Essential Cleaner is a variant of Win32/Winwebsec - a family of programs that claims to scan for malware and displays fake warnings of "malicious programs and viruses". They then inform the user that he or she needs to pay money to register the software to remove these non-existent threats.

Win32/Winwebsec has been distributed with many different names. The name used by the malware, the user interface and other details vary to reflect each variant's individual branding. The following details describe Win32/Winwebsec when it is distributed with the name "Essential Cleaner".

Warning: Win32/Winwebsec may stop affected users from running all but a short list of specified applications. This may have an adverse effect on security applications that would otherwise remove this malware. If your antivirus scanner is unable to remove this threat because of this behavior, please see the additional removal instructions below.

MS Removal Tool is a variant of Win32/Winwebsec - a family of programs that claims to scan for malware and displays fake warnings of "malicious programs and viruses". They then inform the user that he or she needs to pay money to register the software to remove these non-existent threats.

Win32/Winwebsec has been distributed with many different names. The name used by the malware, the user interface and other details vary to reflect each variant's individual branding. The following details describe Win32/Winwebsec when it is distributed with the name "MS Removal Tool".

Warning: Win32/Winwebsec may stop affected users from running all but a short list of specified applications. This may have an adverse effect on security applications that would otherwise remove this malware. If your antivirus scanner is unable to remove this threat because of this behavior, please see the additional removal instructions below.

Personal Shield Pro is a variant of Win32/Winwebsec - a family of programs that claims to scan for malware and displays fake warnings of "malicious programs and viruses". They then inform the user that he or she needs to pay money to register the software to remove these non-existent threats.

Win32/Winwebsec has been distributed with many different names. The name used by the malware, the user interface and other details vary to reflect each variant's individual branding. The following details describe Win32/Winwebsec when it is distributed with the name "Personal Shield Pro".

Warning: Win32/Winwebsec may stop affected users from running all but a short list of specified applications. This may have an adverse effect on security applications that would otherwise remove this malware. If your antivirus scanner is unable to remove this threat because of this behavior, please see the additional removal instructions below.

Security Sphere 2012 is a variant of Win32/Winwebsec - a family of programs that claims to scan for malware and displays fake warnings of "malicious programs and viruses". They then inform the user that he or she needs to pay money to register the software to remove these non-existent threats.

Win32/Winwebsec has been distributed with many different names. The name used by the malware, the user interface and other details vary to reflect each variant's individual branding. The following details describe Win32/Winwebsec when it is distributed with the name "Security Sphere 2012".

Warning: Win32/Winwebsec may stop affected users from running all but a short list of specified applications. This may have an adverse effect on security applications that would otherwise remove this malware. If your antivirus scanner is unable to remove this threat because of this behavior, please see the additional removal instructions below.

AVASoft Professional Antivirus is a variant of Win32/Winwebsec - a family of programs that claims to scan for malware and displays fake warnings of "malicious programs and viruses". They then inform you that you need to pay money to register the software to remove these non-existent threats. It may also terminate processes and services, modify security settings, and block access to websites.

Windows Defender detects and removes this threat.

This rogue pretends to scan for malware and shows you fake warnings about malicious programs and viruses. It is designed to scare you into paying money to remove the fake threats by registering the software.

It can also close or stop programs, processes and services, modify security settings, and block access to websites.

It's a member of the Win32/Winwebsec family.

There is more information about this type of malware on our Rogue security software page.

Disk Antivirus Professional is a variant of Win32/Winwebsec - a family of programs that claims to scan for malware and displays fake warnings of "malicious programs and viruses". They then inform you that you need to pay money to register the software to remove these non-existent threats. It may also terminate processes and services, modify security settings, and block access to websites.

Windows Defender detects and removes this threat.

This rogue pretends to scan for malware and shows you fake warnings about malicious programs and viruses. It is designed to scare you into paying money to remove the fake threats by registering the software.

It can also close or end programs, processes and services, modify security settings, and block access to websites.

It is a member of the Win32/Winwebsec family.

There is more information about this type of malware on our Rogue security software page.

Windows Defender detects and removes this threat.

This rogue pretends to scan for malware and shows you fake warnings about malicious programs and viruses. It is designed to scare you into paying money to register the program and remove the fake threats from your PC.

