WinWebSec

By Domesticus in Rogue Anti-Spyware Program

Threat Scorecard

Threat Level:	100 % (High)
Infected Computers:	2,820

First Seen:	July 24, 2009
Last Seen:	January 20, 2022
OS(es) Affected:	Windows

WinWebSec is a well-known group of rogue security applications. Like most rogue security programs, WinWebSec programs are designed to scam computer users by convincing them to purchase fake anti-virus applications. WinWebSec applications are disguised as anti-virus software but are actually designed to display fake error messages and to mislead the victim into thinking that their PCs are severely infected. ESG malware analysts strongly advise against paying for any anti-virus program in the WinWebSec family of malware. WinWebSec programs have no way of protecting your computer system from malware and actually wreak havoc on the victim's computer system.

Malware in the WinWebSec family has been around for a long time, since at least 2009. Typically, these fake applications are delivered by a Trojan infection and are often one component of a multi-component malware attack. Trojans associated with the WinWebSec family will often be distributed through spam email, malicious advertisements for online malware scanners, or attack websites designed to infect your computer system with malware with the help of exploits. Examples of fake anti-virus products in the WinWebSec family of malware include Security Sphere 2012, Security Shield, Smart Fortress 2012, Essential Cleaner, Antispyware Pro 2009 and Winweb Security.

Table of Contents

Identifying and Dealing with a WinWebSec-Related Malware Infection

Fake security products in the WinWebSec family tend to include interfaces with a pink hue, layouts that are identical from one program to another, and phrases that are repeated from one WinWebSec clone to another (for example: Get full real-time protection with [NAME]). Malware programs in the WinWebSec family also share their attack pattern, displaying similar bogus error messages, pop-up notifications from the Taskbar and similar fake computer scans from one clone to another. Since all of these are created to frighten you into thinking that you need to purchase a 'full version' of the WinWebSec program, ESG malware analysts strongly recommend against taking action based on the rogue security application's claims. Instead, remove WinWebSec application with a strong anti-malware program immediately.

Malware infections in the WinWebSec family often have the capacity to render inoperative legitimate security tools in order to protect themselves. WinWebSec malware programs can also block access to certain files and cause browser redirects. Because of this, to remove a WinWebSec program, it is often necessary to start up the infected computer system from a removable memory device, from a shared drive or in Safe Mode (often by hitting the F8 key while Windows starts up).

Aliases

15 security vendors flagged this file as malicious.

Anti-Virus Software	Detection
AVG	Agent_s.N
Fortinet	W32/ZAccess.GVH!tr.bdr
Ikarus	Backdoor.Win32.ZAccess
Microsoft	TrojanDropper:Win32/Sirefef.B
AntiVir	TR/Drop.Sirefef.B.589
DrWeb	BackDoor.Maxplus.4956
BitDefender	Gen:Variant.Kazy.66870
Kaspersky	Backdoor.Win32.ZAccess.gvh
Avast	Win32:Sirefefs-A [Drp]
NOD32	a variant of Win32/Kryptik.AEND
McAfee	Generic BackDoor!1o3
AVG	Dropper.Generic5.BMYQ
Fortinet	W32/VBKrypt.HYZX!tr
AhnLab-V3	Trojan/Win32.Buzus
Microsoft	Backdoor:Win32/Xtrat.A

SpyHunter Detects & Remove WinWebSec

File System Details

WinWebSec may create the following file(s):

