Windows Web Commander is a fake anti-malware program that is traditionally distributed by means of trojans. The process of rogue infiltration is carried out invisibly. After getting on the target PC, this rogue is set to start together with every computer’s reboot and do whatever it can so that its victims think that it is worth being purchased. Typically, Windows Web Commander starts displaying system scanners and additionally reports about numerous viruses detected. For their removal, it surely offers to purchase its licensed, full or whatever it is called version. However, you should note that all these ‘viruses’ reported by Windows Web Commander are harmless system files that should never be removed from the system. In addition, paying for the licensed version is the same as throwing your money away because it is useless just like the trial its version. So, remove Windows Pro Solutions from your computer and forget all these annoying alerts. Windows Web Commander is introduced by the same old group of hackers who are called FakeVimes. These people spread their viruses in order to get some money from unaware PC users after making them concerned about their machines. Be sure that their intentions are to get easy money!
As soon as Windows Web Commander is installed, user is always accompanied by its fake alerts that always report about numerous infections detected. In order to persuade him that machine is really infected, scamware starts flooding the desktop with annoying security scanners as well that all return the same results about keyloggers and trojans detected, for example:
Warning
Firewall has blocked a program from accessing the Internet
C:\program files\internet explorer\iexplore.exe
is suspected to have infected your PC. This type of virus intercepts entered data and transmits them to a remote server.
Error
Attempt to modify Registry key entries detected.
Registry entry analysis recommended.
Warning! Spambot detected!
Also, if you get infected with Windows Web Commander, you may start receiving exaggerated browser warnings or simply find yourself redirected to a page selling Windows Web Commander commercial version whenever you attempt to visit websites. This fake anti-virus additionally tends to disable various processes on the PC so that you couldn’t be able to run any legitimate anti-spyware. That really complicates a cleaning procedure, so we recommend rebooting to safe mode with networking and then running a full system scan with GridinSoft Trojan Killer.
Files
In the process of the installation, Windows Web Commander copies the following files to the hard disk.
- %AppData%\NPSWF32.dll
- %AppData%\Protector-[rnd].exe
- %AppData%\result.db
4. System registry
Windows Web Commander creates the following registry entries:
- HKCU\Software\Microsoft\Windows\CurrentVersion\Run\Inspector %AppData%\Protector-[rnd].exe
- HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnHTTPSToHTTPRedirect 0
- HKCU\Software\Microsoft\Windows\CurrentVersion\Settings\ID 4
- HKCU\Software\Microsoft\Windows\CurrentVersion\Settings\UID [rnd]
- HKCU\Software\Microsoft\Windows\CurrentVersion\Settings\net [date of installation]
- HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ConsentPromptBehaviorAdmin 0
- HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ConsentPromptBehaviorUser 0
- HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\EnableLUA 0
- HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AAWTray.exe
- HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AAWTray.exe\Debugger svchost.exe
- HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVCare.exe
- HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVCare.exe\Debugger svchost.exe
No comments:
Post a Comment