WinWebSec

WinWebSec Description

WinWebSec is a well-known group of rogue security applications. Like most rogue security programs, WinWebSec programs are designed to scam computer users by convincing them to purchase fake anti-virus applications. WinWebSec applications are disguised as anti-virus software but are actually designed to display fake error messages and to mislead the victim into thinking that their PCs are severely infected. ESG malware analysts strongly advise against paying for any anti-virus program in the WinWebSec family of malware. WinWebSec programs have no way of protecting your computer system from malware and actually wreak havoc on the victim's computer system.

Malware in the WinWebSec family has been around for a long time, since at least 2009. Typically, these fake applications are delivered by a Trojan infection and are often one component of a multi-component malware attack. Trojans associated with the WinWebSec family will often be distributed through spam email, malicious advertisements for online malware scanners, or attack websites designed to infect your computer system with malware with the help of exploits. Examples of fake anti-virus products in the WinWebSec family of malware include Security Sphere 2012, Security Shield, Smart Fortress 2012, Essential Cleaner, Antispyware Pro 2009 and Winweb Security.

Identifying and Dealing with a WinWebSec-Related Malware Infection


Fake security products in the WinWebSec family tend to include interfaces with a pink hue, layouts that are identical from one program to another, and phrases that are repeated from one WinWebSec clone to another (for example: Get full real-time protection with [NAME]). Malware programs in the WinWebSec family also share their attack pattern, displaying similar bogus error messages, pop-up notifications from the Taskbar and similar fake computer scans from one clone to another. Since all of these are created to frighten you into thinking that you need to purchase a 'full version' of the WinWebSec program, ESG malware analysts strongly recommend against taking action based on the rogue security application's claims. Instead, remove WinWebSec application with a strong anti-malware program immediately.

Malware infections in the WinWebSec family often have the capacity to render inoperative legitimate security tools in order to protect themselves. WinWebSec malware programs can also block access to certain files and cause browser redirects. Because of this, to remove a WinWebSec program, it is often necessary to start up the infected computer system from a removable memory device, from a shared drive or in Safe Mode (often by hitting the F8 key while Windows starts up).
Aliases: Trojan.FakeAV.mm [CAT-QuickHeal], Trojan.Win32.FakeAV [Ikarus], W32/FakeAlert.ML!tr [Fortinet], Trojan.Siggen1.25665 [DrWeb], Trojan.FakeAV.XN [VirusBuster], Trojan.Generic.KD.9916 [BitDefender], FakeAV.BJV [AVG], Trojan/Win32.FakeAV.gen [Antiy-AVL], TR/FakeAV.ML [AntiVir], Trojan.Win32.FakeAV!IK [a-squared], Trojan/Fakeav.kp [Jiangmin], Trojan.Win32.FakeAV.ml [Kaspersky], Generic FakeAlert!hk [McAfee], Trojan.Win32.FakeAV.44544.F [ViRobot] and PAK_Generic.001 [TrendMicro].

Infected with WinWebSec? Scan Your PC for Free

Download SpyHunter’s Spyware Scanner
to Detect WinWebSec

Security Doesn't Let You Download SpyHunter or Access the Internet?


Solutions: Your computer may have malware hiding in memory that prevents any program, including SpyHunter, from executing on your computer. Follow to download SpyHunter and gain access to the Internet:
  • Use an alternative browser. Malware may disable your browser. If you're using IE, for example, and having problems downloading SpyHunter, you should open Firefox, Chrome or Safari browser instead.
  • Use a removable media. Download SpyHunter on another clean computer, burn it to a USB flash drive, DVD/CD, or any preferred removable media, then install it on your infected computer and run SpyHunter's malware scanner.
  • Start Windows in Safe Mode. If you can not access your Window's desktop, reboot your computer in 'Safe Mode with Networking' and install SpyHunter in Safe Mode.
  • IE Users: Disable proxy server for Internet Explorer to browse the web with Internet Explorer or update your anti-spyware program. Malware modifies your Windows settings to use a proxy server to prevent you from browsing the web with IE.

If you still can't install SpyHunter? View other possible causes of installation issues.

Technical Information

Infection Statistics


Our MalwareTracker shows malware activity across the world. Explore real-time data of WinWebSec outbreaks and other threats from global to local level.

File System Details

WinWebSec creates the following file(s):
# File Name Size MD5 Detection Count
1 94983646.exe 47,139 b18b6f5b955a0a2df7a46ed28ab6ce8a 300
2 18011404.exe 368,678 be0482803afdffa5b91f75c889cc9174 290
3 %ALLUSERSPROFILE%\Anwendungsdaten\08377530\08377530.exe 1,001,488 9ffa1916b694dd043dc8ec8c5606debd 287
4 %ALLUSERSPROFILE%\Anwendungsdaten\75193227\75193227.exe 1,197,568 4caa6cb6a180cedf69565732e1a9252c 287
5 14973654.exe 368,675 bae01224ff5380b342644465a6824122 256
6 %ALLUSERSPROFILE%\Anwendungsdaten\81397432\81397432.exe 834,560 9afd011c3bc71b0f547f2cf7c703e32c 250
7 10380934.exe 368,172 a432fd952a08c14c6d2e11457b361f35 234
8 93223426.exe 47,148 55ec7bd9da3129e500422e9c23ca0c4f 234
9 %ALLUSERSPROFILE%\Dati applicazioni\05002310\05002310.exe 1,029,120 79d6b9ab23bb010bd06b5f3f8e292193 222
10 13213434.exe 368,172 7c5bf5bf23756334883b02ea4becac14 222
11 %ALLUSERSPROFILE%\Anwendungsdaten\77302322\77302322.exe 1,136,640 a5988384beea1aadaaae337e4f2be7b7 222
12 %ALLUSERSPROFILE%\Anwendungsdaten\99199340\99199340.exe 1,162,752 81dc0ca129779dbe3c083e98fe3c046c 219
13 %LOCALAPPDATA%\101586.exe 1,188,352 862abc560711b33a1244e9d16e547740 169
14 %ALLUSERSPROFILE%\Anwendungsdaten\04545624\04545624.exe 1,057,280 767127360bab6a3ee6259525edbfc404 159
15 91130616.exe 47,148 8f46c1d02d01ce78b21a9ed56c21d305 156

More files

Site Disclaimer

Leave a Reply

IMPORTANT! To be able to proceed, you need to solve the following simple math.
Please leave these two fields as-is:
What is 5 + 14 ?