Expand All | Collapse All

#	File Name	MD5	Detections Detections: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
1.	C084297E69DD51850000C083690157DC.exe	df316d4f1d8313785f7de0aff89a6546	5
Name: C084297E69DD51850000C083690157DC.exe MD5: df316d4f1d8313785f7de0aff89a6546 Size: 405.5 KB (405504 bytes) Detections: 5 Type: Executable File Path: %ALLUSERSPROFILE%\Datos de programa\C084297E69DD51850000C083690157DC Group: Malware file Last Updated: March 12, 2013
2.	E886D5C4DBA574CD0000E885ED487E5D.exe	7b705777bc59738c15db129904a39f18	4
Name: E886D5C4DBA574CD0000E885ED487E5D.exe MD5: 7b705777bc59738c15db129904a39f18 Size: 454.65 KB (454656 bytes) Detections: 4 Type: Executable File Path: %ALLUSERSPROFILE%\E886D5C4DBA574CD0000E885ED487E5D Group: Malware file Last Updated: March 29, 2013
3.	6CDA4F2809F84C7D00006CD9E25250A6.exe	6bdd9f02ce89008fc6a127e68e992e80	3
Name: 6CDA4F2809F84C7D00006CD9E25250A6.exe MD5: 6bdd9f02ce89008fc6a127e68e992e80 Size: 406.01 KB (406016 bytes) Detections: 3 Type: Executable File Path: %ALLUSERSPROFILE%\6CDA4F2809F84C7D00006CD9E25250A6 Group: Malware file Last Updated: April 22, 2013
4.	0CCB2B51F070EFC400000CCB1E8AF3E6.exe	068e9d3fe03841b7aa2eca8516f78a0a	3
Name: 0CCB2B51F070EFC400000CCB1E8AF3E6.exe MD5: 068e9d3fe03841b7aa2eca8516f78a0a Size: 417.79 KB (417792 bytes) Detections: 3 Type: Executable File Path: %ALLUSERSPROFILE%\0CCB2B51F070EFC400000CCB1E8AF3E6 Group: Malware file Last Updated: May 13, 2013
5.	E87EDBA94E40B0B70000E87DF32FB511.exe	4b6ba79dfcbbd8a7cda8e276793c7179	2
Name: E87EDBA94E40B0B70000E87DF32FB511.exe MD5: 4b6ba79dfcbbd8a7cda8e276793c7179 Size: 442.36 KB (442368 bytes) Detections: 2 Type: Executable File Path: %ALLUSERSPROFILE%\E87EDBA94E40B0B70000E87DF32FB511 Group: Malware file Last Updated: March 21, 2013
6.	D429B1DCC0ED729B0000D428DDBB7A32.exe	dc12e5fffa010555d2867d8912d2cd4e	2
Name: D429B1DCC0ED729B0000D428DDBB7A32.exe MD5: dc12e5fffa010555d2867d8912d2cd4e Size: 619 KB (619008 bytes) Detections: 2 Type: Executable File Path: %ALLUSERSPROFILE%\Application Data\D429B1DCC0ED729B0000D428DDBB7A32 Group: Malware file Last Updated: February 11, 2013
7.	ajwgcglm.exe	b422ece42f844728ea808680f6a19d41	2
Name: ajwgcglm.exe MD5: b422ece42f844728ea808680f6a19d41 Size: 442.36 KB (442368 bytes) Detections: 2 Type: Executable File Path: %USERPROFILE%\Local Settings\Application Data Group: Malware file Last Updated: February 14, 2013
8.	lsjqxwra.exe	28fdc29b2083b01d9d9faefab350c40f	2
Name: lsjqxwra.exe MD5: 28fdc29b2083b01d9d9faefab350c40f Size: 633.85 KB (633856 bytes) Detections: 2 Type: Executable File Path: %USERPROFILE%\Local Settings\Application Data Group: Malware file Last Updated: February 22, 2013
9.	rrexqmmh.exe	f80286d81ea5330b6277d072406c8edd	2
