Warning! Potential Spyware Operation
"Warning! Potential Spyware Operation" popup is an annoying fake alert. Two variants of the "Warning! Potential Spyware Operation" popup exist with only slight differences. One has misspellings and the other is either mistyped or misspelled. Below are examples of the popup message:
"Trojan FakeAValert removal ensures that you remove "Warning! Potential Spyware Operation. Your computer is making unauthorized copies of your system and Internet files. Run full scan now to pervent any unathorised access to your files! Click YES to download spyware remover..."
and
"Warning! Potential Spyware Operation. Your computer is making unauthorized copies of your system and Internet files. run full scan now to prevent any unauthorised access to your files. Click here to download spyware remover"
The "Warning! Potential Spyware Operation" popup may slow down your PC. The purpose, as with most fake alert pop ups, is to convince you that your PC is infected with spyware and you need to purchase useless, needless programs. Don't be frightened by the "Warning! Potential Spyware Operation" popup and remove it IMMEDIATELY if your PC becomes infected.
File System Modifications
- The following files were created in the system:
# File Name 1 %System%\printer.exe 2 %System%\WinAvXX.exe
Registry Modifications
- The following newly produced Registry Values are:
HKEY..\..\..\..{Subkeys}HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\"EnableBalloonTips" = "1"HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\"WinAVX" = "%System%\WinAvXX.exe"HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\"DisableRegistryTools" = "1"HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\"DisableTaskMgr" = "1"HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\"Enable Browser Extensions" = "yes"HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\"Search Page" = "http://www.google.com"HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\"Search Page" = "http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\"Start Page" = "http://www.google.com/"HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\"NoControlPanel" = "1"HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\"NoWindowsUpdate" = "1"HKEY_CURRENT_USER\Software\Policies\Microsoft\windows\Windows Update\"NoAutoUpdate" = "1"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\"Default_Search_URL" = "http://www.google.com/ie"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\"Default_Search_URL" = "http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\"Search Page" = "http://www.google.com"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\"Search Page" = "http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\"Start Page" = "http://www.google.com"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\"Start Page" = "http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\"Shell" = "Explorer.exe %System%\printer.exe"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\"Shell" = "Explorer.exe"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\"EnableBalloonTips" = "1"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\InternetSettings\Zones\0\"1200" = "0"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\InternetSettings\Zones\0\"1201" = "0"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\InternetSettings\Zones\0\"1208" = "0"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\InternetSettings\Zones\0\"1608" = "0"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\InternetSettings\Zones\0\"1804" = "1"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\InternetSettings\Zones\0\"2500" = "3"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\InternetSettings\Zones\1\"1200" = "0"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\InternetSettings\Zones\1\"1201" = "0"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\InternetSettings\Zones\1\"1208" = "0"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\InternetSettings\Zones\1\"1608" = "0"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\InternetSettings\Zones\1\"1804" = "1"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\InternetSettings\Zones\1\"2500" = "3"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\InternetSettings\Zones\2\"1200" = "0"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\InternetSettings\Zones\2\"1201" = "0"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\InternetSettings\Zones\2\"1208" = "0"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\InternetSettings\Zones\2\"1608" = "0"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\InternetSettings\Zones\2\"1804" = "1"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\InternetSettings\Zones\2\"2500" = "3"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\InternetSettings\Zones\3\"1200" = "0"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\InternetSettings\Zones\3\"1201" = "0"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\InternetSettings\Zones\3\"1208" = "0"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\InternetSettings\Zones\3\"1608" = "0"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\InternetSettings\Zones\3\"1804" = "1"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\InternetSettings\Zones\3\"2500" = "3"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\InternetSettings\Zones\4\"1200" = "0"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\InternetSettings\Zones\4\"1201" = "0"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\InternetSettings\Zones\4\"1208" = "0"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\InternetSettings\Zones\4\"1608" = "0"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\InternetSettings\Zones\4\"1804" = "1"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\InternetSettings\Zones\4\"2500" = "3"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\"DisableRegistryTools" = "1"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\"DisableTaskMgr" = "1"HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\WindowsUpdate\AU\"NoAutoUpdate" = "1"HKEY..\..\..\..{RegistryKeys}HKEY_CLASSES_ROOT\.htm\"(Default Value)" = "htmlfile"HKEY_CLASSES_ROOT\.html\"(Default Value)" = "htmlfile"HKEY_CLASSES_ROOT\.shtml\"(Default Value)" = "htmlfile"HKEY_CLASSES_ROOT\.xht\"(Default Value)" = "htmlfile"HKEY_CLASSES_ROOT\.xhtml\"(Default Value)" = "htmlfile"HKEY_CLASSES_ROOT\HTTP\shell\open\command\: ""C:\Program Files\Internet Explorer\"iexplore.exe" = "%1"HKEY_CLASSES_ROOT\HTTP\shell\open\command\: ""C:\Program Files\Internet Explorer\"iexplore.exe" = "-nohome"HKEY_CLASSES_ROOT\gopher\shell\open\command\: ""C:\Program Files\Internet Explorer\"iexplore.exe" = "%1"HKEY_CLASSES_ROOT\gopher\shell\open\command\:""C:\Program Files\Internet Explorer\"iexplore.exe" = "-nohome"HKEY_CLASSES_ROOT\https\shell\open\command\: ""C:\Program Files\Internet Explorer\"iexplore.exe" = "%1"HKEY_CLASSES_ROOT\https\shell\open\command\: ""C:\Program Files\Internet Explorer\"iexplore.exe" = "-nohome"HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\%Windir%\system32\"winav.exe" = "%Windir%\system32\winav.exe:*:Enabled:@xpsp2res.dll,-22019"HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\%Windir%\system32\"winav.exe" = "%Windir%\system32\winav.exe:*:Enabled:@xpsp2res.dll,-22019"HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\%Windir%\system32\"winav.exe" = "%Windir%\system32\winav.exe:*:Enabled:@xpsp2res.dll,-22019"HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\%Windir%\system32\"winav.exe" = "%Windir%\system32\winav.exe:*:Enabled:@xpsp2res.dll,-22019"HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\%Windir%\system32\"winav.exe" = "%Windir%\system32\winav.exe:*:Enabled:@xpsp2res.dll,-22019"HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\%Windir%\system32\"winav.exe" = "%Windir%\system32\winav.exe:*:Enabled:@xpsp2res.dll,-22019"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\..{RunKeys}HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\"WinAVX" = "%System%\WinAvXX.exe"HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\"NoControlPanel" = "1"
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.