WinPC Antivirus Removal Report

WinPC Antivirus

No Comments

By Domesticus in Rogue Anti-Spyware Program | 188 views

Rate it:

(No Ratings Yet)

Loading ...

WinPC Antivirus Description

Through the use of dangerous malware that displays fake security alerts and pop-ups on your computer, WinPC Antivirus is a rogue anti-spyware application from the same family as WinPC Defender. The fraudulent alerts sent to you via this malware states that your computer is infected and suggests downloading and installing WinPC Antivirus in order to clean and protect your system.

Once downloaded and installed, WinPC Antivirus will be configured to start automatically, scanning your computer and displaying a variety of infections on your PC. These infected files are nothing more than a hoax used to intimidate you into purchasing the “full version” of WinPC Antivirus, which will do absolutely nothing for your computer.

Type: Rogue AntiSpyware Programs

How Can You Detect WinPC Antivirus?

Download SpyHunter’s Detection Scanner
to Detect WinPC Antivirus.

WinPC Antivirus Technical Report

As new WinPC Antivirus details are reported by our customers and findings from our Threat Research Center, we will update this section.

The following WinPC Antivirus files with its MD5s were created in the system:

File Name	File Size	MD5

winav[1].exe	1131520	54d321fec676406b6eebf9b1dc492a43
winav.exe	1097216	a6b023922e3f37ab8a71401d1f127930
winav.exe	1096704	a4d85200db4acc798c0cf95c8c9443fd
winav.exe	1097728	42cbad77e301bcd4c92fb6502a31e0f6
winav.exe	1094656	a282b157cef2e1fe246040c6fd649b12
winav.exe	1095168	d4d93f65f663188131c27503c54cdc69
winav.exe	1097216	8bfeb17f61963a037fa2e76c8e67c66f
winav.exe	1098240	5c2c067e473f719027be752824c10de2
winav.exe	1095680	0c38e710d4f70e178cbbd25d23a6ed13
winav.exe	1098240	7b55c1e971be362c86494213a0e1c20c
winav.exe	1098240	f6c2beff572cb3fd60ec1ed389c8d913
winav.exe	1096704	a8186335a5a5d2be26d5a04131eeb1ed
winav.exe	1096704	0200a94c15ab49d1b93fdfa540efc69e
winav.exe	1097728	3e13a7a84532c0032240f3569a078c58
winav.exe	1097728	d3102af8d2e45b33a9262ce7b70283e8
winav.exe	1097728	a3b53a7b568fa280a3400d9c90641a88
winav.exe	1097728	fcdf5b01dbcf8ac27309ab8ebf01770d
winav.exe	4257280	70eea1318bde3582843c362d7e3ae45f
winav.exe	1097728	0379553302359bbbdf6965b7d748d272

WinPC Antivirus has typically the following processes in memory:

%USERPROFILE%\Application Data\winav.exe
%UserProfile%\Application Data\winav.exe

WinPC Antivirus creates the following registry entries:

HKEY_CURRENT_USER\Control Panel\don’t load “scui.cpl”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center “AntiVirusDisableNotify” => 1
HKEY_CURRENT_USER\Control Panel\don’t load “wscui.cpl”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center “UpdatesDisableNotify” => 1
WinPC Antivirus
HKEY_CURRENT_USER\Software\WinPC Antivirus
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “sysav”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center “FirewallDisableNotify” => 1

Important Article Disclaimer

Share and Enjoy: These icons link to social bookmarking sites where readers can share and discover new web pages.

This entry was posted on 06/30/09 and is filed under Rogue Anti-Spyware Program. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

Note: Abusive comments are not allowed. Please do not post comments regarding technical support issues. ESG customers that have issues with SpyHunter should open a customer support ticket.