Name: rrexqmmh.exe MD5: f80286d81ea5330b6277d072406c8edd Size: 407.04 KB (407040 bytes) Detections: 2 Type: Executable File Path: %SystemDrive%\Users\<username>\AppData\Local Group: Malware file Last Updated: May 13, 2013
10.	7638FE76B04E1A12000076388844200A.exe	cc4d5b5aed3e5a3eb96cb79413c0dafb	2
Name: 7638FE76B04E1A12000076388844200A.exe MD5: cc4d5b5aed3e5a3eb96cb79413c0dafb Size: 407.04 KB (407040 bytes) Detections: 2 Type: Executable File Path: %ALLUSERSPROFILE%\7638FE76B04E1A12000076388844200A Group: Malware file Last Updated: April 8, 2013
11.	C0C1D9F64CCE437F0000C0C1193A4894.exe	dc976e361d5ae8cbda93bb2a418a3152	2
Name: C0C1D9F64CCE437F0000C0C1193A4894.exe MD5: dc976e361d5ae8cbda93bb2a418a3152 Size: 407.55 KB (407552 bytes) Detections: 2 Type: Executable File Path: %ALLUSERSPROFILE%\Datos de programa\C0C1D9F64CCE437F0000C0C1193A4894 Group: Malware file Last Updated: April 8, 2013
12.	Win8Security_scanner[1].exe	5678bb4b106a4d292d08fd0d359742cc	2
Name: Win8Security_scanner[1].exe MD5: 5678bb4b106a4d292d08fd0d359742cc Size: 613.88 KB (613888 bytes) Detections: 2 Type: Executable File Path: %LOCALAPPDATA%\Microsoft\Windows\Temporary Internet Files\Content.IE5\SQ4RZTV6 Group: Malware file Last Updated: April 29, 2013
13.	34C60DFAA7B1B483000034C5D93EBE73.exe	30697b763ffa6ca491d8249464d1b2c1	1
Name: 34C60DFAA7B1B483000034C5D93EBE73.exe MD5: 30697b763ffa6ca491d8249464d1b2c1 Size: 462.84 KB (462848 bytes) Detections: 1 Type: Executable File Path: %ALLUSERSPROFILE%\Datos de programa\34C60DFAA7B1B483000034C5D93EBE73 Group: Malware file Last Updated: April 8, 2013
14.	wlplxbokp.exe	68c4a15b5885044fa971424f77dc7e9e	1
Name: wlplxbokp.exe MD5: 68c4a15b5885044fa971424f77dc7e9e Size: 314.88 KB (314880 bytes) Detections: 1 Type: Executable File Path: %SystemDrive%\Users\<username>\AppData\Local Group: Malware file Last Updated: April 8, 2013
15.	6458EC6D570DF6C7000064588819FBF4.exe	2f3b14b2154e531009a5454b26a1707b	1
Name: 6458EC6D570DF6C7000064588819FBF4.exe MD5: 2f3b14b2154e531009a5454b26a1707b Size: 695.29 KB (695296 bytes) Detections: 1 Type: Executable File Path: %ALLUSERSPROFILE%\Dane aplikacji\6458EC6D570DF6C7000064588819FBF4 Group: Malware file Last Updated: February 22, 2013
16.	791640.exe	1f7d54dc6c9839fec677a31a4002aa19	1
Name: 791640.exe MD5: 1f7d54dc6c9839fec677a31a4002aa19 Size: 399.36 KB (399360 bytes) Detections: 1 Type: Executable File Path: %TEMP% Group: Malware file Last Updated: February 22, 2013
17.	60F2A687DCF73AB1000060F2459C415B.exe	9d5583f271bde36afdb76d2088184f36	1
Name: 60F2A687DCF73AB1000060F2459C415B.exe MD5: 9d5583f271bde36afdb76d2088184f36 Size: 450.56 KB (450560 bytes) Detections: 1 Type: Executable File Path: %ALLUSERSPROFILE%\60F2A687DCF73AB1000060F2459C415B Group: Malware file Last Updated: April 29, 2013
18.	968EC5D5A92286C40000968E2F4C8BD6.exe	aa0b15e21531946dd9583b15a7aba422	1
