Home / malware

PDF

Win32/Winwebsec

First posted on 17 February 2012.
Source: Microsoft

Aliases :

Win32/Winwebsec is also known as Smart Protection 2012 (other), Adware/AntiSpywarePro2009 (Panda), Adware/UltimateCleaner (Panda), Adware/Xpantivirus2008 (Panda), AntiSpyware Pro 2009 (other), AntiVirus2008 (Symantec), FakeAlert-AntiSpywarePro (McAfee), FakeAlert-WinwebSecurity.gen (McAfee), Mal/FakeAV-AK (Sophos), MS Removal Tool (other), Security Tool (other), SecurityRisk.Downldr (Symantec), System Security (other), Security Shield (other), SecurityShieldFraud (Symantec), SystemSecurity2009 (other), Total Security (other), Troj/FakeVir-LB (Sophos), Trojan:Win32/Winwebsec (other), TrojanDropper:Win32/Winwebsec (other), W32/AntiVirus2008.AYO (Norman), Win32/Adware.SystemSecurity (ESET), Win32/Adware.WinWebSecurity (ESET), Winweb Security (other), Essential Cleaner (other), Personal Shield Pro (other), Security Sphere 2012 (other) more.

Explanation :

Rogue:Win32/Winwebsec is a family of programs that claims to scan for malware and display fake warnings of €œmalicious programs and viruses€. They then inform the user that they need to pay money to register the software in order to remove these non-existent threats. Win32/Winwebsec has been distributed with several different names. The user interface varies to reflect each variant's individual branding. Note: Reports of Rogue Antivirus programs have been more prevalent as of late. These are programs that generate misleading alerts and false detections in order to convince users to purchase illegitimate security software. Some of these programs, including Win32/Winwebsec, may display product names or logos in an apparently unlawful attempt to impersonate Microsoft products. To detect and remove this threat and other malicious software that may be installed on your computer, run a full-system scan with an appropriate, up-to-date, security solution. The following Microsoft products will detect and remove this threat:

• Microsoft Security Essentials
• Windows Defender
• Microsoft Safety Scanner
• Microsoft Windows Malicious Software Removal Tool

For more information on antivirus software, see http://www.microsoft.com/windows/antivirus-partners/.
Top

Rogue:Win32/Winwebsec is a family of programs that claims to scan for malware and displays fake warnings of €œmalicious programs and viruses€. They then inform the user that they need to pay money to register the software in order to remove these non-existent threats. This trojan may display a dialog that mimics the Windows Security Center. Some members of the Win32/Winwebsec family may also download additional malware and have been observed in the wild downloading variants of Worm:Win32/Swimnag, and Worm:Win32/Koobface. Rogue:Win32/Winwebsec has been distributed with many different names. The user interface and other details vary to reflect each variant's individual branding. These different distributions of the trojan use various installation methods, with filenames and system modifications that can differ from one variant to the next. Winwebsec distributions currently affecting users in the wild (October 2011):

• Security Sphere 2012
• Security Shield
• Personal Shield Pro

Winwebsec distributionsFor detailed information on the particular subvariants of this family, including their methods of installation and additional Payloads, please select the appropriate link from the list below: Branding/Name of distribution Example of brands Essential Cleaner MS Removal Tool Security Shield System Security Winweb Security Security Tool System Tool Personal Shield Pro Security Sphere 2012

Last update 17 February 2012

 

TOP