Threat Database Fake Error Messages 'Firewall Warning' Fake Popup

'Firewall Warning' Fake Popup

'Firewall Warning' Pop up is a fake security warning alert created by the rogue anti-spyware application WinPC Antivirus. The 'Firewall Warning' Pop-up text reads:

"FIREWALL WARNING. Hidden file transfer to remote host was detected. WinPCAntivirus has detected that somebdoy is trying to transfer your private data via Internet. We strongly recommend you to block the attack immediately. Details of the attack: remote host transfer IP 97.216.34.74; remote user computer name 'FORENSICS'"

It is important that the user ignore the fake warning. If the user clicks on the warning notification, the WinPCAntivirus application will automatically download and the users screen will be flooded with annoying pop-ups. The purpose of the fake notifications and pop-ups are to trick the user into purchasing the full paid version of the rogue application WinPC Antivirus. Remove the infection without hesitation.

File System Details

'Firewall Warning' Fake Popup may create the following file(s):
# File Name Detections
1. %CurrentFolder%\splug.dll

Registry Details

'Firewall Warning' Fake Popup may create the following registry entry or registry entries:
HKEY_CLASSES_ROOT\CLSID\{F0993251-2512-4710-AF6E-0A13EA199D02}
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{F0993251-2512-4710-AF6E-0A13EA199D02}
HKEY_CURRENT_USER\Software\Protection Tools\"65005" = "1"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F0993251-2512-4710-AF6E-0A13EA199D02}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run\"rare" = "%CurrentFolder%\smmain.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{F0993251-2512-4710-AF6E-0A13EA199D02}

Trending

Most Viewed

Loading...