Pcobserver
Threat Scorecard
EnigmaSoft Threat Scorecard
EnigmaSoft Threat Scorecards are assessment reports for different malware threats which have been collected and analyzed by our research team. EnigmaSoft Threat Scorecards evaluate and rank threats using several metrics including real-world and potential risk factors, trends, frequency, prevalence, and persistence. EnigmaSoft Threat Scorecards are updated regularly based on our research data and metrics and are useful for a wide range of computer users, from end users seeking solutions to remove malware from their systems to security experts analyzing threats.
EnigmaSoft Threat Scorecards display a variety of useful information, including:
Ranking: The ranking of a particular threat in EnigmaSoft’s Threat Database.
Severity Level: The determined severity level of an object, represented numerically, based on our risk modeling process and research, as explained in our Threat Assessment Criteria.
Infected Computers: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
See also Threat Assessment Criteria.
| Threat Level: | 80 % (High) |
| Infected Computers: | 260 |
| First Seen: | April 11, 2017 |
| Last Seen: | April 15, 2022 |
| OS(es) Affected: | Windows |
Pcobserver is a rogue registry cleaner, a Potentially Unwanted Program that is part of a well-known tactic. Pcobserver is marketed as a way to optimize your computer. However, instead of helping computer users improve their machines, Pcobserver locks the victim’s screen and acts as part of a well-known bogus technical support hoax. Pcobserver is of questionable ownership, with no digital signature or legitimate website. The main purpose of Pcobserver is to trick computer users by convincing them to pay money for a fake security program. Pcobserver displays a window with the title 'Registry Cleaner,' which looks as if it is scanning the victim’s computer for threats. In fact, Pcobserver is not optimizing the victim’s computer but merely tricking computer users into paying money for a fake technical support.
Table of Contents
The Misleading Tactic Used by the Pcobserver
Pcobserver displays an animation designed to trick the computer users into believing that it is scanning the affected machine. This is merely an animation, with nothing happening to indicate that Pcobserver is carrying out operations on the affected computer. Pcobserver will claim that the files related to the Microsoft .NET Framework should be removed, tagging them as supposedly problematic. Malware analysts strongly advise against following this advice. The fact is that there may be nothing about Pcobserver that is remotely useful or legitimate. The main purpose of Pcobserver is to scare computer users, making them believe that they need to pay for help. In the process, Pcobserver causes various problems on the affected computer due to its interference and illegitimate use of system resources.
How Pcobserver may Affect a Computer
After Pcobserver is installed on the affected computer, it will make the following change to the startup settings, which allow Pcobserver to run automatically when the affected computer starts:
Startup: C:\Users\{username}\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\WMPNewtworksSvcx.lnk [TIMESTAMP]
The executable file linked here causes a screen locker to be displayed on the affected computer. This screen locker window is designed to imitate a Microsoft security alert, telling computer users to contact the phone number 888-348-1768 to take care of a supposed 'suspicious activity' on the affected computer. The Pcobserver lock screen may interfere with the affected computer, preventing computer users from using the Windows Task Manager and changing the mapping of the TAB button to prevent computer users from using Alt + TAB to change windows. The following is the message that Pcobserver displays as part of its tactic:
'Microsoft has detected some suspicious activity on this
computer. Al access to this device has been revoked due to a
networks security breach. Attackers might attempt to steal
personal information, banking details, emails, passwords and
other files on this system.
please contact a Microsoft certified technician on 1-888-348-1767
[TEXT BOX]
Privacy Policy'
After the victim calls this phone number, corrupted versions of LogMeIn and TeamViewer are used to access the victim’s computer remotely, allowing the people responsible for the Pcobserver tactic to collect the victim's data or carry out other tactics on the affected computer.
Dealing with Pcobserver
You should ignore the Pcobserver message completely. There is no truth to the message Pcobserver displays, and there is no link between Pcobserver and Microsoft or any reputable software or security provider. If Pcobserver is being displayed on your computer, it will be necessary to bypass it by removing it from the Startup list and using alternate startup methods such as Safe Mode to prevent it from running automatically when the affected computer starts up. Malware researchers strongly advise computer users to use a reliable security program that is fully up-to-date to remove the Pcobserver PUP itself from the affected computer. If you have contacted the con artists, it will be necessary to take steps to ensure that your private data has not become compromised.
Submit Comment
Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.