Winwebsec

Winwebsec is a category of malware that targets the users of Windows operating systems and produces fake claims as genuine anti-malware software, then demand payment to provide fixes to fictitious problems.

Winwebsec

These are programs that generate misleading alerts and false detections in order to convince users to purchase illegitimate security software. Some of these programs, including Win32/Winwebsec, may display product names or logos of some well known companies like Microsoft in an attempt to impersonate some genuine products of legitimate companies.[1][2][3]

The software shows popup that claim to scan for malware, and displays fake warnings similar to:

"32 Virus and Trojans Detected on your computer. Click on Fix Now button to clean these threats".

They then show a message to the user that they need to pay money to activate the software in order to remove these threats which actually doesn't exist. These malwares may display a dialog that looks similar to Windows Security Center or it may have names like Live Security Platinum [4] or Security Shield. The GUI varies from variant to variant.[5][6]

Variants

Removal

Some variants of this malware can be removed by using software and tools like McAfee Stinger or Microsoft Windows Malicious Software Removal Tool. Most variants of this malware prevents the user from accessing internet browsers and programs with names like chrome.exe, firefox.exe, iexplore.exe, opera.exe and safari.exe. Users infected with this virus may have to boot the computer into advanced boot options like safe mode to diagnose these virus variants. The continuously changing nature of these viruses makes it hard for security software to detect and remove them.

Annotation/Proposal: dismount the drive, install it in an external (USB) case and open the infected drive as external USB drive on another computer. Thus, all files on the infected drive can be viewed, deleted, etc. For security reasons, disable "autoplay" for this USB drive first.

Similar Articles

References

  1. "Beware of FAKE Anti Virus - Winwebsec". DiGiMan. Retrieved November 23, 2012.
  2. "Windows Live forum: TROJAN:Win32/Winwebsec-Looks like official Windows Security". Retrieved November 23, 2012.
  3. "Winwebsec". Retrieved November 23, 2012.
  4. "Rogue:Live Security Platinum". J.Phillips. Retrieved November 23, 2012.
  5. "Encyclopedia entry". 2011 Microsoft Corporation. Retrieved November 23, 2012.
  6. "Rogue:W32/Winwebsec". F-Secure Corporation. Retrieved November 23, 2012.
This article is issued from Wikipedia - version of the Monday, March 02, 2015. The text is available under the Creative Commons Attribution/Share Alike but additional terms may apply for the media files.