'Firewall Warning' Fake Popup

'Firewall Warning' Fake Popup Description

'Firewall Warning' Pop up is a fake security warning alert created by the rogue anti-spyware application WinPC Antivirus. The 'Firewall Warning' Pop-up text reads:

"FIREWALL WARNING. Hidden file transfer to remote host was detected. WinPCAntivirus has detected that somebdoy is trying to transfer your private data via Internet. We strongly recommend you to block the attack immediately. Details of the attack: remote host transfer IP 97.216.34.74; remote user computer name 'FORENSICS'"

It is important that the user ignore the fake warning. If the user clicks on the warning notification, the WinPCAntivirus application will automatically download and the users screen will be flooded with annoying pop-ups. The purpose of the fake notifications and pop-ups are to trick the user into purchasing the full paid version of the rogue application WinPC Antivirus. Remove the infection without hesitation.

Technical Information

File System Details

'Firewall Warning' Fake Popup creates the following file(s):
# File Name Detection Count
1 %CurrentFolder%\splug.dll N/A

Registry Details

'Firewall Warning' Fake Popup creates the following registry entry or registry entries:
Registry key
HKEY_CLASSES_ROOT\CLSID\{F0993251-2512-4710-AF6E-0A13EA199D02}
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{F0993251-2512-4710-AF6E-0A13EA199D02}
HKEY_CURRENT_USER\Software\Protection Tools\"65005" = "1"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F0993251-2512-4710-AF6E-0A13EA199D02}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run\"rare" = "%CurrentFolder%\smmain.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{F0993251-2512-4710-AF6E-0A13EA199D02}