Name: 968EC5D5A92286C40000968E2F4C8BD6.exe MD5: aa0b15e21531946dd9583b15a7aba422 Size: 402.43 KB (402432 bytes) Detections: 1 Type: Executable File Path: %ALLUSERSPROFILE%\968EC5D5A92286C40000968E2F4C8BD6 Group: Malware file Last Updated: February 25, 2013
19.	5489386A0CF9DA6000005488E3E4DE15.exe	fb2aaf1230c6fdaadfc8e63523244f03	1
Name: 5489386A0CF9DA6000005488E3E4DE15.exe MD5: fb2aaf1230c6fdaadfc8e63523244f03 Size: 446.46 KB (446464 bytes) Detections: 1 Type: Executable File Path: %ALLUSERSPROFILE%\5489386A0CF9DA6000005488E3E4DE15 Group: Malware file Last Updated: March 29, 2013
20.	02530A2159B9A8880000025307D4AEE5.exe	2b4af3569b14c09df5c0bb75978b2bb4	1
Name: 02530A2159B9A8880000025307D4AEE5.exe MD5: 2b4af3569b14c09df5c0bb75978b2bb4 Size: 700.41 KB (700416 bytes) Detections: 1 Type: Executable File Path: %ALLUSERSPROFILE%\02530A2159B9A8880000025307D4AEE5 Group: Malware file Last Updated: April 10, 2013
21.	B85F0219B93F7D6A0000B85E49C1837E.exe	22104bd74a887c406e1c98f174283bf5	1
Name: B85F0219B93F7D6A0000B85E49C1837E.exe MD5: 22104bd74a887c406e1c98f174283bf5 Size: 446.46 KB (446464 bytes) Detections: 1 Type: Executable File Path: %ALLUSERSPROFILE%\Dane aplikacji\B85F0219B93F7D6A0000B85E49C1837E Group: Malware file Last Updated: March 21, 2013
22.	raknwrnl.exe	e541a8c10fdd06fd90048adcdd35f21b	1
Name: raknwrnl.exe MD5: e541a8c10fdd06fd90048adcdd35f21b Size: 382.97 KB (382976 bytes) Detections: 1 Type: Executable File Path: %SystemDrive%\Users\<username>\AppData\Local Group: Malware file Last Updated: April 8, 2013
23.	82A03F5D6334EE270000829FBCC1F273.exe	4b6e5e03e4468e20e9b49f71c8cd7030	1
Name: 82A03F5D6334EE270000829FBCC1F273.exe MD5: 4b6e5e03e4468e20e9b49f71c8cd7030 Size: 450.56 KB (450560 bytes) Detections: 1 Type: Executable File Path: %ALLUSERSPROFILE%\82A03F5D6334EE270000829FBCC1F273 Group: Malware file Last Updated: May 8, 2013
24.	2678437.exe	064b73dfc8957ffc4c9171b2854ac6cb	1
Name: 2678437.exe MD5: 064b73dfc8957ffc4c9171b2854ac6cb Size: 401.4 KB (401408 bytes) Detections: 1 Type: Executable File Path: %TEMP% Group: Malware file Last Updated: April 22, 2013
25.	2204.tmp	064984de6c802644c6aba8ccfa7f29de	1
Name: 2204.tmp MD5: 064984de6c802644c6aba8ccfa7f29de Size: 394.24 KB (394240 bytes) Detections: 1 Type: Temporary File Path: %TEMP% Group: Malware file Last Updated: May 3, 2013

More files

Enigma Software Group Prevails Over Malwarebytes at the Ninth Circuit

Search

Change Region

WinWebSec

Threat Scorecard

EnigmaSoft Threat Scorecard

Identifying and Dealing with a WinWebSec-Related Malware Infection

Aliases

SpyHunter Detects & Remove WinWebSec

File System Details

Submit Comment

Related Posts

Trojan.Winwebsec

Trending

Chainpcnetwork.co.in

'Microsoftsupport.co' Pop-Up Scam

Slime Ransomware

Most Viewed

Discord Shows Black Screen when Sharing Screen

How To Fix 'Printer Driver is Unavailable' Error

What is Msedge.exe?