Rogue:Win32/Winwebsec

(?)

Encyclopedia entry
Updated: Apr 02, 2013 | Published: Aug 17, 2010

Aliases

System Progressive Protection

other

Adware/AntiSpywarePro2009 (Panda)
Adware/UltimateCleaner (Panda)
Adware/Xpantivirus2008 (Panda)
AntiSpyware Pro 2009 (other)
AntiVirus2008 (Symantec)
FakeAlert-AntiSpywarePro (McAfee)
FakeAlert-WinwebSecurity.gen (McAfee)
Live Security Platinum (other)
Mal/FakeAV-AK (Sophos)
MS Removal Tool (other)
Security Tool (other)
SecurityRisk.Downldr (Symantec)
System Security (other)
Security Shield (other)
SecurityShieldFraud (Symantec)
SystemSecurity2009 (other)
Total Security (other)
Troj/FakeVir-LB (Sophos)
Trojan:Win32/Winwebsec (other)
TrojanDropper:Win32/Winwebsec (other)
W32/AntiVirus2008.AYO (Norman)
Win32/Adware.SystemSecurity (ESET)
Win32/Adware.WinWebSecurity (ESET)
Winweb Security (other)
Essential Cleaner (other)
Personal Shield Pro (other)
Security Shield 2012 (other)
Security Sphere 2012 (other)
Smart Protection 2012 (other)
Security Shield 2012 (other)
Smart Fortress 2012 (other)
Win 8 Security System (other)
Advanced PC Shield 2012 (other)
Disk Antivirus Professional (other)
AVASoft Professional Antivirus (other)

Alert Level (?)
Severe

Antimalware protection details
Microsoft recommends that you download the latest definitions to get protected.

Detection last updated:
Definition: 1.151.459.0
Released: May 20, 2013

Detection initially created:
Definition: 1.55.1987.0
Released: Apr 20, 2009

Summary

Rogue:Win32/Winwebsec is a family of programs that claim to scan for malware and display fake warnings of "malicious programs and viruses". They then inform the user that they need to pay money to register the software in order to remove these non-existent threats. Win32/Winwebsec has been distributed with several different names. The user interface varies to reflect each variant’s individual branding.

Programs detected as Rogue:Win32/Winwebsec may be installed alongside malware, including variants of the Trojan:Win32/Necurs family.

Note: Reports of Rogue Antivirus programs have been more prevalent as of late. These are programs that generate misleading alerts and false detections in order to convince users to purchase illegitimate security software. Some of these programs, including Win32/Winwebsec, may display product names or logos in an apparently unlawful attempt to impersonate Microsoft products.

To detect and remove this threat and other malicious software that may be installed on your computer, run a full-system scan with an appropriate, up-to-date, security solution. The following Microsoft products will detect and remove this threat:

Top

Symptoms

Please refer to the individual subvariant encyclopedia entries listed below for symptoms displayed by different distributions of Winwebsec.

Top

Technical Information (Analysis)

Rogue:Win32/Winwebsec is a family of programs that claims to scan for malware and displays fake warnings of “malicious programs and viruses”. They then inform the user that they need to pay money to register the software in order to remove these non-existent threats. This trojan may display a dialog that mimics the Windows Security Center. Some members of the Win32/Winwebsec family may also download additional malware and have been observed in the wild downloading variants of Worm:Win32/Swimnag, and Worm:Win32/Koobface.

Rogue:Win32/Winwebsec has been distributed with many different names. The user interface and other details vary to reflect each variant's individual branding. These different distributions of the trojan use various installation methods, with filenames and system modifications that can differ from one variant to the next.

Winwebsec distributions currently affecting users in the wild (as of March 2013):

AVASoft Professional Antivirus

Winwebsec distributions

Rogue:Win32/Winwebsec brands may use icons or user interfaces similar to the following:

Branding/Name of distribution	Example of brands
Disk Antivirus Professional
System Progressive Protection
Live Security Platinum
Essential Cleaner
MS Removal Tool
Security Shield
System Security
Winweb Security
Security Tool
System Tool
Personal Shield Pro
Security Sphere 2012
Smart Protection 2012
Smart Fortress 2012
Win 8 Security System

Prevention

Take these steps to help prevent infection on your computer.

Top

Recovery

Microsoft Security Essentials or, for Windows 8, Windows Defender
Microsoft Safety Scanner
Microsoft Windows Malicious Software Removal Tool

To remove the "MS Removal Tool" variant of this malware, refer to the Microsoft KB Article: How to remove the MS Removal Tool from your computer.

Top


	Provide feedback Please note: While your feedback is very important to us, we do not respond to individual submissions through this channel. Feedback, requests, or questions submitted through this form are monitored, however responses are not generated. If you require support, please visit the Safety & Security Center.