Home Malware Programs Fake Warning Messages Infiltration Alert

Infiltration Alert

Posted: May 18, 2010

Infiltration Alert is a Fake Warning Message related to the rogue antispyware program WiniBlueSoft. Infiltration Alert appears in the form of annoying popup warnings which claim the PC is infected with malware. This is a scam to urge hapless computer users to purchase WiniBlueSoft, which is infact useless.

File System Modifications

  • The following files were created in the system:
    # File Name
    1 ave.exe

Registry Modifications

  • The following newly produced Registry Values are:
    HKEY..\..\..\..{Subkeys}HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command "(Default)" = "av.exe" /START "%1? %*HKEY_CURRENT_USER\Software\Classes\secfile\shell\open\command "(Default)" = "av.exe" /START "%1? %*HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command "(Default)" = "av.exe" /START "firefox.exe"HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command "(Default)" = "av.exe" /START "firefox.exe" -safe-modeHKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command "(Default)" = "av.exe" /START "iexplore.exe"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center "AntiVirusOverride" = "1?HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center "FirewallOverride" = "1?HKEY..\..\..\..{RegistryKeys}HKEY_CLASSES_ROOT\.exe\shell\open\command "(Default)" = "av.exe" /START "%1? %*HKEY_CLASSES_ROOT\secfile\shell\open\command "(Default)" = "av.exe" /START "%1? %*

Additional Information on Infiltration Alert

  • The following messages's were detected:
    # Message
    1 Infiltration Alert!

    Your computer is being attacked by an Internet Virus. It could be a password-stealing attack, a trojan-dropper or similar.

    Details

    Attack from: 55.12.206.86
    Attacked port: 17781
    Threat: Virus

    Do you want WiniBlueSoft to block this attack?

Related Posts

Loading...