Trojan.Winwebsec

Posted: September 10, 2009

Threat Metric

The Threat Meter is a malware assessment that SpywareRemove.com's research team is able to give every identifiable malware threat. Our Threat Meter includes several criteria based off of specific malware threats to value their severity, reach and volume. The Threat Meter is able to give you a numerical breakdown of each threat's initial Threat Level, Detection Count, Volume Count, Trend Path and Percentage Impact. The overall ranking of each threat in the Threat Meter is a basic breakdown of how all threats are ranked within our own extensive malware database. The scoring for each specific malware threat can be easily compared to other emerging threats to draw a contrast in its particular severity. The Threat Meter is a useful tool in the endeavor of seeking a solution to remove a threat or pursue additional analytical research for all types of computer users.

The following fields listed on the Threat Meter containing a specific value, are explained in detail below:

Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.

Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.

Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.

Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.

% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.

Threat Level:	9/10
Infected PCs:	105

First Seen:	July 24, 2009
OS(es) Affected:	Windows

Trojan.Winwebsec is a generic detection for malicious software that bears the trademark characteristics of scamware from the Trojan.Winwebsec family – including fake infection alerts, attempts to block unrelated programs and the presence of one of various brands of fake security programs. Variants of Trojan.Winwebsec can present different names, including brand names that imply that they're anti-adware scanners, file cleaners or general anti-malware products, but underneath their different names, all Trojan.Winwebsec-based PC threats are fraudulent security programs that should be considered hostile to your computer. Under normal circumstances, SpywareRemove.com malware researchers also advise you to attempt to disable Trojan.Winwebsec before you delete Trojan.Winwebsecin an anti-malware scan, since an active Trojan.Winwebsec infection is likely to block your real security and anti-malware products.

The Bad Intel That's Lurking Inside a Trojan.Winwebsec Trojan Horse

Trojan.Winwebsec-based scamware may lack any genuine security functions, but their interfaces, as per the norm for rogue security products, will do their level best at convincing you otherwise. All variants of Trojan.Winwebsec are capable of creating a variety of different pop-up alerts with fraudulent security information, such as announcements about nonexistent infections (including specific types of high-level PC threats) or claiming that an undamaged file has been corrupted. These pop-ups are supported by equally fraudulent taskbar notifications and system scans that will always list a wide range of infections on your computer. Of course, since these alerts are all false positives, you should do your best to avoid giving any credence to a Trojan.Winwebsec program's security information or scanner results.

This information has only one purpose: to mislead you into spending money on whatever Trojan.Winwebsec's variant of Winwebsec scamware may be, such as Security Shield, Antispyware Pro 2009, Winweb Security, Security Sphere 2012, Smart Fortress 2012 or Essential Cleaner. SpywareRemove.com malware research team particularly advises against spending money on any type of fake security software from the Winwebsec family, since this will waste your money and open a potential avenue for future attacks against your financial accounts.

Busting Past Trojan.Winwebsec's Software Barrier

Fake security diagnostics are the primary symptoms of a Trojan.Winwebsec infection but aren't its only symptoms. Unfortunately, many Trojan.Winwebsec attacks have also included software-blocking functions, which SpywareRemove.com malware experts have noted to extend to almost all applications, including security and anti-malware tools. A standard Trojan.Winwebsec infection will still allow you to access some web browser and various programs that are necessary for Windows to function, but other than that small saving grace, other applications are likely to be blocked by fake infection warnings. Accordingly, you'll need to disable Trojan.Winwebsec before you can run an anti-malware scan to delete Trojan.Winwebsec properly.

Easily accessible means of shutting Trojan.Winwebsec down include booting your operating system from a non-compromised source (such as a USB drive or networked drive) or switching Windows to Safe Mode. As Trojan.Winwebsec is a Windows-specific PC threat, non-Windows operating systems can be considered effectively immune to Trojan.Winwebsec infections, although SpywareRemove.com malware researchers note that they may still suffer from attacks by similar types of rogue security programs.

Aliases

PAK_Generic.001 [TrendMicro]Trojan.Gen [Symantec]Troj/FakeAV-BGN [Sophos]a variant of Win32/Adware.LiveEnterpriseSuite.AA [NOD32]Trojan:Win32/InternetAntivirus [Microsoft]Generic FakeAlert!hk [McAfee]Trojan.Win32.FakeAV.ml [Kaspersky]Trojan.Win32.FakeAV [Ikarus]W32/FakeAlert.ML!tr [Fortinet]Trojan.Siggen1.25665 [DrWeb]Trojan.FakeAV.mm [CAT-QuickHeal]Trojan.Generic.KD.9916 [BitDefender]FakeAV.BJV [AVG]Trojan/Win32.FakeAV.gen [Antiy-AVL]TR/FakeAV.ML [AntiVir]
More aliases (267)

Technical Details

File System Modifications

Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.

