Winpcantivirus2010.com
Winpcantivirus2010.com is a browser hijacker promoting the rogue anti-spyware application known as WinPC Antivirus. Due to affiliated trojans infiltrating the computer and modifying the browser settings, web-surfing activities are redirected to the Winpcantivirus2010.com domain. Here the computer is subject to a fake online scan that reports fictitious and sometimes grossly exaggerated infection results, all in order to intimidate the user into purchasing the fake spyware remover WinPC Antivirus.
Table of Contents
File System Details
Winpcantivirus2010.com may create the following file(s):
| # | File Name |
Detections
Detections: The number of confirmed and suspected cases of a particular threat detected on
infected computers as reported by SpyHunter.
|
|---|---|---|
| 1. | c:\WINDOWS\ieocx.dll | |
| 2. |
C:\Documents and Settings\ |
|
| 3. | %UserProfile%\Application Data\pcantivirus.exe | |
| 4. | %UserProfile%\Start Menu\WinPC Antivirus.LNK | |
| 5. | %UserProfile%\Desktop\WinPC Antivirus.LNK |
Registry Details
Winpcantivirus2010.com may create the following registry entry or registry entries:
HKEY_CLASSES_ROOT\IEocxApp.IEocx.1
HKEY_CLASSES_ROOT\TypeLib\{A54DC52D-7AAD-4D40-A126-337211631EDC}
HKEY_CURRENT_USER\Control Panel\don't load "wscui.cpl"
HKEY_CLASSES_ROOT\IEocxApp.IEocx
HKEY_CLASSES_ROOT\Interface\{9692BE2F-EB8F-49D9-A11C-C24C1EF734D5}
HKEY_CURRENT_USER\Control Panel\don't load "scui.cpl"
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run "Content"
HKEY_CLASSES_ROOT\CLSID\{96ad72e4-2e2b-4ffc-a5bb-279c2714af12}
HKEY_CLASSES_ROOT\Interface\{4B66E1DF-4DE3-4CDA-83B5-11673EADAB0B}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{96ad72e4-2e2b-4ffc-a5bb-279c2714af12}
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "sysav"
URLs
Winpcantivirus2010.com may call the following URLs:
| win-pc-antivirus2009.com |
| winpc-antivirus.com |
| winpc-antivirus09.com |
| winpc-antivirus2009.com |
| winpcantivirus2010.com |
