Firewall Warning Popup Description

“Firewall Warning” Pop up is a fake security warning alert created by the rogue anti-spyware application WinPC Antivirus. The “Firewall Warning” Pop-up text reads:

“FIREWALL WARNING. Hidden file transfer to remote host was detected. WinPCAntivirus has detected that somebdoy is trying to transfer your private data via Internet. We strongly recommend you to block the attack immediately. Details of the attack: remote host transfer IP 97.216.34.74; remote user computer name ‘FORENSICS’”

It is important that the user ignore the fake warning. If the user clicks on the warning notification, the WinPCAntivirus application will automatically download and the users screen will be flooded with annoying pop-ups. The purpose of the fake notifications and pop-ups are to trick the user into purchasing the full paid version of the rogue application WinPC Antivirus. Remove the infection without hesitation.

Type: Fake Warning Messages

How Can You Detect Firewall Warning Popup?

Firewall Warning Popup has typically the following processes in memory:

• %CurrentFolder%\splug.dll

Firewall Warning Popup creates the following registry entries:

• HKEY_CLASSES_ROOT\CLSID\{F0993251-2512-4710-AF6E-0A13EA199D02}
• HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{F0993251-2512-4710-AF6E-0A13EA199D02}
• HKEY_CURRENT_USER\Software\Protection Tools\”65005″ = “1″
• HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F0993251-2512-4710-AF6E-0A13EA199D02}
• HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run\”rare” = “%CurrentFolder%\smmain.exe”
• HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{F0993251-2512-4710-AF6E-0A13EA199D02}

Important Article Disclaimer