Arief Prabowo 106 Posted July 19, 2012 Report Share Posted July 19, 2012 The Emsisoft malware research team has discovered a new outbreak of the Windows Web Combat. Emsisoft Anti-Malware detects this malware as Rogue.Win32.WindowsWebCombat. Windows Web Combat is a rogue scanner application. A rogue application tries to trick you by displaying false positive or misleading scan results report, which says that your computer has a problem, or infected with viruses or trojan, but you will not be able to fix it before you purchase. Create new files: %AppData%\Protector-[random].exe %AppData%\result.db %UserProfile%\Desktop\Windows Web Combat.lnk %AllUsersProfile%\Start Menu\Programs\Windows Web Combat.lnk Create new registry entry: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\ Inspector = %AppData%\Protector-[random].exe HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\a.exe\ Debugger = svchost.exe HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\aAvgApi.exe\ Debugger = svchost.exe HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AAWTray.exe\ Debugger = svchost.exe HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\About.exe\ Debugger = svchost.exe HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ackwin32.exe\ Debugger = svchost.exe HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\Ad-Aware.exe\ Debugger = svchost.exe HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\adaware.exe\ Debugger = svchost.exe HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\advxdwin.exe\ Debugger = svchost.exe HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AdwarePrj.exe\ Debugger = svchost.exe HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\agent.exe\ Debugger = svchost.exe HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\agentsvr.exe\ Debugger = svchost.exe HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\agentw.exe\ Debugger = svchost.exe HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\alertsvc.exe\ Debugger = svchost.exe HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\alevir.exe\ Debugger = svchost.exe HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\alogserv.exe\ Debugger = svchost.exe HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AlphaAV\ Debugger = svchost.exe HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AlphaAV.exe\ Debugger = svchost.exe many similar entries… Screenshots: To register this rogue application you can try the following serial number: 0W000-000B0-00T00-E0020 How to remove the infection of Windows Web Combat (Rogue.Win32.WindowsWebCombat)? To delete this malware infection, please download and install Emsisoft Anti-Malware. Run a full scan on all drives and move all detected items to the quarantine. Quote Link to post Share on other sites
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.