Spyware Object Detected! Popup
"Spyware object detected!" Popup is a fake warning from scareware WiniBlueSoft. This "Spyware object detected!" Popup reads:
"Spyware object detected! You are recommended to scan the whole system and remove all suspicious objects. Detected threat: Cookie: DoubleClick."
If you follow this "Spyware object detected!" Popup's prompts to block DoubleClick cookie, you'll end up buying WiniBlueSoft.
File System Modifications
- The following files were created in the system:
# File Name 1 c:\Documents and Settings\All Users\Desktop\WiniBlueSoft.lnk 2 c:\Documents and Settings\All Users\Start Menu\Programs\WiniBlueSoft 3 c:\Documents and Settings\All Users\Start Menu\Programs\WiniBlueSoft\Homepage.lnk 4 c:\Documents and Settings\All Users\Start Menu\Programs\WiniBlueSoft\Uninstall.lnk 5 c:\Documents and Settings\All Users\Start Menu\Programs\WiniBlueSoft\WiniBlueSoft.lnk 6 c:\Program Files\WiniBlueSoft Software 7 c:\Program Files\WiniBlueSoft Software\WiniBlueSoft 8 c:\Program Files\WiniBlueSoft Software\WiniBlueSoft\always_skip.xml 9 c:\Program Files\WiniBlueSoft Software\WiniBlueSoft\data.bin 10 c:\Program Files\WiniBlueSoft Software\WiniBlueSoft\License.txt 11 c:\Program Files\WiniBlueSoft Software\WiniBlueSoft\main_config.xml 12 c:\Program Files\WiniBlueSoft Software\WiniBlueSoft\uninstall.exe 13 c:\Program Files\WiniBlueSoft Software\WiniBlueSoft\WiniBlueSoft.exe 14 c:\WINDOWS\102959roz2b45.ocx 15 c:\WINDOWS\10325virusz955.ocx 16 c:\WINDOWS\10355h9eat227z2.cpl 17 c:\WINDOWS\111znot-a-v5rus998.dll 18 c:\WINDOWS\115z1vi9us3e85.ocx 19 c:\WINDOWS\11797tzoj595.dll 20 c:\WINDOWS\1197addwaze16915.ocx 21 c:\WINDOWS\127b95ief305z.ocx 22 c:\WINDOWS\12946sz5mbot79c.dll 23 c:\WINDOWS\129cvir1z58.dll 24 c:\WINDOWS\12bbszy5ar91941.dll 25 c:\WINDOWS\13323w95mz1b.ocx 26 c:\WINDOWS\135zvir1929.cpl 27 c:\WINDOWS\1393z5or9df.ocx 28 c:\WINDOWS\system32\19199hackt5zl7a1.bin 29 c:\WINDOWS\system32\19544spy6fbz.ocx 30 c:\WINDOWS\system32\19945hzcktool65b.dll 31 c:\WINDOWS\system32\1a59dow9lozder1735.ocx 32 c:\WINDOWS\system32\1b20z9a5se2186.bin
Registry Modifications
- The following newly produced Registry Values are:
HKEY..\..\..\..{Subkeys}HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "setup2.exe"HKEY_CURRENT_USER\Software\WiniBlueSoftHKEY_LOCAL_MACHINE\SOFTWARE\WiniBlueSoftHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\..{RunKeys}HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "WiniBlueSoft"HKEY_LOCAL_MACHINE\Software\[APPLICATION]\Microsoft\Windows\CurrentVersion\Uninstall..{Uninstaller}WiniBlueSoft
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.