Recommendations Alert
The "Recommendations..." security alert that appears on your screen during web-surfing activities is part of the promotion strategy implemented by the new rogue anti-spyware application WiniBlueSoft. "Recommendations" alert is usually due to the Vundo trojans or unregistered version of WiniBlueSoft fake spyware remover that currently resides on your computer, exploiting your security settings without your informed consent. These recommendation alerts report false scans and infections on your PC in order to scare you into purchasing the WiniBlueSoft fake anti-spyware remover.
File System Modifications
- The following files were created in the system:
# File Name 1 %Documents and Settings%\All Users\Desktop\WiniBlueSoft.lnk 2 %Documents and Settings%\All Users\Start Menu\Programs\WiniBlueSoft 3 %Documents and Settings%\All Users\Start Menu\Programs\WiniBlueSoft\Homepage.lnk %Documents and Settings%\All Users\Start Menu\Programs\WiniBlueSoft\Uninstall.lnk 4 %Documents and Settings%\All Users\Start Menu\Programs\WiniBlueSoft\WiniBlueSoft.lnk 5 %Program Files%\WiniBlueSoft Software 6 %Program Files%\WiniBlueSoft Software\WiniBlueSoft 7 %Program Files%\WiniBlueSoft Software\WiniBlueSoft\always_skip.xml 8 %Program Files%\WiniBlueSoft Software\WiniBlueSoft\data.bin 9 %Program Files%\WiniBlueSoft Software\WiniBlueSoft\License.txt 10 %Program Files%\WiniBlueSoft Software\WiniBlueSoft\main_config.xml 11 %Program Files%\WiniBlueSoft Software\WiniBlueSoft\uninstall.exe 12 %Program Files%\WiniBlueSoft Software\WiniBlueSoft\WiniBlueSoft.exe 13 %WINDOWS%\102959roz2b45.ocx 14 %WINDOWS%\10325virusz955.ocx 15 %WINDOWS%\10355h9eat227z2.cpl 16 %WINDOWS%\111znot-a-v5rus998.dll 17 %WINDOWS%\115z1vi9us3e85.ocx 18 %WINDOWS%\11797tzoj595.dll 19 %WINDOWS%\1197addwaze16915.ocx 20 %WINDOWS%\127b95ief305z.ocx 21 %WINDOWS%\12946sz5mbot79c.dll 22 %WINDOWS%\129cvir1z58.dll 23 %WINDOWS%\12bbszy5ar91941.dll 24 %WINDOWS%\13323w95mz1b.ocx 25 %WINDOWS%\135zvir1929.cpl 26 %WINDOWS%\1393z5or9df.ocx 27 %WINDOWS%\13951spzmb9t5a2.exe 28 %WINDOWS%\14041hackt5zl99.exe 29 %WINDOWS%\system32\19199hackt5zl7a1.bin 30 %WINDOWS%\system32\19524spyze9.exe 31 %WINDOWS%\system32\19544spy6fbz.ocx 32 %WINDOWS%\system32\19945hzcktool65b.dll 33 %WINDOWS%\system32\19991not-a-v5rzs1c9.exe 34 %WINDOWS%\system32\19z43hacktoo965f.exe 35 %WINDOWS%\system32\1a59dow9lozder1735.ocx 36 %WINDOWS%\system32\1b20z9a5se2186.bin
Registry Modifications
- The following newly produced Registry Values are:
HKEY..\..\..\..{Subkeys}HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "setup2.exe"HKEY_CURRENT_USER\Software\WiniBlueSoftHKEY_LOCAL_MACHINE\SOFTWARE\WiniBlueSoftHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\..{RunKeys}HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "WiniBlueSoft"HKEY_LOCAL_MACHINE\Software\[APPLICATION]\Microsoft\Windows\CurrentVersion\Uninstall..{Uninstaller}WiniBlueSoft
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.