When infected with PSGuard , this is what your desktop might look like.

You may also see popups in the notification area (by the clock) that

your computer is infected. A message box may appear asking if you’d

like to scan. You may have gotten infected when clicking a link on a

web page, or just by visiting a page, a stealth infection. The following

pictures show what may happen if you click the link shown or click Yes

to the ‘Warning…..Infected…..Scan’ popup.

I intentionally infected my system.




After clicking yes to scan my computer, a PSGuard.com page opened

and a supposed scanner began to scan my computer, a system harboring

many infected files I use for for testing, and a system who’s wininet.dll had

just been infected by either oleadm32.dll or oleext32.dll when the PSGuard infection was installed on the system.





Upon clicking Intelligent Cleanup to remove the only

two things it found, one of which was a registry entry

placed on my system when PSGuard was installed,




I was redirected to a page where I could purchase PSGuard

for the limited time offer of $9.95, a twenty dollar savings!





I passed on the registration and went back to the scanner.

There was a registration notice and another box to enter a

Username and password. I entered the information.



My username and password was regected. Of course it was!

I hadn’t paid for it to remove the two registry entries!




Hmmm, I wonder if it would find and clean the wininet.dll

it so kindly infected for me if I paid? ROFLMAO!!