The following files were created in the system:

%ALLUSERSPROFILE%\Anwendungsdaten\75193227\75193227.exe

File name: 75193227.exe
Size: 1.19 MB (1197568 bytes)
MD5: 4caa6cb6a180cedf69565732e1a9252c
Detection count: 92
File type: Executable File
Mime Type: unknown/exe
Path: %ALLUSERSPROFILE%\Anwendungsdaten\75193227
Group: Malware file
Last Updated: December 9, 2010

%ALLUSERSPROFILE%\Anwendungsdaten\08377530\08377530.exe

File name: 08377530.exe
Size: 1 MB (1001488 bytes)
MD5: 9ffa1916b694dd043dc8ec8c5606debd
Detection count: 92
File type: Executable File
Mime Type: unknown/exe
Path: %ALLUSERSPROFILE%\Anwendungsdaten\08377530
Group: Malware file
Last Updated: December 8, 2010

%ALLUSERSPROFILE%\Anwendungsdaten\81397432\81397432.exe

File name: 81397432.exe
Size: 834.56 KB (834560 bytes)
MD5: 9afd011c3bc71b0f547f2cf7c703e32c
Detection count: 80
File type: Executable File
Mime Type: unknown/exe
Path: %ALLUSERSPROFILE%\Anwendungsdaten\81397432
Group: Malware file
Last Updated: December 8, 2010

%ALLUSERSPROFILE%\Dati applicazioni\05002310\05002310.exe

File name: 05002310.exe
Size: 1.02 MB (1029120 bytes)
MD5: 79d6b9ab23bb010bd06b5f3f8e292193
Detection count: 71
File type: Executable File
Mime Type: unknown/exe
Path: %ALLUSERSPROFILE%\Dati applicazioni\05002310
Group: Malware file
Last Updated: December 8, 2010

%ALLUSERSPROFILE%\Anwendungsdaten\77302322\77302322.exe

File name: 77302322.exe
Size: 1.13 MB (1136640 bytes)
MD5: a5988384beea1aadaaae337e4f2be7b7
Detection count: 71
File type: Executable File
Mime Type: unknown/exe
Path: %ALLUSERSPROFILE%\Anwendungsdaten\77302322
Group: Malware file
Last Updated: December 7, 2010

%ALLUSERSPROFILE%\Anwendungsdaten\99199340\99199340.exe

File name: 99199340.exe
Size: 1.16 MB (1162752 bytes)
MD5: 81dc0ca129779dbe3c083e98fe3c046c
Detection count: 70
File type: Executable File
Mime Type: unknown/exe
Path: %ALLUSERSPROFILE%\Anwendungsdaten\99199340
Group: Malware file
Last Updated: December 8, 2010

%LOCALAPPDATA%\101586.exe

File name: 101586.exe
Size: 1.18 MB (1188352 bytes)
MD5: 862abc560711b33a1244e9d16e547740
Detection count: 54
File type: Executable File
Mime Type: unknown/exe
Path: %LOCALAPPDATA%
Group: Malware file
Last Updated: December 9, 2010

%ALLUSERSPROFILE%\Anwendungsdaten\04545624\04545624.exe

File name: 04545624.exe
Size: 1.05 MB (1057280 bytes)
MD5: 767127360bab6a3ee6259525edbfc404
Detection count: 51
File type: Executable File
Mime Type: unknown/exe
Path: %ALLUSERSPROFILE%\Anwendungsdaten\04545624
Group: Malware file
Last Updated: December 7, 2010

%ALLUSERSPROFILE%\Anwendungsdaten\13431618\13431618.exe

File name: 13431618.exe
Size: 1.16 MB (1163264 bytes)
MD5: 4d16083c233ea72aacefec71152a9a40
Detection count: 41
File type: Executable File
Mime Type: unknown/exe
Path: %ALLUSERSPROFILE%\Anwendungsdaten\13431618
Group: Malware file
Last Updated: December 8, 2010

