Warning Wallpaper
"Warning!" Wallpaper is a symptom of being infected with fake spyware remover WinBlueSoft. This desktop "Warning!" wallpaper is created by WinBlueSoft to trick you into purchasing this rogue anti-spyware application, and reads as follows:
"Warning! You’re in danger! Your computer is infected with Spyware! All you do with computers is stored forever in your hard disk. When you visit sites, send emails... All your actions are logged. And it is impossible to remove them with standard tools. Your data is still available for forensics. And in some cases for your boss, your friends, your wife, your children. Every site you or somebody or even something, like spyware, opened in the browsers, with all the images, and all the downloaded and maybe later removed movies or mp3 songs - ARE STILL THERE and could break your life! Secure yourself right now! Remove all Spyware from your PC!"
WinBlueSoft creates other fake warnings, such as popups, spoof system alerts, etc., to scare you into thinking you’ve got spyware.
File System Modifications
- The following files were created in the system:
# File Name 1 c:\Documents and Settings\All Users\Desktop\WinBlueSoft.lnk 2 c:\Documents and Settings\All Users\Start Menu\Programs\WinBlueSoft 3 c:\Documents and Settings\All Users\Start Menu\Programs\WinBlueSoft\1 WinBlueSoft.lnk 4 c:\Documents and Settings\All Users\Start Menu\Programs\WinBlueSoft\2 Homepage.lnk 5 c:\Documents and Settings\All Users\Start Menu\Programs\WinBlueSoft\3 Uninstall.lnk 6 c:\Program Files\WinBlueSoft Software 7 c:\Program Files\WinBlueSoft Software\WinBlueSoft 8 c:\Program Files\WinBlueSoft Software\WinBlueSoft\data.bin 9 c:\Program Files\WinBlueSoft Software\WinBlueSoft\license.txt 10 c:\Program Files\WinBlueSoft Software\WinBlueSoft\uninstall.exe 11 c:\Program Files\WinBlueSoft Software\WinBlueSoft\WinBlueSoft.exe 12 C:\Windows\System32\blocker.dll
Registry Modifications
- The following newly produced Registry Values are:
HKEY..\..\..\..{Subkeys}HKEY_CURRENT_USER\Software\WinBlueSoftHKEY_LOCAL_MACHINE\SOFTWARE\WinBlueSoftHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\..{RunKeys}HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "WinBlueSoft"HKEY_LOCAL_MACHINE\Software\[APPLICATION]\Microsoft\Windows\CurrentVersion\Uninstall..{Uninstaller}WinBlueSoft
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.