Security Scanner

Posted: February 12, 2012
Threat Metric
Threat Level: 10/10
Infected PCs 35

Security Scanner Description

Security Scanner Screenshot 1Security Scanner is a member of the Win32/Winwebsec group of rogue security and anti-spyware scanners, and like others in its group, attempts to swindle victims of their money by creating fake alerts and then requesting you to spend money on its full version as a solution. Due to its focus on web browser redirects to its website, fraudulent system scans and other forms of misinformation, Security Scanner is a threat to your PC, but rogue security programs from its family have also been known to install or be installed by other Trojans that can include more damaging functions than Security Scanner's own feature set. However, no matter whether Security Scanner is by itself or accompanied by other PC threats, SpywareRemove.com malware experts recommend that you delete Security Scanner by analyzing your computer with an anti-malware product, preferably one that's been given all available updates to insure the maximum chance of identifying Security Scanner and related Trojans.

The Urgency of Catching Security Scanner in Your Real Anti-Malware Scans

Although its appearance has had minor changes to increase its level of polish, Security Scanner can still be identified as a questionable product due to its grammatically incorrect tag line of 'Protect your PC on new level'. Security Scanner belongs to the WinWeb Security subgroup of scamware and is a copy of Antivirus Security, System Security, AntiSpyware Pro 2009, Total Security, Total Security 2009, Security Tool, Trojan.RogueAV.a.gen, System Adware Scanner 2010, FakeAlert-KW.e, Advanced Security Tool 2010, System Tool 2011, MS Removal Tool, Antivirus Center, Security Shield, Personal Shield Pro, Advanced PC Shield 2012, Security Sphere 2012 and Futurro Antivirus. This minor slip in Security Scanner's aesthetics is only scratching the surface of Security Scanner's fraudulent nature; however, as SpywareRemove.com malware researchers have also noted Security Scanner's tendencies to launch fake system scans, enable its own startup without permission and create fraudulent warning messages.

Along with browser redirects to Security Scanner's site, these features are used to promote Security Scanner's fake security features in the hope that you'll spend money to remove these errors. However, since errors from Security Scanner are fake and unlinked to your computer's real health, it's not recommended that you buy a registered version of Security Scanner. Web browser redirects may be preventable by altering your LAN settings to avoid usage of proxy servers, but this should be considered to be just a stopgap measure prior to proper removal of Security Scanner.

Walking Through the Links of a Security Scanner Infection Attack

Rogue security scanners from Security Scanner's family, such as Security Shield, Windows Secure Kit 2011, Security Tool, Personal Shield Pro, Security Sphere 2012> and Essential Cleaner occasionally may include the ability to download and install other PC threats, including Trojans or worms. More often than this, however, Security Scanner and its cousins are themselves installed by Trojans (such as TROJ_DOFOIL.GE) that infect new computers via spam e-mail messages or via web redirects. Other PC threats that have been associated with Security Scanner's family include Mal/FakeAV-PY, Mal/SEORed-A, Trojan.Win32.FraudST.at and the ''FDIC notification' phishing email.

Accordingly, SpywareRemove.com malware analysts recommend the following means of avoid infection by Security Scanner:

  • Using a secure web browser with high safety settings to minimize malicious redirects and drive-by-downloads.
  • Avoiding links and file attachments from unusual e-mail messages, especially messages that appear to be similar to known types of mass-mailed e-mail hoaxes.
  • Keeping anti-malware software accessible and updated for detection and prevention of Security Scanner-related attacks as they happen.

Why Can't I Open Any Program Including SpyHunter?

Security Scanner blocks legitimate Windows programs from executing and Internet access. Here are two ways to download and install SpyHunter:

Option #1

  • Once Security Scanner's fake scan is complete, click the 'Remove' link, then click 'Yes, activate Security Scanner' and Security Scanner's purchase page will load.
  • On Security Scanner's purchase page, click anywhere on the page to make it active, press Ctrl+N, a new browser window will open and you'll gain access to the Internet.
  • Then, click here to download SpyHunter's malware scanner.

Option #2

  • Download SpyHunter's malware scanner from a clean computer, copy it to a USB thumb drive, DVD or CD.
  • Then, use the SpyHunter copied version to install SpyHunter on the infected PC and run SpyHunter's malware scanner.

Security Scanner Automatic Detection Tool (Recommended)

Is your PC infected with Security Scanner? To safely & quickly detect Security Scanner, we highly recommend you...



Security Scanner Screenshot 2Security Scanner Screenshot 3Security Scanner Screenshot 4Security Scanner Screenshot 5Security Scanner Screenshot 6Security Scanner Screenshot 7Security Scanner Screenshot 8

Use SpyHunter to Detect and Remove PC Threats

If you are concerned that malware or PC threats similar to Security Scanner may have infected your computer, we recommend you start an in-depth system scan with SpyHunter. SpyHunter is an advanced malware protection and remediation application that offers subscribers a comprehensive method for protecting PCs from malware, in addition to providing one-on-one technical support service.

Download SpyHunter's Malware Scanner

Note: SpyHunter's free version is only for malware detection. If SpyHunter detects malware on your PC, you will need to purchase SpyHunter's malware tool to remove the malware threats. Learn more on SpyHunter. If you would like to uninstall SpyHunter for any reason, please follow these uninstall instructions. To learn more about our policies and practices, visit our EULA, Privacy Policy and Threat Assessment Criteria.

Why can't I open any program including SpyHunter? You may have a malware file running in memory that kills any programs that you try to launch on your PC. Tip: Download SpyHunter from a clean computer, copy it to a USB thumb drive, DVD or CD, then install it on the infected PC and run SpyHunter's malware scanner.

Technical Details

File System Modifications

Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.

The following files were created in the system:



%UserProfile%\Local Settings\Application Data\cnydsbbiy.exe File name: cnydsbbiy.exe
Size: 424.44 KB (424448 bytes)
MD5: d0deb2644c9435ea701e88537787ea6e
Detection count: 14
File type: Executable File
Mime Type: unknown/exe
Path: %UserProfile%\Local Settings\Application Data\
Group: Malware file
Last Updated: April 1, 2020
%LocalAppData%\[RANDOM CHARACTERS].exe File name: %LocalAppData%\[RANDOM CHARACTERS].exe
File type: Executable File
Mime Type: unknown/exe
Group: Malware file

Registry Modifications


The following newly produced Registry Values are:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\..{RunKeys}HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce "[RANDOM CHARACTERS]"

Additional Information

The following messages's were detected:
# Message
1Security Scanner Warning
Harmful software have been detected at your PC.
Click here to deactivate it.
2Security Scanner Warning
Security Scanner has found viruses at your system.
We highly recommend to get license for Security Scanner to remove harmful software now.
3Security Scanner Warning
Spyware.IEMonster process is found. This is virus that is trying to send your passwords from Internet browser (Explorer, Mozilla Firefox, Outlook & others) for the third-parties.
Click here to protect your data with Security Scanner.
4Warning message from Internet browser. This page under virus attack. This may crash your system.
This may be caused by:
  • Virus content founded at this site trying to install its components.
  • Malicious & unknown network processes are determined.
  • Your system is under virus attack.
  • Negative references from other citizens concerning this web page.
  • Your system ports and backdoors have been checked by visited page for external access.
Recommendations:
  • Obtain a license of "Security Scanner" to protect your PC for the safest browsing Internet pages (desirable)
  • Launch spyware, virus and malware scanning process.
  • Keep browsing
5winword.exe is infected with Backdoor:Win32/Samsteal.A.dr.
Do you want to register your copy and remove all threats now?

Related Posts

2 Comments

Leave a Reply

Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter. If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.