Windows Security Tutorials - Herong's Tutorial Examples - v3.01, by Dr. Herong Yang
WinAntiVirusPRO 2006 Faked Security Popup
This section describes the security popup caused by the IE WinAntiVirus addon. The popup gives faked security warning messages that your computer has a spyware sending out private data to a remote site and you should download the specified software for protection.
Symptom: Once a while in January of 2006, while visiting a website with IE (Internet Explorer), an IE popup window showed up with http://202.67.220.233 in the address field. This pop up window contains a false warning message and advertisements for "WinAntiVirusPro 2006, WinAntiSpyware 2006, and WinFixer 2006". The warning message said:
Attention! Security Center has detected spyware on your PC sending private information and documents to remote computer. One of processes (Win32res.exe) has just sent this information: IP address: 66.19.202.184 Browser: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; Computer OS: Windows XP Full PC control: Gained Sent Information: approximately 17 Megabytes Your current security software is unable to stop this kind of spyware. To clean up your computer and prevent further possibilities to be infected, you need to download one of these security software: WinAntiVirusPRO 2006 - Download WinAntiSpyware 2006 - Download WinFixer 2006 - Download
Here is an example of this popup window:
Apparently, this IE addon is trying to invite you to download and install some software products. See sections below on what I did to remove it.
Table of Contents
About This Windows Security Book
Windows 8: System Security Review
Windows 8: System Security Protection
Windows 8 Defender for Real-Time Protection
Windows 7: System Security Review
Windows 7: System Security Protection
Windows 7 Forefront Client Security
Norton Power Eraser - Anti-Virus Scan Tool
McAfee Virus and Malware Protection Tools
Spybot - Spyware Blocker, Detection and Removal
Keeping IE (Internet Explorer) Secure
Malware (Adware, Spyware, Trojan, Worm, and Virus)
HijackThis - Browser Hijacker Diagnosis Tool
IE Add-on Program Listing and Removal
"Conduit Search" - Malware Detection and Removal
"Tube Dimmer", "Scorpion Saver" or "Adpeak" Malware
►Malware Manual Removal Experience
Removing Malware "Social Privacy DNS"
Removing "WebBar" - htwtb.bin and bar.dll
Removing "SurfBuddy" - sbuddy.dll
Removing "WebSpecials" - webspec.dll
Removing "DSSAgent" - DSSAgent.exe
Removing "Best Offer" - farmmext.exe
Removing "dinst.exe" - dsr.dll
Removing "deSrcAs.dll" - MyWay Search Assistant
►WinAntiVirusPRO 2006 Faked Security Popup
WinFixer 2006 Faked Security Popup
Removing "WinFixer" - Rogue Security Popups
Vundo (VirtuMonde/VirtuMundo) - vtsts.dll Removal
Trojan and Malware "Puper" Description and Removal
VSToolbar (VSAdd-in.dll) - Description and Removal
PWS (Password Stealer) Trojan Infection Removal