Sign in to follow this  
Followers 0
Elise

Windows Web Watchdog Rogue Removal Instructions

By Elise, in Malware and Computer Security

Recommended Posts

Elise    262

Elise
Posted

The Emsisoft malware research team has discovered a new outbreak of the Windows Web Watchdog Rogue. Emsisoft Anti-Malware detects this malware as Rogue.Win32.GuardSoft.

Windows Web Watchdog is a rogue scanner application. A rogue application tries to trick you by displaying false-positive or misleading scan results, which claim that your computer has a problem, or is infected with malware, but you will not be able to fix it unless you purchase this fake program.

Created files:

%AppData%\svc-[random].exe
%AppData%\data.sec
%UserProfile%\Desktop\Windows Web Watchdog.lnk
%AllUsersProfile%\Start Menu\Programs\Windows Web Watchdog.lnk 
Created/modified registry entries:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
Ctfmon = %AppData%\svc-[random].exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\MpCmdRun.exe
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\MpUXSrv.exe
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\MSASCui.exe
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\msmpeng.exe
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\msseces.exe
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\Software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\k9filter.exe
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\bckd
ImagePath = 33.sys 
Screenshots:

post-23145-0-09803500-1396043015_thumb.png
Download Imagepost-23145-0-56729400-1396043015_thumb.png
Download Image

post-23145-0-16508100-1396043016_thumb.png
Download Imagepost-23145-0-62921300-1396043016_thumb.png
Download Image

 

Once infected this rogue will restart the machine automatically and try to lock Windows so you cannot open any other application unless you activate it. To activate this rogue and facilitate its removal, click on the question mark button, and select Register. A few examples of serial numbers that will work:

0W000-000B0-00T00-E0010

0W000-000B0-00T00-E0011

0W000-000B0-00T00-E0012

 

How to remove the Windows Web Watchdog rogue infection?

To remove this infection, please download and install Emsisoft Anti-Malware. Run a full scan on all drives and quarantine all detected objects. 

Share this post

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
Sign in to follow this  
Followers 0
Go To Topic Listing

  • Recently Browsing   0 members

    No registered users viewing this page.