This threat can also stop your security software from running, change your security settings, and stop you from going to certain websites.

It is a member of the Win32/Winwebsec family.

You can read more about this type of threat on our rogue page.

Security Shield is a variant of Win32/Winwebsec -- a family of programs that claims to scan for malware and displays fake warnings of “malicious programs and viruses”. They then inform the user that they need to pay money to register the software in order to remove these non-existent threats.

 

In mid to late January this variant of Win32/Winwebsec was observed being distributed via Twitter. A number of tweets were sent to users that contained a malicious link that directed them (via a redirector) to download a copy of the Security Shield variant of Rogue:Win32/Winwebsec.  

 

Special Note:
Rogue Antivirus programs are programs that generate misleading alerts and false detections in order to convince users to purchase illegitimate security software.  Some of these programs may display product names or logos in an apparently unlawful attempt to impersonate Microsoft products. 

 

• Microsoft Security Essentials
• Windows Defender
• Microsoft Safety Scanner
• Microsoft Windows Malicious Software Removal Tool

Windows Defender detects and removes this threat.

Attentive Antivirus is a variant of Win32/Winwebsec - a family of programs that claims to scan for malware and displays fake warnings of "malicious programs and viruses". They then inform you that you need to pay money to register the software to remove these non-existent threats. It may also stop processes and services, modify security settings, and block access to websites.

This threat has been renamed to Rogue:Win32/Winwebsec.

System Security is a variant of Win32/Winwebsec - a family of programs that claims to scan for malware and displays fake warnings of “malicious programs and viruses”. They then inform the user that they need to pay money to register the software in order to remove these non-existent threats.

 

Special Note:
Reports of Rogue Antivirus programs have been more prevalent as of late.  These are programs that generate misleading alerts and false detections in order to convince users to purchase illegitimate security software.  Some of these programs may display product names or logos in an apparently unlawful attempt to impersonate Microsoft products.  These products may represent themselves as “Antivirus XP”, “AntivirusXP 2008”, “WinDefender 2008”, “XP Antivirus”, or similar.

 

Use Microsoft Windows Defender, Microsoft Security Essentials, the Microsoft Safety Scanner, or another up-to-date scanning and removal tool to detect and remove this threat and other unwanted software from your computer. For more information on Microsoft security products, see http://www.microsoft.com/protect/products/computer/default.mspx.

Winweb Security is a variant of Win32/Winwebsec - a family of programs that claims to scan for malware and displays fake warnings of “malicious programs and viruses”. They then inform the user that they need to pay money to register the software in order to remove these non-existent threats.

 

Special Note:
Reports of Rogue Antivirus programs have been more prevalent as of late.  These are programs that generate misleading alerts and false detections in order to convince users to purchase illegitimate security software.  Some of these programs may display product names or logos in an apparently unlawful attempt to impersonate Microsoft products.  These products may represent themselves as “Antivirus XP”, “AntivirusXP 2008”, “WinDefender 2008”, “XP Antivirus”, or similar.

 

Use Microsoft Windows Defender, Microsoft Security Essentials, the Microsoft Safety Scanner, or another up-to-date scanning and removal tool to detect and remove this threat and other unwanted software from your computer. For more information on Microsoft security products, see http://www.microsoft.com/protect/products/computer/default.mspx.

Security Tool is a variant of Win32/Winwebsec - a family of programs that claims to scan for malware and displays fake warnings of “malicious programs and viruses”. They then inform the user that they need to pay money to register the software in order to remove these non-existent threats.

 

Special Note:
Reports of Rogue Antivirus programs have been more prevalent as of late.  These are programs that generate misleading alerts and false detections in order to convince users to purchase illegitimate security software.  Some of these programs may display product names or logos in an apparently unlawful attempt to impersonate Microsoft products.  These products may represent themselves as “Antivirus XP”, “AntivirusXP 2008”, “WinDefender 2008”, “XP Antivirus”, or similar.

 

Use Microsoft Windows Defender, Microsoft Security Essentials, the Microsoft Safety Scanner, or another up-to-date scanning and removal tool to detect and remove this threat and other unwanted software from your computer. For more information on Microsoft security products, see http://www.microsoft.com/protect/products/computer/default.mspx.