Trojan Detected! Popup
"Trojan Detected!" Popup is a fake security alert by the rogue anti-spyware WinPC Antivirus. The "Trojan Detected!" Popup notification claims that the user's computer is infected with a Trojan virus and promotes the WinPC Antivirus application to remove the false infection. The "Trojan Detected!" Popup text reads:
Trojan Detected!
A piece of malicious code was found in your system. It may replicate itself if no action is taken. Click here to have your system cleaned by WinPC Antivirus."
The user will automatically install the rogue anti-spyware WinPC Antivirus application if they click on the "Trojan Detected!" Popup alert. The users PC will then be inundated with additional fake alerts and pop-ups.
File System Details
Trojan Detected! Popup may create the following file(s):
| # | File Name |
Detections
Detections: The number of confirmed and suspected cases of a particular threat detected on
infected computers as reported by SpyHunter.
|
|---|---|---|
| 1. | %ProgramFiles%\WinPC Antivirus\FwHookDrv.sys | |
| 2. | %UserProfile%\Local Settings\Temp\delwdef2008.bat | |
| 3. | %UserProfile%\Local Settings\Temp\[Random Name].tmp | |
| 4. | %ProgramFiles%\WinPC Antivirus\HOSTS.hst | |
| 5. | %ProgramFiles%\WinPC Antivirus\reserve.dat | |
| 6. | %ProgramFiles%\WinPC Antivirus\siren.wav | |
| 7. | %ProgramFiles%\WinPC Antivirus\temp | |
| 8. | %UserProfile%\Start Menu\WinPC Antivirus.LNK | |
| 9. | %ProgramFiles%\WinPC Antivirus\options.xml | |
| 10. | %ProgramFiles%\WinPC Antivirus\Rules.txt | |
| 11. | %ProgramFiles%\WinPC Antivirus\svo.scf | |
| 12. | %ProgramFiles%\WinPC Antivirus\Web.url | |
| 13. | %UserProfile%\Desktop\Launch WinPC Antivirus.lnk | |
| 14. | %ProgramFiles%\WinPC Antivirus\data.dat | |
| 15. | %ProgramFiles%\WinPC Antivirus\Manual.url | |
| 16. | %ProgramFiles%\WinPC Antivirus\rules | |
| 17. | %ProgramFiles%\WinPC Antivirus\Support.url | |
| 18. | %ProgramFiles%\WinPC Antivirus\vfile |
Registry Details
Trojan Detected! Popup may create the following registry entry or registry entries:
HKEY_CURRENT_USER\Software\WinPC Antivirus
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "sysav"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center "UpdatesDisableNotify" => 1
HKEY_LOCAL_MACHINE\SOFTWARE\WinPCAntivirus.com
HKEY_CURRENT_USER\Control Panel\don't load "wscui.cpl"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center "FirewallDisableNotify" => 1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WinPCAntivirus
HKEY_CURRENT_USER\Control Panel\don't load "scui.cpl"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center "AntiVirusDisableNotify" => 1
