Warning! popup
Warning! popup is a fake security warning alert promoted by the rogue anti-spyware application Privacy Components. The alert text reads:
"Warning! One or several security components reported some problems! Traces of discreditable files (for example, the history of visiting porno sites) and security vulnerability have been found. Click this notification to eliminate vulnerability immediately!"
Once Privacy Components is installed onto the users PC, additional fake pop-ups and alerts will be displayed. The purpose of these fake alerts is to convince the user that their PC is infected so that the user will purchase the full version Privacy Components application. The user should remove the infection without hesitation.
File System Details
Warning! popup may create the following file(s):
| # | File Name |
Detections
Detections: The number of confirmed and suspected cases of a particular threat detected on
infected computers as reported by SpyHunter.
|
|---|---|---|
| 1. | c:\Program Files\Privacy components\tools\sc\libeay32.dll | |
| 2. | c:\Program Files\Privacy components\tools\sc\tap0801.sys | |
| 3. | c:\Program Files\Privacy components\uninstall.exe | |
| 4. | c:\Program Files\Privacy components\pc.exe | |
| 5. | c:\Program Files\Privacy components\tools\sc\openvpn.exe | |
| 6. | c:\Program Files\Privacy components\tools\sp\sp.dll | |
| 7. | c:\Program Files\Privacy components\agent.exe | |
| 8. | c:\Program Files\Privacy components\tools\sc\libssl32.dll | |
| 9. | c:\Program Files\Privacy components\tools\sc\tapinstall.exe | |
| 10. | %UserProfile%\Application Data\Privacy components\dbases\cg.dat | |
| 11. | %UserProfile%\Application Data\Privacy components\dbases\sc.dat | |
| 12. | %UserProfile%\Application Data\Privacy components\keys | |
| 13. | %UserProfile%\Application Data\Privacy components\keys\sc.key | |
| 14. | %UserProfile%\Application Data\Privacy components\temp\settings.ini | |
| 15. | %UserProfile%\Start Menu\Programs\Privacy components | |
| 16. | c:\Program Files\Privacy components\faq | |
| 17. | c:\Program Files\Privacy components\faq\images\gimg1.jpg | |
| 18. | c:\Program Files\Privacy components\faq\images\gimg3.jpg | |
| 19. | c:\Program Files\Privacy components\faq\images\gimg6.jpg | |
| 20. | c:\Program Files\Privacy components\faq\images\gimg9.jpg | |
| 21. | c:\Program Files\Privacy components\sounds\3.mp3 | |
| 22. | c:\Program Files\Privacy components\tools\sc\ca.crt | |
| 23. | %UserProfile%\Application Data\Privacy components\dbases | |
| 24. | %UserProfile%\Application Data\Privacy components\dbases\rd.dat | |
| 25. | %UserProfile%\Application Data\Privacy components\dbases\sp.dat | |
| 26. | %UserProfile%\Application Data\Privacy components\keys\rd.key | |
| 27. | %UserProfile%\Application Data\Privacy components\temp | |
| 28. | %UserProfile%\Desktop\Privacy components.lnk | |
| 29. | c:\Program Files\Privacy components | |
| 30. | c:\Program Files\Privacy components\faq\images | |
| 31. | c:\Program Files\Privacy components\faq\images\gimg2.jpg | |
| 32. | c:\Program Files\Privacy components\faq\images\gimg5.jpg | |
| 33. | c:\Program Files\Privacy components\faq\images\gimg8.jpg | |
| 34. | c:\Program Files\Privacy components\sounds\1.mp3 | |
| 35. | c:\Program Files\Privacy components\tools\sc | |
| 36. | c:\Program Files\Privacy components\tools\sp | |
| 37. | %UserProfile%\Application Data\Privacy components | |
| 38. | %UserProfile%\Application Data\Privacy components\dbases\mw.dat | |
| 39. | %UserProfile%\Application Data\Privacy components\dbases\sm.dat | |
| 40. | %UserProfile%\Application Data\Privacy components\keys\cg.key | |
| 41. | %UserProfile%\Application Data\Privacy components\keys\sp.key | |
| 42. | %UserProfile%\Application Data\Privacy components\temp\spfilter | |
| 43. | %UserProfile%\Start Menu\Programs\Privacy components\Privacy components.lnk | |
| 44. | c:\Program Files\Privacy components\faq\guide.html | |
| 45. | c:\Program Files\Privacy components\faq\images\gimg10.jpg | |
| 46. | c:\Program Files\Privacy components\faq\images\gimg4.jpg | |
| 47. | c:\Program Files\Privacy components\faq\images\gimg7.jpg | |
| 48. | c:\Program Files\Privacy components\sounds | |
| 49. | c:\Program Files\Privacy components\tools | |
| 50. | c:\Program Files\Privacy components\tools\sc\OemWin2k.inf |
Registry Details
Warning! popup may create the following registry entry or registry entries:
Microsoft\Windows\CurrentVersion\Run\agent.exe
HKEY_CLASSES_ROOT\sp.TIEAdvBHO
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "agent.exe"
Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D032570A-5F63-4812-A094-87D007C23012}
HKEY_CLASSES_ROOT\CLSID\{D032570A-5F63-4812-A094-87D007C23012}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Privacy components
Microsoft\Windows\CurrentVersion\Uninstall\Privacy components
Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\Privacy components
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D032570A-5F63-4812-A094-87D007C23012}
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" => "C:\Program Files\Privacy components\pc.exe"
