Wednesday 4 July 2012

Windows Web Commander hoax to avoid

Windows Web Commander is just the next malicios product that pretends to be legit and genuine security tool to defraud computer users. When this pest sneaks to your computer, it displays fake alert about virus detection, which aims to scare you into believing that your computer is infected with malwares, Trojans or worms. If you follow the onscreen instructions to delete the threats, you are required to purchase the full version of Windows Interactive Security. That is the real essence behind the legit looking prompt. And you cannot just simply turn it off, for the window keeps popping up. What is more, apart from the annoying pop-up, Windows Interactive Security is also able to invite more threats to the victim computer, which will definitely lead to severe damage of the system, such as unexpected files deletion, Internet blocking and even loss access to the system. And additionally, Windows Web Commander installs into the computer without the confirmation of the users and configures itself to start automatically when windows boot. We hope this piece of information we help you to make the correct decision regard this software and immediately start removing this hoax. The easy and effective removal is available for you by means of Loaris Trojan Remover.


3. Files

In the process of the installation, Windows Web Commander copies the following files to the hard disk.

Protector-[rnd].exe in %AppData% folder

4. System registry

Windows Web Commander creates the following registry entries:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\
Inspector = %AppData%\Protector-[random].exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\a.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\aAvgApi.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AAWTray.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\About.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ackwin32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\Ad-Aware.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\adaware.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\advxdwin.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AdwarePrj.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\agent.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\agentsvr.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\agentw.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\alertsvc.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\alevir.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\alogserv.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AlphaAV\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AlphaAV.exe\
Debugger = svchost.exe

Windows Interactive Security automatic remover


Live Security Platinum automatic remover
Posted by at
Labels: , ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)