Windows Web Commander

By ESGI Advisor in Rogue Anti-Spyware Program

Translate To:

Threat Scorecard

Threat Level:	100 % (High)
Infected Computers:	6

First Seen:	July 4, 2012
Last Seen:	January 8, 2020
OS(es) Affected:	Windows

Windows Web Commander Image

Windows Web Commander belongs to a family of fake security applications known as FakeVimes. It seems that the return of malware in the FakeVimes family is due in large part because the criminals have commenced to bundle FakeVimes malware with rootkits belonging to the ZeroAccess family. The addition of this rootkit component makes modern variants of the FakeVimes family of malware considerably more difficult to deal with than previous rogue security programs in this malware family. Because of this, if Windows Web Commander is estabilished on your PC, ESG malware researchers highly counsel using a convenient anti-malware program containing anti-rootkit capabilities in order to remove Windows Web Commander completely.

Due to the fact that Windows Web Commander's family of malware has been around since 2009, there are dozens of fake security applications that are identical to Windows Web Commander in nearly all aspects. FakeVimes' long history works against it since most security applications have few problems detecting and removing Windows Web Commander or any of its clones. However, criminals have gotten increasingly clever at bundling other malware with FakeVimes variants as well as using increasingly more effective social engineering tactics in order to target their victims. The rootkit component that is often included in a Windows Web Commander infection will stop most security programs from detecting or removing Windows Web Commander. Among the many variants in the FakeVimes family known to be associated with this rootkit component are included fake security applications such as Virus Melt, Presto TuneUp, Fast Antivirus 2009, Extra Antivirus, Windows Security Suite, Smart Virus Eliminator, Packed.Generic.245, Volcano Security Suite, Windows Enterprise Suite, Enterprise Suite, Additional Guard, PC Live Guard, Live PC Care, Live Enterprise Suite, Security Antivirus, My Security Wall, CleanUp Antivirus, Smart Security, Windows Protection Suite, Windows Work Catalyst.

Table of Contents

Dealing with a Windows Web Commander Infection on Your Computer

Windows Web Commander will use numerous fake error messages in order to persuade you that the purchase of a high-priced 'full version' of this useless program is needed. ESG malware researchers strongly advise ignoring all of these warnings and to use a reliable anti-malware scanner to remove Windows Web Commander instead. You can stop many of these intrusive alert messages with the registration code 0W000-000B0-00T00-E0020. Although ESG malware researchers have provided this registration code as a way to trick Windows Web Commander into believing its scam has worked, it is important to note that 'registering' Windows Web Commander will not remove this malware threat from your computer, doing so will merely stop some of the infection's symptoms.

SpyHunter Detects & Remove Windows Web Commander

Windows Web Commander Video

Tip: Turn your sound ON and watch the video in Full Screen mode.

File System Details

Windows Web Commander may create the following file(s):

Expand All | Collapse All

#	File Name	MD5	Detections Detections: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
1.	Protector-ixmf.exe	dd1db077adec6ae6de3c9639efc03b7e	1
Name: Protector-ixmf.exe MD5: dd1db077adec6ae6de3c9639efc03b7e Size: 1.81 MB (1811456 bytes) Detections: 1 Type: Executable File Path: %APPDATA% Group: Malware file Last Updated: January 8, 2020
2.	%AppData%\NPSWF32.dll
Name: %AppData%\NPSWF32.dll Type: Dynamic link library Group: Malware file
3.	%CommonAppData%\58ef5\SP98c.exe
Name: %CommonAppData%\58ef5\SP98c.exe Type: Executable File Group: Malware file
4.	%AppData%\Protector-[RANDOM 4 CHARACTERS].exe
Name: %AppData%\Protector-[RANDOM 4 CHARACTERS].exe Type: Executable File Group: Malware file
5.	%AppData%\Windows Web Commander\ScanDisk_.exe
Name: %AppData%\Windows Web Commander\ScanDisk_.exe Type: Executable File Group: Malware file
6.	%AppData%\Protector-[RANDOM 3 CHARACTERS].exe
Name: %AppData%\Protector-[RANDOM 3 CHARACTERS].exe Type: Executable File Group: Malware file
7.	%StartMenu%\Windows Web Commander.lnk
Name: %StartMenu%\Windows Web Commander.lnk Type: Shortcut Group: Malware file
8.	%CommonAppData%\SPUPCZPDET\SPABOIJT.cfg
Name: %CommonAppData%\SPUPCZPDET\SPABOIJT.cfg Group: Malware file
9.	%AppData%\1st$0l3th1s.cnf
Name: %AppData%\1st$0l3th1s.cnf Group: Malware file
10.	%AppData%\Microsoft\Internet Explorer\Quick Launch\Windows Web Commander.lnk
Name: %AppData%\Microsoft\Internet Explorer\Quick Launch\Windows Web Commander.lnk Type: Shortcut Group: Malware file
11.	%Desktop%\Windows Web Commander.lnk
Name: %Desktop%\Windows Web Commander.lnk Type: Shortcut Group: Malware file
12.	%AppData%\result.db
Name: %AppData%\result.db Group: Malware file
13.	%AppData%\Windows Web Commander\Instructions.ini
Name: %AppData%\Windows Web Commander\Instructions.ini Group: Malware file
14.	%Programs%\Windows Web Commander.lnk
Name: %Programs%\Windows Web Commander.lnk Type: Shortcut Group: Malware file
15.	%CommonAppData%\58ef5\SPT.ico
Name: %CommonAppData%\58ef5\SPT.ico Group: Malware file

