Select Page

The third generation of WiniGuard gets a new clone every 48 hours

A new rogue security product called IGuardPC, that we added to detections today, is the 50th clone of the WiniGuard family of rogue security products. That makes WiniGuard the largest rogue family ever detected by Sunbelt researchers.

The WiniGuard family began in September of 2008. Operators behind it have added variants that our researcher Patrick has sorted into three generations. The latest generation gets a new clone about every 48 hours to stay ahead of public awareness and anti-malware detections. Most of them are being caught by existing VIPRE detections.

First Generation

The first generation of WiniGuard used the site It was created Sept. 17, 2008, by the same group who probably began circulating rogues using, which has the same IP address. WiniGuard installed five files.


Second Generation

SaveKeep, first found August 17, marked the beginning of the second generation. This was distinguished by the use of two files instead of five.


Third Generation

On Oct 17 the TREAntivirus rogue opened the third generation with a new GUI interface.

TRE AntiVirus

Today’s IGuardPC makes a total of 50 clones — the largest family we’ve ever found:


WiniGuard rogues by generations

First Generation
10/13/2008 WiniGuard
1/29/2009 WiniBlueSoft
2/20/2009 WinBlueSoft
5/17/2009 WiniFighter
8/12/2009 WiniShield

Second Generation
8/17/2009 SaveKeep
8/24/2009 Savesoldier
8/26/2009 TrustNinja
8/27/2009 SaveDefense
8/28/2009 SafetyCenter
8/29/2009 BlockDefense
9/3/2009 SystemCop
9/11/2009 SafetyKeeper
9/17/2009 SoftSafeness
9/18/2009 TrustWarrior
9/19/2009 SaveDefender
9/22/2009 SaveArmor
9/25/2009 SecurityFighter
9/26/2009 SecuritySoldier
9/28/2009 SecureVeteran
10/2/2009 SecureWarrior
10/5/2009 TrustCop
10/8/2009 SafeFighter
10/9/2009 TrustSoldier
10/13/2009 TrustFighter
10/19/2009 SoftCop
10/21/2009 SoftVeteran
10/23/2009 SoftStrongHold
10/27/2009 ShieldSafeness
10/28/2009 SoftBarrier
10/30/2009 BlockWatcher
11/1/2009 BlockScanner
11/2/2009 BlockKeeper
11/4/2009 BlockProtector
11/7/2009 SystemVeteran
11/9/2009 SystemFighter
11/11/2009 SystemWarrior

Third Generation
10/17/2009 TREAntivirus
11/11/2009 AnitAid
11/17/2009 LinkSafeness
11/17/2009 SiteVillain
11/18/2009 SecureKeeper
11/24/2009 KeepCop
11/26/2009 ReAntivirus
11/27/2009 RESpyWare
11/30/2009 AntiAdd
12/3/2009 AntiKeep
12/7/2009 AntiTroy
12/9/2009 SiteAdware
12/11/2009 IGuardPC

Research by Patrick Jordan

Tom Kelchner