Spyware Activity Alert Popup Description

“Spyware Activity Alert” popup is a fake warning message created by the rogue anti-spyware application known as AntivirusBEST, in an effort to intimidate users into purchasing the fake spyware remover. The “Spyware Activity Alert” popup reads as follows:

“Spyware activity alert! Spyware.IMonster activity detected! It is spyware that attempts to steal passwords from Internet Explorer, Mozilla Firefox, Outlook and other programs, including logins and passwords from online banking sessions, eBay, PayPal.”

The “Spyware Activity Alert” popup is nothing more than a fake security notification used to deceive the user into believing their computer is infected, and prompting them to purchase and install the rogue anti-spyware program AntivirusBEST.

Type: Fake Warning Messages

Automatic Detection of Spyware Activity Alert Popup

Spyware Activity Alert Popup has typically the following processes in memory:

• c:\Documents and Settings\All Users\Application Data\AB\Installer.exe
• abest.exe
• c:\documents and settings\All Users\Application Data\AB\svchost.exe
• qwprotect.dll
• svchost.exe
• c:\Documents and Settings\All Users\Application Data\AB\abest.exe
• c:\Documents and Settings\All Users\Application Data\AB\QWProtect.dll
• installer.exe

Spyware Activity Alert Popup creates the following registry entries:

• HKEY_CLASSES_ROOT\qwprotect.qwprotectbho
• HKEY_CLASSES_ROOT\CLSID\{44b2c9f5-608d-46de-82e1-26c5bcb85193}
• HKEY_CLASSES_ROOT\AppID\QWProtect.dll
• HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{44b2c9f5-608d-46de-82e1-26c5bcb85193}
• HKEY_CLASSES_ROOT\Interface\{296a8a7f-b5ac-4789-9b33-f32c2f9a6abd}
• HKEY_CLASSES_ROOT\AppID\{296a8a7f-b5ac-4789-9b33-f32c2f9a6abd}
• HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{44b2c9f5-608d-46de-82e1-26c5bcb85193}
• HKEY_CLASSES_ROOT\TypeLib\{684a7904-2593-4bbe-a90e-cdaf2ac606ae}
• HKEY_CLASSES_ROOT\qwprotect.qwprotectbho.1

Important Article Disclaimer