Warning! popup
"Warning!" popup is a false security alert generated by the infamous Trojan Zlob and used promote rogue anti-spyware programs such as Privacy Components. The "Warning!" popup text reads:
"System performance monitor: Warning
Summary:
System performance slowed down by: 47%
Internet connection speed decreased by: 39%
Probable reason: Spyware applications / Adware popup windows
Click this baloon to download spyware scan tool to remove spyware/adware applications."
Do NOT click on the "balloon" or on any pop up. "Warning" Popup is only meant to make you believe your computer system is infested with spyware. "Warning" Popup will most likely redirect you to a malicious website that sells Privacy Components or other rogue anti-spyware programs.
File System Modifications
- The following files were created in the system:
# File Name 1 %UserProfile%\Application Data\Privacy components 2 %UserProfile%\Application Data\Privacy components\dbases 3 %UserProfile%\Application Data\Privacy components\dbases\cg.dat 4 %UserProfile%\Application Data\Privacy components\dbases\mw.dat 5 %UserProfile%\Application Data\Privacy components\dbases\rd.dat 6 %UserProfile%\Application Data\Privacy components\dbases\sc.dat 7 %UserProfile%\Application Data\Privacy components\dbases\sm.dat 8 %UserProfile%\Application Data\Privacy components\dbases\sp.dat 9 %UserProfile%\Application Data\Privacy components\keys 10 %UserProfile%\Application Data\Privacy components\keys\cg.key 11 %UserProfile%\Application Data\Privacy components\keys\rd.key 12 %UserProfile%\Application Data\Privacy components\keys\sc.key 13 %UserProfile%\Application Data\Privacy components\keys\sp.key 14 %UserProfile%\Application Data\Privacy components\temp 15 %UserProfile%\Application Data\Privacy components\temp\settings.ini 16 %UserProfile%\Application Data\Privacy components\temp\spfilter 17 %UserProfile%\Desktop\Privacy components.lnk 18 %UserProfile%\Start Menu\Programs\Privacy components 19 %UserProfile%\Start Menu\Programs\Privacy components\Privacy components.lnk 20 c:\Program Files\Privacy components 21 c:\Program Files\Privacy components\agent.exe 22 c:\Program Files\Privacy components\faq 23 c:\Program Files\Privacy components\faq\guide.html 24 c:\Program Files\Privacy components\faq\images 25 c:\Program Files\Privacy components\faq\images\gimg1.jpg 26 c:\Program Files\Privacy components\faq\images\gimg10.jpg 27 c:\Program Files\Privacy components\faq\images\gimg2.jpg 28 c:\Program Files\Privacy components\faq\images\gimg3.jpg 29 c:\Program Files\Privacy components\faq\images\gimg4.jpg 30 c:\Program Files\Privacy components\faq\images\gimg5.jpg 31 c:\Program Files\Privacy components\faq\images\gimg6.jpg 32 c:\Program Files\Privacy components\faq\images\gimg7.jpg 33 c:\Program Files\Privacy components\faq\images\gimg8.jpg 34 c:\Program Files\Privacy components\faq\images\gimg9.jpg 35 c:\Program Files\Privacy components\pc.exe 36 c:\Program Files\Privacy components\sounds 37 c:\Program Files\Privacy components\sounds\1.mp3 38 c:\Program Files\Privacy components\sounds\3.mp3 39 c:\Program Files\Privacy components\tools 40 c:\Program Files\Privacy components\tools\sc 41 c:\Program Files\Privacy components\tools\sc\ca.crt 42 c:\Program Files\Privacy components\tools\sc\libeay32.dll 43 c:\Program Files\Privacy components\tools\sc\libssl32.dll 44 c:\Program Files\Privacy components\tools\sc\OemWin2k.inf 45 c:\Program Files\Privacy components\tools\sc\openvpn.exe 46 c:\Program Files\Privacy components\tools\sc\tap0801.sys 47 c:\Program Files\Privacy components\tools\sc\tapinstall.exe 48 c:\Program Files\Privacy components\tools\sp 49 c:\Program Files\Privacy components\tools\sp\sp.dll 50 c:\Program Files\Privacy components\uninstall.exe
Registry Modifications
- The following newly produced Registry Values are:
HKEY..\..\..\..{Subkeys}HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" => "C:\Program Files\Privacy components\pc.exe"HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "agent.exe"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D032570A-5F63-4812-A094-87D007C23012}HKEY..\..\..\..{RegistryKeys}HKEY_CLASSES_ROOT\CLSID\{D032570A-5F63-4812-A094-87D007C23012}HKEY_CLASSES_ROOT\sp.TIEAdvBHOMicrosoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D032570A-5F63-4812-A094-87D007C23012}Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\Privacy componentsMicrosoft\Windows\CurrentVersion\Run\agent.exeHKEY_LOCAL_MACHINE\Software\[APPLICATION]\Microsoft\Windows\CurrentVersion\Uninstall..{Uninstaller}Privacy componentsPrivacy components
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.