Spammer:Win32/Fifesock.I is a component of Win32/Fifesock - a multiple component trojan family that injects code into Internet Explorer and Firefox in order to steal the user’s social networking credentials for sites such as Facebook, Twitter and Blogspot, and then uses these credentials to send spam to their contacts. It may also download and execute arbitrary files. Some variants have also been observed to install rogue security software such as Rogue:Win32/Winwebsec.

Spammer:Win32/Fifesock.D is a component of Win32/Fifesock - a multiple component trojan family that injects code into Internet Explorer and Firefox in order to steal the user’s social networking credentials for sites such as Facebook, Twitter and Blogspot, and then uses these credentials to send spam to their contacts. It may also download and execute arbitrary files. Some variants have also been observed to install rogue security software such as Rogue:Win32/Winwebsec.

Spammer:Win32/Fifesock.E is a component of Win32/Fifesock - a multiple component trojan family that injects code into Internet Explorer and Firefox in order to steal the user’s social networking credentials for sites such as Facebook, Twitter and Blogspot, and then uses these credentials to send spam to their contacts. It may also download and execute arbitrary files. Some variants have also been observed to install rogue security software such as Rogue:Win32/Winwebsec.

Spammer:Win32/Fifesock.F is a component of Win32/Fifesock - a multiple component trojan family that injects code into Internet Explorer and Firefox in order to steal the user’s social networking credentials for sites such as Facebook, Twitter and Blogspot, and then uses these credentials to send spam to their contacts. It may also download and execute arbitrary files. Some variants have also been observed to install rogue security software such as Rogue:Win32/Winwebsec.

Exploit:Win32/Pdfjsc.ADQ is a malicious PDF file that exploits a vulnerability in Adobe Acrobat and Adobe Reader.

The vulnerabilities, discussed in CVE-2010-0188, allow this malware to download and run arbitrary files.

The following versions of Adobe Acrobat and Adobe Reader are vulnerable to this exploit:

• Adobe Acrobat 8 and Adobe Reader 8 earlier than 8.2.1
• Adobe Acrobat 9 and Adobe Reader 9 earlier than 9.3.1

Exploit:Win32/Pdfjsc.ADY is a malicious PDF file that exploits a vulnerability in Adobe Acrobat and Adobe Reader.

The vulnerabilities, discussed in CVE-2010-0188, allow this malware to download and run arbitrary files, including malware from the following families:

• Trojan:Win32/Simda
• Win32/Zegost (for example, Backdoor:Win32/Zegost.F)
• Win32/Carberp
• Win32/Fareit
• Trojan:Win32/Lockscreen
• Trojan:Win32/Ransom
• Trojan:Win32/Reveton
• Win32/Winwebsec
• Win32/Zbot

The following versions of Adobe Acrobat and Adobe Reader are vulnerable to this exploit:

• Adobe Acrobat and Adobe Reader earlier than 8.2.1
• Adobe Acrobat and Adobe Reader earlier than 9.3.1

Install updates to prevent infection

This malware exploits known vulnerabilities.

You should always install the latest updates available from Adobe to prevent reinfection from this threat, and possible infection from other threats.

Download updates for Adobe products from the following link:

• Updating Software

System Tool is a variant of Win32/Winwebsec - a family of programs that claims to scan for malware and displays fake warnings of "malicious programs and viruses". They then inform the user that he or she needs to pay money to register the software to remove these non-existent threats.

Win32/Winwebsec has been distributed with many different names. The name used by the malware, the user interface and other details vary to reflect each variant's individual branding. The following details describe Win32/Winwebsec when it is distributed with the name "System Tool".

Windows Defender detects and removes this threat.

This rogue pretends to scan for malware and shows you fake warnings about malicious programs and viruses. It is designed to scare you into paying money to remove the fake threats by registering the software.

It can also close or end programs, processes and services, modify security settings, and block access to websites.

It is a member of the Win32/Winwebsec family.

There is more information about this type of malware on our Rogue security software page.

Windows Defender detects and removes this threat.

This rogue pretends to scan for malware and shows you fake warnings about malicious programs and viruses. It is designed to scare you into paying money to remove the fake threats by registering the software.

It can also close or stop programs, processes and services, modify security settings, and block access to websites.

It's a member of the Win32/Winwebsec family.

There is more information about this type of malware on our Rogue security software page.

Trojan:Win32/Fifesock.gen!A is a component of Win32/Fifesock - a multiple component trojan family that injects code into Internet Explorer and Firefox in order to steal the user’s social networking credentials for sites such as Facebook, Twitter and Blogspot, and then uses these credentials to send spam to their contacts. It may also download and execute arbitrary files. Some variants have also been observed to install rogue security software such as Rogue:Win32/Winwebsec.

• Microsoft Security Essentials
• Windows Defender
• Microsoft Safety Scanner
• Microsoft Windows Malicious Software Removal Tool

Microsoft security software detects and removes this family of threats.

This family of malware work together to download other malware, including threats from the Win32/Sirefef and Win32/Medfos families. They can also give a malicious hacker backdoor access and control of your PC.

These threats can be installed at the same time as rogue security software, such as Rogue:Win32/Winwebsec. We have also seen them installed by variants of the Blacole family, the Win32/Beebone family, the Win32/Zbot family, and the Win32/Dorkbot family.

Find out ways that malware can get on your PC.

Trojan:Win32/Fifesock.gen!C is a component of Win32/Fifesock - a multiple component trojan family that injects code into Internet Explorer and Firefox in order to steal the user’s social networking credentials for sites such as Facebook, Twitter and Blogspot, and then uses these credentials to send spam to their contacts. It may also download and execute arbitrary files. Some variants have also been observed to install rogue security software such as Rogue:Win32/Winwebsec.

Spammer:Win32/Fifesock.B is a component of Win32/Fifesock - a multiple component trojan family that injects code into Internet Explorer and Firefox in order to steal the user’s social networking credentials for sites such as Facebook, and then uses these credentials to send spam to their contacts. It may also download and execute arbitrary files. Some variants have also been observed to install rogue security software such as Rogue:Win32/Winwebsec.

Smart Protection 2012 is a variant of Win32/Winwebsec - a family of programs that claims to scan for malware and displays fake warnings of "malicious programs and viruses". They then inform the user that he or she needs to pay money to register the software to remove these non-existent threats.

Win32/Winwebsec has been distributed with many different names. The name used by the malware, the user interface and other details vary to reflect each variant's individual branding. The following details describe Win32/Winwebsec when it is distributed with the name "Smart Protection 2012".