Infiltration Alert
"Infiltration Alert" is a fake pop-up warning generated by the rogueware called WiniBlueSoft. The "Infiltration Alert" pop-up is used to trick users into believing that their computers are infected and then prompt them to purchase the rogue program WiniBlueSoft.
Table of Contents
File System Details
Infiltration Alert may create the following file(s):
| # | File Name |
Detections
Detections: The number of confirmed and suspected cases of a particular threat detected on
infected computers as reported by SpyHunter.
|
|---|---|---|
| 1. | ave.exe |
Registry Details
Infiltration Alert may create the following registry entry or registry entries:
HKEY_CLASSES_ROOT\.exe\shell\open\command "(Default)" = "av.exe" /START "%1? %*
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command "(Default)" = "av.exe" /START "firefox.exe" -safe-mode
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center "FirewallOverride" = "1?
HKEY_CURRENT_USER\Software\Classes\secfile\shell\open\command "(Default)" = "av.exe" /START "%1? %*
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command "(Default)" = "av.exe" /START "firefox.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center "AntiVirusOverride" = "1?
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command "(Default)" = "av.exe" /START "%1? %*
HKEY_CLASSES_ROOT\secfile\shell\open\command "(Default)" = "av.exe" /START "%1? %*
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command "(Default)" = "av.exe" /START "iexplore.exe"
Messages
The following messages associated with Infiltration Alert were found:
|
Infiltration Alert!
Your computer is being attacked by an Internet Virus. It could be a password-stealing attack, a trojan-dropper or similar. Details Attack from: 55.12.206.86 Attacked port: 17781 Threat: Virus Do you want WiniBlueSoft to block this attack? |
