Trojan Detected! Popup
"Trojan Detected!" pop-up is a false security notification generated by rogue anti-spyware WinPC Antivirus. Basically, "Trojan Detected!" alert suggests to use WinPC Antivirus and remove detected trojan virus from the system. "Trojan Detected!" popup reads as follows:
"Trojan Detected!
A piece of malicious code was found in your system. It may replicate itself if no action is taken. Click here to have your system cleaned by WinPC Antivirus."
Unfortunately, if you click on the "Trojan Detected!" pop-up notification, you will automatically download fake spyware remover WinPC Antivirus, which will continue to flood your system with even more aggressive alerts about various infections and security problems.
File System Modifications
- The following files were created in the system:
# File Name 1 %ProgramFiles%\WinPC Antivirus\data.dat 2 %ProgramFiles%\WinPC Antivirus\FwHookDrv.sys 3 %ProgramFiles%\WinPC Antivirus\HOSTS.hst 4 %ProgramFiles%\WinPC Antivirus\Manual.url 5 %ProgramFiles%\WinPC Antivirus\options.xml 6 %ProgramFiles%\WinPC Antivirus\reserve.dat 7 %ProgramFiles%\WinPC Antivirus\rules 8 %ProgramFiles%\WinPC Antivirus\Rules.txt 9 %ProgramFiles%\WinPC Antivirus\siren.wav 10 %ProgramFiles%\WinPC Antivirus\Support.url 11 %ProgramFiles%\WinPC Antivirus\svo.scf 12 %ProgramFiles%\WinPC Antivirus\temp 13 %ProgramFiles%\WinPC Antivirus\vfile 14 %ProgramFiles%\WinPC Antivirus\Web.url 15 %UserProfile%\Desktop\Launch WinPC Antivirus.lnk 16 %UserProfile%\Local Settings\Temp\[Random Name].tmp 17 %UserProfile%\Local Settings\Temp\delwdef2008.bat 18 %UserProfile%\Start Menu\WinPC Antivirus.LNK
Registry Modifications
- The following newly produced Registry Values are:
HKEY..\..\..\..{Subkeys}HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "sysav"HKEY_CURRENT_USER\Software\WinPC AntivirusHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center "AntiVirusDisableNotify" => 1HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center "FirewallDisableNotify" => 1HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center "UpdatesDisableNotify" => 1HKEY_LOCAL_MACHINE\SOFTWARE\WinPCAntivirus.comHKEY..\..\..\..{RegistryKeys}HKEY_CURRENT_USER\Control Panel\don't load "scui.cpl"HKEY_CURRENT_USER\Control Panel\don't load "wscui.cpl"HKEY_LOCAL_MACHINE\Software\[APPLICATION]\Microsoft\Windows\CurrentVersion\Uninstall..{Uninstaller}WinPCAntivirus
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.