WinPC Antivirus Firewall Warning
"WinPC Antivirus Firewall" Warning is one of several fabricated security alerts generated by WinPC Antivirus. This fake antivirus reports nonexistent problems to trick people into purchasing the program. The "WinPC Antivirus Firewall" Warning message reads as follows:
"FIREWALL WARNING
Hidden file transfer to remote host was detected
WinPC Anrivirus has detected that somebody is trying to transfer your private data via Internet. We strongly recommend you to block the attack immediately.
Details of the attack
Remote host transfer IP: 97.216.34.74
Remote user computer name: FORENSICS
User E-mail:
IP-adress:
Blocking is recommended [Block attack] [Allow]"
"WinPC Antivirus Firewall" Warning is a clear symptom of Win PC Antivirus residing on a computer. Remove WinPCAntivirus in order to remove pop-ups such as Win PC Antivirus Firewall Warning.
File System Modifications
- The following files were created in the system:
# File Name 1 %UserProfile%\Application Data\pcantivirus.exe 2 %UserProfile%\Desktop\WinPC Antivirus.LNK 3 %UserProfile%\Start Menu\WinPC Antivirus.LNK 4 C:\Documents and Settings\All Users\Ta1HnnaIasEcfgF.exe 5 c:\WINDOWS\ieocx.dll
Registry Modifications
- The following newly produced Registry Values are:
HKEY..\..\..\..{Subkeys}HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "sysav"HKEY_CURRENT_USER\Software\WinPC AntivirusHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{96ad72e4-2e2b-4ffc-a5bb-279c2714af12}HKEY..\..\..\..{RegistryKeys}HKEY_CLASSES_ROOT\CLSID\{96ad72e4-2e2b-4ffc-a5bb-279c2714af12}HKEY_CLASSES_ROOT\IEocxApp.IEocxHKEY_CLASSES_ROOT\IEocxApp.IEocx.1HKEY_CLASSES_ROOT\Interface\{4B66E1DF-4DE3-4CDA-83B5-11673EADAB0B}HKEY_CLASSES_ROOT\Interface\{9692BE2F-EB8F-49D9-A11C-C24C1EF734D5}HKEY_CLASSES_ROOT\TypeLib\{A54DC52D-7AAD-4D40-A126-337211631EDC}HKEY_CURRENT_USER\Control Panel\don't load "scui.cpl"HKEY_CURRENT_USER\Control Panel\don't load "wscui.cpl"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\..{RunKeys}HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run "Content"
Additional Information on WinPC Antivirus Firewall Warning
- The following domains were detected:
# Domain 1 winpc-antivirus.com 2 winpc-antivirus09.com 3 winpc-antivirus2009.com 4 win-pc-antivirus2009.com 5 winpcantivirus2010.com
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.