HalfLemon Infiltration Alert
"HalfLemon Infiltration" Alert is a misleading warning notification generated by the fake spyware remover Windows Antivirus Pro. The HalfLemon Infiltration Alert pop-up reads as follows:
"WINDOWS ANTIVIRUS PRO ALERT
Infiltration Alert
Your computer is being attacked by an Internet Virus. It could be a password-stealing attack, a trojan-dropped or similar.
Details:
Attack from: 239.80.11.105, port 58962
Attacked port: 41567
Threat: HalfLemon
Do you want Windows Antivirus Pro to block this attack?"
This message than prompts you to purchase and download the bogus anti-spyware software Windows Antivirus Pro in order to combat this fake threat. Do not be fooled, and remove as soon as possible.
File System Modifications
- The following files were created in the system:
# File Name 1 ANTI_files.exe 2 bennuar.old 3 dbsinit.exe 4 dddesot.dll 5 Desktop\\\\Windows Antivirus Pro.lnk 6 desot.exe 7 i1.gif 8 i2.gif 9 i3.gif 10 j1.gif 11 j2.gif 12 j3.gif 13 jj1.gif 14 jj2.gif 15 jj3.gif 16 l1.gif 17 l2.gif 18 l3.gif 19 msvcm80.dll 20 msvcp80.dll 21 msvcr80.dll 22 pix.gif 23 ppp3.dat 24 ppp4.dat 25 svchast.exe 26 sysnet.dat 27 t1.gif 28 t2.gif 29 up1.gif 30 up2.gif 31 w1.gif 32 w11.gif 33 w2.gif 34 w3.gif 35 w3.jpg 36 Windows Antivirus Pro.exe 37 wispex.html 38 wt1.gif 39 wt2.gif 40 wt3.gif
Registry Modifications
- The following newly produced Registry Values are:
HKEY..\..\..\..{Subkeys}HKEY_CURRENT_USER\Software\SoftimerHKEY_CURRENT_USER\Software\Windows Antivirus ProHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F54AF7DE-6038-4026-8433-CC30E3F17212}HKEY..\..\..\..{RegistryKeys}HKEY_CLASSES_ROOT\CLSID\{425882B0-B0BF-11CE-B59F-00AA006CB37D}HKEY_CLASSES_ROOT\CLSID\{F54AF7DE-6038-4026-8433-CC30E3F17212}HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\AntipPro2009_12HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\AntipPro2009_12HKEY_LOCAL_MACHINE\Software\[APPLICATION]\Microsoft\Windows\CurrentVersion\Uninstall..{Uninstaller}Win Antivirus Pro
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.