Privacy is at Risk! Pop up
"Privacy is at Risk!" Pop-up is a spoof system alert created by scareware Malware Cleaner. Like other scam software, MalwareCleaner uses popups like this "Privacy is at risk!" Popup to scare you into buying the full version of Malware Cleaner. This "Privacy is at risk!" Popup reads:
"Privacy is at risk! Attention, keylogging and intercepting scripts were detected. Your private data may be disclosed to third parties. Click here and Malware Cleaner will remove the infection."
File System Modifications
- The following files were created in the system:
# File Name 1 %UserProfile%\Desktop\Malware Cleaner.lnk 2 %UserProfile%\Start Menu\Malware Cleaner 3 %UserProfile%\Start Menu\Malware Cleaner\Malware Cleaner.lnk 4 %UserProfile%\Start Menu\Malware Cleaner\Uninstall.lnk 5 c:\Program Files\ChmDecompiler\upxbei.exe 6 c:\Program Files\Fiddler2\rkmvnwtq.dll 7 c:\Program Files\Grupxb 8 c:\Program Files\Grupxb\571613.exe 9 c:\Program Files\Grupxb\571613.exe.cfg 10 c:\Program Files\Internet Explorer\ojcveq.scr 11 c:\Program Files\Movie Maker\usjkeulr.com 12 c:\Program Files\NetMeeting\qornq.com 13 c:\Program Files\RRC\bcaumiqw.exe 14 c:\Program Files\Trend Micro\toiqqpd.scr 15 c:\Program Files\WinPcap\pidekwim.com 16 c:\WINDOWS\Config\wtgfuvbd.dll 17 c:\WINDOWS\Driver Cache\rndwvgl.com 18 c:\WINDOWS\ime\mysfoxc.exe 19 c:\WINDOWS\Microsoft.NET\peimbj.exe 20 c:\WINDOWS\network diagnostic\rkvxcdcn.com 21 c:\WINDOWS\Registration\wtadnnyj.scr 22 c:\WINDOWS\ServicePackFiles\gybdxtog.dll 23 c:\WINDOWS\system32\1033\kilkr.exe 24 c:\WINDOWS\system32\2052\pqsgeijl.scr 25 c:\WINDOWS\system32\CatRoot2\gappbmks.com 26 c:\WINDOWS\system32\drivers\lised.dll 27 c:\WINDOWS\system32\icsxml\lujogyl.scr 28 c:\WINDOWS\system32\mui\qrpsv.scr 29 c:\WINDOWS\system32\mwhbmksa.com 30 c:\WINDOWS\system32\ReinstallBackups\seedp.exe 31 c:\WINDOWS\system32\SoftwareDistribution\pxfdlcox.scr 32 c:\WINDOWS\system32\xircom\uysfwa.exe 33 c:\WINDOWS\WinSxS\heqsjbv.exe
Registry Modifications
- The following newly produced Registry Values are:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\..{RunKeys}HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "Malware Cleaner"HKEY_LOCAL_MACHINE\Software\[APPLICATION]\Microsoft\Windows\CurrentVersion\Uninstall..{Uninstaller}Malware Cleaner
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.