Elise 276 Posted March 28, 2014 Report Share Posted March 28, 2014 The Emsisoft malware research team has discovered a new outbreak of the Windows Web Watchdog Rogue. Emsisoft Anti-Malware detects this malware as Rogue.Win32.GuardSoft. Windows Web Watchdog is a rogue scanner application. A rogue application tries to trick you by displaying false-positive or misleading scan results, which claim that your computer has a problem, or is infected with malware, but you will not be able to fix it unless you purchase this fake program. Created files: %AppData%\svc-[random].exe %AppData%\data.sec %UserProfile%\Desktop\Windows Web Watchdog.lnk %AllUsersProfile%\Start Menu\Programs\Windows Web Watchdog.lnk Created/modified registry entries: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run Ctfmon = %AppData%\svc-[random].exe HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\MpCmdRun.exe Debugger = svchost.exe HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\MpUXSrv.exe Debugger = svchost.exe HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\MSASCui.exe Debugger = svchost.exe HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe Debugger = svchost.exe HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\msmpeng.exe Debugger = svchost.exe HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\msseces.exe Debugger = svchost.exe HKEY_LOCAL_MACHINE\Software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\k9filter.exe Debugger = svchost.exe HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\bckd ImagePath = 33.sys Screenshots: Once infected this rogue will restart the machine automatically and try to lock Windows so you cannot open any other application unless you activate it. To activate this rogue and facilitate its removal, click on the question mark button, and select Register. A few examples of serial numbers that will work: 0W000-000B0-00T00-E0010 0W000-000B0-00T00-E0011 0W000-000B0-00T00-E0012 How to remove the Windows Web Watchdog rogue infection? To remove this infection, please download and install Emsisoft Anti-Malware. Run a full scan on all drives and quarantine all detected objects. Quote Link to post Share on other sites
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.