%LOCALAPPDATA%\96249081.exe

File name: 96249081.exe
Size: 1.02 MB (1028608 bytes)
MD5: 48b36e1c1840a1e67a2aa19f8fdf9724
Detection count: 41
File type: Executable File
Mime Type: unknown/exe
Path: %LOCALAPPDATA%
Group: Malware file
Last Updated: December 8, 2010

%ALLUSERSPROFILE%\Anwendungsdaten\50770726\50770726.exe

File name: 50770726.exe
Size: 1.16 MB (1163264 bytes)
MD5: 0bc8bea0eda3e2601c87a9ef684a2fc4
Detection count: 40
File type: Executable File
Mime Type: unknown/exe
Path: %ALLUSERSPROFILE%\Anwendungsdaten\50770726
Group: Malware file
Last Updated: December 8, 2010

%ALLUSERSPROFILE%\Dati applicazioni\20933320\20933320.exe

File name: 20933320.exe
Size: 834.56 KB (834560 bytes)
MD5: 7555efa4f743c988f59de9bc3967c3ff
Detection count: 35
File type: Executable File
Mime Type: unknown/exe
Path: %ALLUSERSPROFILE%\Dati applicazioni\20933320
Group: Malware file
Last Updated: December 7, 2010

%ALLUSERSPROFILE%\Anwendungsdaten\97384940\97384940.exe

File name: 97384940.exe
Size: 834.04 KB (834048 bytes)
MD5: 3be6e4ed81f8ff0d00037855f6310ad5
Detection count: 21
File type: Executable File
Mime Type: unknown/exe
Path: %ALLUSERSPROFILE%\Anwendungsdaten\97384940
Group: Malware file
Last Updated: December 8, 2010

%ALLUSERSPROFILE%\Dados de aplicativos\11170313\11170313.exe

File name: 11170313.exe
Size: 1.17 MB (1176064 bytes)
MD5: 1b00a182149c49f05c384f8f805de78d
Detection count: 9
File type: Executable File
Mime Type: unknown/exe
Path: %ALLUSERSPROFILE%\Dados de aplicativos\11170313
Group: Malware file
Last Updated: December 7, 2010

%ALLUSERSPROFILE%\Anwendungsdaten\98726638\98726638.exe

File name: 98726638.exe
Size: 1 MB (1007616 bytes)
MD5: 9562378527087e0e0a4d1127d0d86306
Detection count: 7
File type: Executable File
Mime Type: unknown/exe
Path: %ALLUSERSPROFILE%\Anwendungsdaten\98726638
Group: Malware file
Last Updated: December 8, 2010

%LOCALAPPDATA%\8704148678.exe

File name: 8704148678.exe
Size: 1.19 MB (1190400 bytes)
MD5: 98a35d317e3547de26f95e1e0c2d8e25
Detection count: 7
File type: Executable File
Mime Type: unknown/exe
Path: %LOCALAPPDATA%
Group: Malware file
Last Updated: December 8, 2010

%LOCALAPPDATA%\60841332.exe

File name: 60841332.exe
Size: 1.19 MB (1199104 bytes)
MD5: ac771adac04e00ee190e167ffa08cbce
Detection count: 5
File type: Executable File
Mime Type: unknown/exe
Path: %LOCALAPPDATA%
Group: Malware file
Last Updated: December 7, 2010

%USERPROFILE%\Local Settings\Application Data\675497059.exe

File name: 675497059.exe
Size: 1.16 MB (1164800 bytes)
MD5: fc27d8db3dd1e0e0bdf1c60d77e7ad12
Detection count: 5
File type: Executable File
Mime Type: unknown/exe
Path: %USERPROFILE%\Local Settings\Application Data
Group: Malware file
Last Updated: December 7, 2010

%LOCALAPPDATA%\9919828445.exe

File name: 9919828445.exe
Size: 1.18 MB (1181696 bytes)
MD5: 24959bd224b3394e6df66a7bec3f0229
Detection count: 5
File type: Executable File
Mime Type: unknown/exe
Path: %LOCALAPPDATA%
Group: Malware file
Last Updated: December 7, 2010

%LOCALAPPDATA%\973162.exe

File name: 973162.exe
Size: 1.19 MB (1193984 bytes)
MD5: 0b7fb3de00de9e4aeb0a766605822601
Detection count: 4
File type: Executable File
Mime Type: unknown/exe
Path: %LOCALAPPDATA%
Group: Malware file
Last Updated: December 7, 2010

More files