"Spyware Activity Alert" Popup

By GoldSparrow in Fake Error Messages

"Spyware Activity Alert" popup is a fake warning message created by the rogue anti-spyware application known as AntivirusBEST, in an effort to intimidate users into purchasing the fake spyware remover. The "Spyware Activity Alert" popup reads as follows:

"Spyware activity alert! Spyware.IMonster activity detected! It is spyware that attempts to steal passwords from Internet Explorer, Mozilla Firefox, Outlook and other programs, including logins and passwords from online banking sessions, eBay, PayPal."

The "Spyware Activity Alert" popup is nothing more than a fake security notification used to deceive the user into believing their computer is infected, and prompting them to purchase and install the rogue anti-spyware program AntivirusBEST.

File System Details

"Spyware Activity Alert" Popup may create the following file(s):

Expand All | Collapse All

#	File Name	Detections Detections: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
1.	C:\Documents and Settings\\Application Data\AB\Installer.exe
Name: C:\Documents and Settings\<username>\Application Data\AB\Installer.exe Type: Executable File
2.	abest.exe
Name: abest.exe Type: Executable File
3.	C:\Documents and Settings\\Application Data\AB\svchost.exe
Name: C:\Documents and Settings\<username>\Application Data\AB\svchost.exe Type: Executable File
4.	qwprotect.dll
Name: qwprotect.dll Type: Dynamic link library
5.	svchost.exe
Name: svchost.exe Type: Executable File
6.	C:\Documents and Settings\\Application Data\AB\abest.exe
Name: C:\Documents and Settings\<username>\Application Data\AB\abest.exe Type: Executable File
7.	C:\Documents and Settings\\Application Data\AB\QWProtect.dll
Name: C:\Documents and Settings\<username>\Application Data\AB\QWProtect.dll Type: Dynamic link library
8.	installer.exe
Name: installer.exe Type: Executable File
9.	C:\Documents and Settings\\Desktop\AntivirusBEST.lnk
Name: C:\Documents and Settings\<username>\Desktop\AntivirusBEST.lnk Type: Shortcut
10.	qwprotect.dllx
Name: qwprotect.dllx
11.	C:\Documents and Settings\\start menu\Programs\antivirusbest\Uninstall.lnk
Name: C:\Documents and Settings\<username>\start menu\Programs\antivirusbest\Uninstall.lnk Type: Shortcut
12.	C:\Documents and Settings\\Start Menu\Programs\AntiVirusBEST
Name: C:\Documents and Settings\<username>\Start Menu\Programs\AntiVirusBEST
13.	C:\Documents and Settings\\start menu\Programs\antivirusbest\AntivirusBEST.lnk
Name: C:\Documents and Settings\<username>\start menu\Programs\antivirusbest\AntivirusBEST.lnk Type: Shortcut
14.	C:\Documents and Settings\\Application Data\AB\ABEST.CAB
Name: C:\Documents and Settings\<username>\Application Data\AB\ABEST.CAB

Registry Details

"Spyware Activity Alert" Popup may create the following registry entry or registry entries:

HKEY..\..\..\..{RegistryKeys}

HKEY_CLASSES_ROOT\qwprotect.qwprotectbho

HKEY_CLASSES_ROOT\CLSID\{44b2c9f5-608d-46de-82e1-26c5bcb85193}

HKEY_CLASSES_ROOT\AppID\QWProtect.dll

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{44b2c9f5-608d-46de-82e1-26c5bcb85193}

HKEY_CLASSES_ROOT\Interface\{296a8a7f-b5ac-4789-9b33-f32c2f9a6abd}

HKEY_CLASSES_ROOT\AppID\{296a8a7f-b5ac-4789-9b33-f32c2f9a6abd}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{44b2c9f5-608d-46de-82e1-26c5bcb85193}

HKEY_CLASSES_ROOT\TypeLib\{684a7904-2593-4bbe-a90e-cdaf2ac606ae}

HKEY_CLASSES_ROOT\qwprotect.qwprotectbho.1

Enigma Software Group Prevails Over Malwarebytes at the Ninth Circuit

Search

Change Region

"Spyware Activity Alert" Popup

File System Details

Registry Details

Submit Comment

Trending

Rzfu Ransomware

Safe Search Eng

Findtheirreport.com

Most Viewed

Is Lookmovie.io Safe?

How To Fix 'Printer Driver is Unavailable' Error

Discord Shows Black Screen when Sharing Screen