Home Malware Programs Fake Warning Messages Firewall Warning Popup

Firewall Warning Popup

Posted: April 9, 2009

"Firewall Warning" pop-up is a false security warning generated by rogue anti-spyware WinPC Antivirus. This "Firewall Warning" alert states that WinPC Antivirus has detected a hidden file transfer to remote computer. The "Firewall Warning" Pop up reads:

"FIREWALL WARNING.

Hidden file transfer to remote host was detected. WinPC Antivirus has detected that an outside party is attempting to transfer your private data via Internet. We strongly recommend you to block the attack immediately.

Details of the attack: remote host transfer IP 97.216.34.74; remote user computer name 'FORENSICS'."

First of all, it is very important to completely ignore "Firewall Warning" pop-up alert, as it promotes the rogue anti-spyware WinPC Antivirus. If you click this fake notification, you will automatically download the fake anti-spyware onto your computer. Second of all, "Firewall Warning" pop-up must be removed as soon as possible otherwise your computer will become flooded with even more fake notifications.

File System Modifications

  • The following files were created in the system:
    # File Name
    1 %CurrentFolder%\splug.dll

Registry Modifications

  • The following newly produced Registry Values are:
    HKEY..\..\..\..{Subkeys}HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{F0993251-2512-4710-AF6E-0A13EA199D02}HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F0993251-2512-4710-AF6E-0A13EA199D02}HKEY_CURRENT_USER\Software\Protection Tools\"65005" = "1"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{F0993251-2512-4710-AF6E-0A13EA199D02}HKEY..\..\..\..{RegistryKeys}HKEY_CLASSES_ROOT\CLSID\{F0993251-2512-4710-AF6E-0A13EA199D02}HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\..{RunKeys}HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run\"rare" = "%CurrentFolder%\smmain.exe"
Loading...