English 
WinPC Antivirus WinPC Antivirus
By
Domesticus in Rogue Anti-Spyware Program |
168 views
(No Ratings Yet)
Loading ...
WinPC Antivirus Description
Through the use of dangerous malware that displays fake security alerts and pop-ups on your computer, WinPC Antivirus is a rogue anti-spyware application from the same family as WinPC Defender. The fraudulent alerts sent to you via this malware states that your computer is infected and suggests downloading and installing WinPC Antivirus in order to clean and protect your system.
Once downloaded and installed, WinPC Antivirus will be configured to start automatically, scanning your computer and displaying a variety of infections on your PC. These infected files are nothing more than a hoax used to intimidate you into purchasing the “full version” of WinPC Antivirus, which will do absolutely nothing for your computer.
Type: Rogue AntiSpyware Programs
Automatic Detection of WinPC Antivirus
WinPC Antivirus Technical Report
As new WinPC Antivirus details are reported by our customers and findings from our Threat Research Center, we will update this section.
The following WinPC Antivirus files with its MD5s were created in the system:
| File Name | File Size | MD5 |
|---|
| winav[1].exe | 1131520 | 54d321fec676406b6eebf9b1dc492a43 |
| winav.exe | 1097216 | a6b023922e3f37ab8a71401d1f127930 |
| winav.exe | 1096704 | a4d85200db4acc798c0cf95c8c9443fd |
| winav.exe | 1097728 | 42cbad77e301bcd4c92fb6502a31e0f6 |
| winav.exe | 1094656 | a282b157cef2e1fe246040c6fd649b12 |
| winav.exe | 1095168 | d4d93f65f663188131c27503c54cdc69 |
| winav.exe | 1097216 | 8bfeb17f61963a037fa2e76c8e67c66f |
| winav.exe | 1098240 | 5c2c067e473f719027be752824c10de2 |
| winav.exe | 1095680 | 0c38e710d4f70e178cbbd25d23a6ed13 |
| winav.exe | 1098240 | 7b55c1e971be362c86494213a0e1c20c |
| winav.exe | 1098240 | f6c2beff572cb3fd60ec1ed389c8d913 |
| winav.exe | 1096704 | a8186335a5a5d2be26d5a04131eeb1ed |
| winav.exe | 1096704 | 0200a94c15ab49d1b93fdfa540efc69e |
| winav.exe | 1097728 | 3e13a7a84532c0032240f3569a078c58 |
| winav.exe | 1097728 | d3102af8d2e45b33a9262ce7b70283e8 |
| winav.exe | 1097728 | a3b53a7b568fa280a3400d9c90641a88 |
| winav.exe | 1097728 | fcdf5b01dbcf8ac27309ab8ebf01770d |
| winav.exe | 4257280 | 70eea1318bde3582843c362d7e3ae45f |
| winav.exe | 1097728 | 0379553302359bbbdf6965b7d748d272 |
WinPC Antivirus has typically the following processes in memory:
- %USERPROFILE%\Application Data\winav.exe
- %UserProfile%\Application Data\winav.exe
WinPC Antivirus creates the following registry entries:
- HKEY_CURRENT_USER\Control Panel\don’t load “scui.cpl”
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center “AntiVirusDisableNotify” => 1
- HKEY_CURRENT_USER\Control Panel\don’t load “wscui.cpl”
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center “UpdatesDisableNotify” => 1
- WinPC Antivirus
- HKEY_CURRENT_USER\Software\WinPC Antivirus
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “sysav”
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center “FirewallDisableNotify” => 1
Important Article Disclaimer
