WinWebSec

WinWebSec Description

WinWebSec is a well-known group of rogue security applications. Like most rogue security programs, WinWebSec programs are designed to scam computer users by convincing them to purchase fake anti-virus applications. WinWebSec applications are disguised as anti-virus software but are actually designed to display fake error messages and to mislead the victim into thinking that their PCs are severely infected. ESG malware analysts strongly advise against paying for any anti-virus program in the WinWebSec family of malware. WinWebSec programs have no way of protecting your computer system from malware and actually wreak havoc on the victim's computer system.

Malware in the WinWebSec family has been around for a long time, since at least 2009. Typically, these fake applications are delivered by a Trojan infection and are often one component of a multi-component malware attack. Trojans associated with the WinWebSec family will often be distributed through spam email, malicious advertisements for online malware scanners, or attack websites designed to infect your computer system with malware with the help of exploits. Examples of fake anti-virus products in the WinWebSec family of malware include Security Sphere 2012, Security Shield, Smart Fortress 2012, Essential Cleaner, Antispyware Pro 2009 and Winweb Security.

Identifying and Dealing with a WinWebSec-Related Malware Infection


Fake security products in the WinWebSec family tend to include interfaces with a pink hue, layouts that are identical from one program to another, and phrases that are repeated from one WinWebSec clone to another (for example: Get full real-time protection with [NAME]). Malware programs in the WinWebSec family also share their attack pattern, displaying similar bogus error messages, pop-up notifications from the Taskbar and similar fake computer scans from one clone to another. Since all of these are created to frighten you into thinking that you need to purchase a 'full version' of the WinWebSec program, ESG malware analysts strongly recommend against taking action based on the rogue security application's claims. Instead, remove WinWebSec application with a strong anti-malware program immediately.

Malware infections in the WinWebSec family often have the capacity to render inoperative legitimate security tools in order to protect themselves. WinWebSec malware programs can also block access to certain files and cause browser redirects. Because of this, to remove a WinWebSec program, it is often necessary to start up the infected computer system from a removable memory device, from a shared drive or in Safe Mode (often by hitting the F8 key while Windows starts up).
Aliases: Trojan.FakeAV.mm [CAT-QuickHeal], Trojan.Win32.FakeAV [Ikarus], W32/FakeAlert.ML!tr [Fortinet], Trojan.Siggen1.25665 [DrWeb], Trojan.FakeAV.XN [VirusBuster], Trojan.Generic.KD.9916 [BitDefender], FakeAV.BJV [AVG], Trojan/Win32.FakeAV.gen [Antiy-AVL], TR/FakeAV.ML [AntiVir], Trojan.Win32.FakeAV!IK [a-squared], Trojan/Fakeav.kp [Jiangmin], Trojan.Win32.FakeAV.ml [Kaspersky], Generic FakeAlert!hk [McAfee], Trojan.Win32.FakeAV.44544.F [ViRobot] and PAK_Generic.001 [TrendMicro].

Infected with WinWebSec? Scan Your PC for Free

Download SpyHunter’s Spyware Scanner
to Detect WinWebSec

Security Doesn't Let You Download SpyHunter or Access the Internet?


Solutions: Your computer may have malware hiding in memory that prevents any program, including SpyHunter, from executing on your computer. Follow to download SpyHunter and gain access to the Internet:
  • Use an alternative browser. Malware may disable your browser. If you're using IE, for example, and having problems downloading SpyHunter, you should open Firefox, Chrome or Safari browser instead.
  • Use a removable media. Download SpyHunter on another clean computer, burn it to a USB flash drive, DVD/CD, or any preferred removable media, then install it on your infected computer and run SpyHunter's malware scanner.
  • Start Windows in Safe Mode. If you can not access your Window's desktop, reboot your computer in 'Safe Mode with Networking' and install SpyHunter in Safe Mode.
  • IE Users: Disable proxy server for Internet Explorer to browse the web with Internet Explorer or update your anti-spyware program. Malware modifies your Windows settings to use a proxy server to prevent you from browsing the web with IE.

If you still can't install SpyHunter? View other possible causes of installation issues.

Technical Information

Infection Statistics


Our MalwareTracker shows malware activity across the world. Explore real-time data of WinWebSec outbreaks and other threats from global to local level.

File System Details

WinWebSec creates the following file(s):
# File Name Size MD5 Detection Count
1 %ALLUSERSPROFILE%\Anwendungsdaten\08377530\08377530.exe 1,001,488 9ffa1916b694dd043dc8ec8c5606debd 92
2 %ALLUSERSPROFILE%\Dati applicazioni\05002310\05002310.exe 1,029,120 79d6b9ab23bb010bd06b5f3f8e292193 71
3 %LOCALAPPDATA%\101586.exe 1,188,352 862abc560711b33a1244e9d16e547740 54
4 %ALLUSERSPROFILE%\Anwendungsdaten\04545624\04545624.exe 1,057,280 767127360bab6a3ee6259525edbfc404 51
5 %ALLUSERSPROFILE%\Anwendungsdaten\13431618\13431618.exe 1,163,264 4d16083c233ea72aacefec71152a9a40 41
6 %ALLUSERSPROFILE%\Anwendungsdaten\50770726\50770726.exe 1,163,264 0bc8bea0eda3e2601c87a9ef684a2fc4 40
7 %ALLUSERSPROFILE%\Anwendungsdaten\31646020\31646020.exe 997,392 2db92315ee7f37438074ef9f5338a574 37
8 %ALLUSERSPROFILE%\Dati applicazioni\20933320\20933320.exe 834,560 7555efa4f743c988f59de9bc3967c3ff 35
9 %ALLUSERSPROFILE%\Dados de aplicativos\11170313\11170313.exe 1,176,064 1b00a182149c49f05c384f8f805de78d 4
10 %LOCALAPPDATA%\11704334.exe 949,248 04bb88889771ebde733af13654fe3488 4
11 %LOCALAPPDATA%\8704148678.exe 1,190,400 98a35d317e3547de26f95e1e0c2d8e25 3
12 %ALLUSERSPROFILE%\Anwendungsdaten\98726638\98726638.exe 1,007,616 9562378527087e0e0a4d1127d0d86306 3
13 %LOCALAPPDATA%\60841332.exe 1,199,104 ac771adac04e00ee190e167ffa08cbce 2
14 %USERPROFILE%\Local Settings\Application Data\675497059.exe 1,164,800 fc27d8db3dd1e0e0bdf1c60d77e7ad12 2
15 %LOCALAPPDATA%\9919828445.exe 1,181,696 24959bd224b3394e6df66a7bec3f0229 2

More files

Site Disclaimer

Leave a Reply

IMPORTANT! To be able to proceed, you need to solve the following simple math.
Please leave these two fields as-is:
What is 7 + 15 ?