0scan.us

0scan.us Screenshot 10scan.us is a malicious site that’s used for distributing members of the WinWebSec family of fraudulent anti-malware scanners, including such members as System Security, Personal Shield Pro and the (fake) MS Removal Tool. Contact with 0scan.us usually results in a virtual ‘system scan’ that actually is just a simulation designed to make you download and install a member of the Winwebsec family of scamware, although SpywareRemove.com malware experts warn that 0scan.us also may automatically install its payload through a browser exploit. Software and system scans related to 0scan.us always should be assumed to be both intentionally deceptive and outright malicious, and legitimate anti-malware software should be engaged to clean up after any infection related to your browser loading 0scan.us.

0scan.us: How a Zero for Your PC’s Safety Can Equal Positive Numbers in a Criminal Bank Account


Any visit to 0scan.us will result in your browser loading a window that’s reminiscent of the ‘My Computer’ window, albeit with the unusual addition of what looks like (but, in fact, is not) an ongoing system scan. 0scan.us’s simulated scan will ‘detect’ various PC threats, including some high-level ones like backdoor Trojans, and proceed to ask you to remove them… but trying to do so only will cause you to download the scamware that 0scan.us is peddling.

This attack is a typical strategy used to distribute rogue security software, and may be implemented through malicious redirects on hostile sites, the presence of a browser hijacker that alters your browser’s behavior, redirects from innocent but hacked sites, and lastly, even some forms of online advertisements.
Download SpyHunter Spyware Scanner
SpywareRemove.com malware experts have confirmed 0scan.us’s payload as one of many possible variants of a member of the Winwebsec family, a large family of fake anti-malware and security products.

Symptoms related to any 0scan.us infection usually include:
  • Pop-up warnings and related system information presentations that alert you to real-looking but fake infections, as well as some related system damage.
  • Being unable to access most other programs on your computer, which are blocked by the scamware security product under the claim that it’s protecting your PC (such as by claiming that the blocked program has been compromised by a virus).

The goal of any fake anti-malware product, including those installed through 0scan.us, is to steal your money by asking you to go through a fake ‘registration’ service. Since even a successful attempt at registering these programs will not help your computer, SpywareRemove.com malware researchers warn that you never should transfer money or personal information to companies affiliated with confirmed scamware products.

Scanning Your Way Out of the Fake Scanner Blues


While the Winwebsec group of fake anti-malware products continues to undergo regular development, SpywareRemove.com malware analysts warn that you should be particularly cautious around confirmed members of its group, such as Essential Cleaner, Security Shield, Winweb Security, System Progressive Protection and Personal Shield Pro. Ordinarily, 0scan.us will attempt to convince you to install these programs intentionally, but 0scan.us also may host a browser exploit to force the installation regardless – which many other scamware-affiliated sites have been prone to abusing.

If your browser loads 0scan.us at all, SpywareRemove.com malware experts recommend that you use a real anti-malware product to scan your PC and remove all detected PC threats. You can use commonly-accessible security techniques to disable any malicious software beforehand in the event of malware related to 0scan.us blocking any needed programs. Rebooting into Safe Mode or booting from any peripheral hard drive are two of the most popular methods.

0scan.us Automatic Detection Tool (Recommended)


Is your PC infected with 0scan.us? To safely & quickly detect 0scan.us, we highly recommend you run the malware scanner listed below.



Technical Details

File System Modifications

  • The following files were created in the system:
    # File Name
    1 %\Documents and Settings%\All Users\Application Data\00308937\00308937.exe
    2 %\Documents and Settings%\All Users\Application Data\00308937\config.udb
    3 %\Documents and Settings%\All Users\Application Data\00308937\pc00308937ins
    4 %UserProfile%\Desktop\System Security 2009.lnk
    5 %UserProfile%\Start Menu\Programs\System Security\System Security 2009 Support.lnk
    6 %UserProfile%\Start Menu\Programs\System Security\System Security 2009.lnk

Registry Modifications

  • The following newly produced Registry Values are:
    HKEY..\..\..\..{Subkeys}HKEY_LOCAL_MACHINE\Software\00308937HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\..{RunKeys}HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run "00308937"HKEY_LOCAL_MACHINE\Software\[APPLICATION]\Microsoft\Windows\CurrentVersion\Uninstall..{Uninstaller}SystemSecurity2009

Additional Information

  • The following URL's were detected:
    0scan.us
Posted: May 21, 2009 | By
Share:
Follow Me on Pinterest More More
Rate this article:
1 Star2 Stars3 Stars4 Stars5 Stars (No Ratings Yet)
Loading ... Loading ...
Home Rogue Websites 0scan.us

Leave a Reply

What is 7 + 6 ?
Please leave these two fields as-is:
IMPORTANT! To be able to proceed, you need to solve the following simple math (so we know that you are a human) :-)