Rogue:JS/Winwebsec
Windows Defender Antivirus detects and removes this threat. See the Win32/Winwebsec description for more information.
PersonalShieldPro
Personal Shield Pro is a variant of Win32/Winwebsec - a family of programs that claims to scan for malware and displays fake warnings of "malicious programs and viruses". They then inform the user that he or she needs to pay money to register the software to remove these non-existent threats.
Win32/Winwebsec has been distributed with many different names. The name used by the malware, the user interface and other details vary to reflect each variant's individual branding. The following details describe Win32/Winwebsec when it is distributed with the name "Personal Shield Pro".
Warning: Win32/Winwebsec may stop affected users from running all but a short list of specified applications. This may have an adverse effect on security applications that would otherwise remove this malware. If your antivirus scanner is unable to remove this threat because of this behavior, please see the additional removal instructions below.
SecuritySphere2012
Security Sphere 2012 is a variant of Win32/Winwebsec - a family of programs that claims to scan for malware and displays fake warnings of "malicious programs and viruses". They then inform the user that he or she needs to pay money to register the software to remove these non-existent threats.
Win32/Winwebsec has been distributed with many different names. The name used by the malware, the user interface and other details vary to reflect each variant's individual branding. The following details describe Win32/Winwebsec when it is distributed with the name "Security Sphere 2012".
Warning: Win32/Winwebsec may stop affected users from running all but a short list of specified applications. This may have an adverse effect on security applications that would otherwise remove this malware. If your antivirus scanner is unable to remove this threat because of this behavior, please see the additional removal instructions below.
SecurityTool
Reports of Rogue Antivirus programs have been more prevalent as of late. These are programs that generate misleading alerts and false detections in order to convince users to purchase illegitimate security software. Some of these programs may display product names or logos in an apparently unlawful attempt to impersonate Microsoft products. These products may represent themselves as “Antivirus XP”, “AntivirusXP 2008”, “WinDefender 2008”, “XP Antivirus”, or similar.
AVASoft Professional Antivirus
AVASoft Professional Antivirus is a variant of Win32/Winwebsec - a family of programs that claims to scan for malware and displays fake warnings of "malicious programs and viruses". They then inform you that you need to pay money to register the software to remove these non-existent threats. It may also terminate processes and services, modify security settings, and block access to websites.
Disk Antivirus Professional
Disk Antivirus Professional is a variant of Win32/Winwebsec - a family of programs that claims to scan for malware and displays fake warnings of "malicious programs and viruses". They then inform you that you need to pay money to register the software to remove these non-existent threats. It may also terminate processes and services, modify security settings, and block access to websites.
Spammer:Win32/Fifesock.C
Spammer:Win32/Fifesock.C is a component of Win32/Fifesock - a multiple component trojan family that injects code into Internet Explorer and Firefox in order to steal the user’s social networking credentials for sites such as Facebook, and then uses these credentials to send spam to their contacts. It may also download and execute arbitrary files. Some variants have also been observed to install rogue security software such as Rogue:Win32/Winwebsec.
TrojanDownloader:Win32/Chepvil.J
TrojanDownloader:Win32/Chepvil.I
TrojanDownloader:Win32/Waledac.C
SystemSecurity
Reports of Rogue Antivirus programs have been more prevalent as of late. These are programs that generate misleading alerts and false detections in order to convince users to purchase illegitimate security software. Some of these programs may display product names or logos in an apparently unlawful attempt to impersonate Microsoft products. These products may represent themselves as “Antivirus XP”, “AntivirusXP 2008”, “WinDefender 2008”, “XP Antivirus”, or similar.
WinwebSecurity
Reports of Rogue Antivirus programs have been more prevalent as of late. These are programs that generate misleading alerts and false detections in order to convince users to purchase illegitimate security software. Some of these programs may display product names or logos in an apparently unlawful attempt to impersonate Microsoft products. These products may represent themselves as “Antivirus XP”, “AntivirusXP 2008”, “WinDefender 2008”, “XP Antivirus”, or similar.
Win32/Necurs
Microsoft security software detects and removes this family of threats.
This family of malware work together to download other malware, including threats from the Win32/Sirefef and Win32/Medfos families. They can also give a malicious hacker backdoor access and control of your PC.
These threats can be installed at the same time as rogue security software, such as Rogue:Win32/Winwebsec.
We have seen the Necurs family being installed by variants of the Blacole family, the Win32/Beebone family, the Win32/Zbot family, and the Win32/Dorkbot family.
TrojanDropper:Win32/Hiloti.gen!A
TrojanDropper:Win32/Hiloti.gen!A drops and installs several malware into the affected computer.
Spammer:Win32/Fifesock.G
Spammer:Win32/Fifesock.G is a component of Win32/Fifesock - a multiple component trojan family that injects code into Internet Explorer and Firefox in order to steal the user’s social networking credentials for sites such as Facebook, Twitter and Blogspot, and then uses these credentials to send spam to their contacts. It may also download and execute arbitrary files. Some variants have also been observed to install rogue security software such as Rogue:Win32/Winwebsec.
Spammer:Win32/Fifesock.H
Spammer:Win32/Fifesock.H is a component of Win32/Fifesock - a multiple component trojan family that injects code into Internet Explorer and Firefox in order to steal the user’s social networking credentials for sites such as Facebook, Twitter and Blogspot, and then uses these credentials to send spam to their contacts. It may also download and execute arbitrary files. Some variants have also been observed to install rogue security software such as Rogue:Win32/Winwebsec.