceived threats. Below this a seemingly random
list of (typically) legitimate registry entries are listed. Upon registering the program and clicking the
"Repair" button the program will removed the register entries. Under many circumstances many programs, or perhaps
even the PC itself will be rendered inoperable.
A screenshot of the program in action can be seen below:
Upon executing the downloader the program performs a DNS lookup on www.errorguard.com.
An HTTP connection is then made to www.errorguard.com. The program then downloads several archives necessary for its installation.
It then extracts the retrieved archives to the undefinedwindows tempundefined directory.
A directory is created:
Four files are dropped in the newly created directory:
undefinedprogramsundefined\Error Guard\Error Guard.url
The following are registry keys added:
The ErrorGuard Start Menu group is also added.
Insure that the latest AV signature file is present on your Fortigate or within your FortiClient. Should installation of ErrorGuard occur, be sure to uninstall it via the Add/Remove Programs applet within the Windows Control Panel.