Spyware Activity Alert Popup
Spyware Activity Alert is a fake security notification brought to you by the fake spyware remover AntivirusBEST, in order to trick people into purchasing the rogue software. The Spyware Activity Alert popup reads as follows:
"Spyware activity alert! Spyware.IMonster activity detected! It is spyware that attempts to steal passwords from Internet Explorer, Mozilla Firefox, Outlook and other programs, including logins and passwords from online banking sessions, eBay, PayPal."
This false security warning is nothing more than a scare tactic, implemented to fool you into purchasing AntivirusBEST in order to combat these non-existent threats.
File System Modifications
- The following files were created in the system:
# File Name 1 abest.exe 2 c:\documents and settings\All Users\Application Data\AB\ABEST.CAB 3 c:\Documents and Settings\All Users\Application Data\AB\abest.exe 4 c:\Documents and Settings\All Users\Application Data\AB\Installer.exe 5 c:\Documents and Settings\All Users\Application Data\AB\QWProtect.dll 6 c:\documents and settings\All Users\Application Data\AB\svchost.exe 7 c:\documents and settings\all users\Desktop\AntivirusBEST.lnk 8 c:\documents and settings\All Users\Start Menu\Programs\AntiVirusBEST 9 c:\documents and settings\all users\start menu\Programs\antivirusbest\AntivirusBEST.lnk 10 c:\documents and settings\all users\start menu\Programs\antivirusbest\Uninstall.lnk 11 installer.exe 12 qwprotect.dll 13 qwprotect.dllx 14 svchost.exe
Registry Modifications
- The following newly produced Registry Values are:
HKEY..\..\..\..{Subkeys}HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{44b2c9f5-608d-46de-82e1-26c5bcb85193}HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{44b2c9f5-608d-46de-82e1-26c5bcb85193}HKEY..\..\..\..{RegistryKeys}HKEY_CLASSES_ROOT\AppID\QWProtect.dllHKEY_CLASSES_ROOT\AppID\{296a8a7f-b5ac-4789-9b33-f32c2f9a6abd}HKEY_CLASSES_ROOT\CLSID\{44b2c9f5-608d-46de-82e1-26c5bcb85193}HKEY_CLASSES_ROOT\Interface\{296a8a7f-b5ac-4789-9b33-f32c2f9a6abd}HKEY_CLASSES_ROOT\TypeLib\{684a7904-2593-4bbe-a90e-cdaf2ac606ae}HKEY_CLASSES_ROOT\qwprotect.qwprotectbhoHKEY_CLASSES_ROOT\qwprotect.qwprotectbho.1
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.