Registry Details

Windows Web Commander may create the following registry entry or registry entries:

HKEY..\..\..\..{RegistryKeys}

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Windows Web Commander\UninstallString = "[UNKNOWN DIRECTORY]\[UNKNOWN FILE NAME].exe" /del

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Windows Web Commander\DisplayIcon = [UNKNOWN DIRECTORY]\[UNKNOWN FILE NAME].exe,0

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3F2BBC05-40DF-11D2-9455-00104BC936FF}\LocalServer32

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3F2BBC05-40DF-11D2-9455-00104BC936FF}\ Implements DocHostUIHandler

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Dumped_.DocHostUIHandler\Clsid

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Dumped_.DocHostUIHandler\ Implements DocHostUIHandler

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\FWCFG

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\FWCFG\ConsoleTracingMask -65536

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVCare.exe\Debugger svchost.exe

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVENGINE.EXE

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVENGINE.EXE\Debugger svchost.exe

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Ad-Aware.exe

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AluSchedulerSvc.exe\Debugger svchost.exe

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Ad-Aware.exe\Debugger svchost.exe

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AlphaAV.exe

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableRegistryTools" = 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system "ConsentPromptBehaviorUser" = 0

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings "net" = "2012-7-3_8"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\navnt.exe

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\~2.exe

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iamserv.exe

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Windows Web Commander\InstallLocation = [UNKNOWN DIRECTORY]

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Windows Web Commander\DisplayName = Windows Malware Firewall

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\Windows Web Commander "%CommonAppData%\58ef5\SP98c.exe" /s /d

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3F2BBC05-40DF-11D2-9455-00104BC936FF}

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3F2BBC05-40DF-11D2-9455-00104BC936FF}\ProgID\ [unknown file name].DocHostUIHandler

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Dumped_.DocHostUIHandler

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\FWCFG\EnableFileTracing 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\FWCFG\MaxFileSize 1048576

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVCare.exe

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AAWTray.exe\Debugger svchost.exe

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\About.exe

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\About.exe\Debugger svchost.exe

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AluSchedulerSvc.exe

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AlphaAV

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AlphaAV\Debugger svchost.exe

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableTaskMgr" = 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system "ConsentPromptBehaviorAdmin" = 0

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "Inspector"

HKEY_CURRENT_USER\Software\ASProtect

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avxmonitornt.exe

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\zapsetup3001.exe

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Windows Web Commander\Publisher UIS Inc.

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Windows Web Commander\DisplayVersion = 1.1.0.1010

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Windows Web Commander

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3F2BBC05-40DF-11D2-9455-00104BC936FF}\LocalServer32\ [unknown dir]\[unknown file name].exe

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3F2BBC05-40DF-11D2-9455-00104BC936FF}\ProgID

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Dumped_.DocHostUIHandler\Clsid\ {3F2BBC05-40DF-11D2-9455-00104BC936FF}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\FWCFG\EnableConsoleTracing 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\FWCFG\FileTracingMask -65536

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\FWCFG\FileDirectory %windir%\tracing

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AAWTray.exe

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVWEBGRD.EXE\Debugger svchost.exe

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVWEBGRD.EXE

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AlphaAV.exe\Debugger svchost.exe

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AdwarePrj.exe\Debugger svchost.exe

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AdwarePrj.exe

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableRegedit" = 0

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "WarnOnHTTPSToHTTPRedirect" = 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system "EnableLUA" = 0

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings "UID" = "hycdnkxijp"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rapapp.exe

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vbwinntw.exe

Messages

The following messages associated with Windows Web Commander were found:

Error
Attempt to modify Registry key entries detected.
Registry entry analysis recommended.

Error
Keylogger activity detected. System information security is at risk.
It is recommended to activate protection and run a full system scan.

Error
Software without a digital signature detected.
Your system files are at risk. We strongly advise you to activate your protection.

Error
Trojan activity detected. System data security is at risk. It is recommended to activate protection and run a full system scan.

Warning
Firewall has blocked a program from accessing the Internet
C:\program files\internet explorer\iexplore.exe
is suspected to have infected your PC. This type of virus intercepts entered data and transmits them to a remote server.

Warning! Identity theft attempt Detected

Enigma Software Group Prevails Over Malwarebytes at the Ninth Circuit

Search

Change Region

Windows Web Commander

Threat Scorecard

EnigmaSoft Threat Scorecard

Dealing with a Windows Web Commander Infection on Your Computer

SpyHunter Detects & Remove Windows Web Commander

Windows Web Commander Video

File System Details

Registry Details

Messages

Submit Comment

Trending

Rzfu Ransomware

'YouPorn' Email Scam

Rzkd Ransomware

Most Viewed

Is Lookmovie.io Safe?

How To Fix 'Printer Driver is Unavailable' Error

Discord Shows Black Screen when Sharing Screen