Arief Prabowo 102 Report post Posted July 19, 2012 The Emsisoft malware research team has discovered a new outbreak of the Windows Web Combat. Emsisoft Anti-Malware detects this malware as Rogue.Win32.WindowsWebCombat. Windows Web Combat is a rogue scanner application. A rogue application tries to trick you by displaying false positive or misleading scan results report, which says that your computer has a problem, or infected with viruses or trojan, but you will not be able to fix it before you purchase. Create new files: %AppData%\Protector-[random].exe %AppData%\result.db %UserProfile%\Desktop\Windows Web Combat.lnk %AllUsersProfile%\Start Menu\Programs\Windows Web Combat.lnk Create new registry entry: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\ Inspector = %AppData%\Protector-[random].exe HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\a.exe\ Debugger = svchost.exe HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\aAvgApi.exe\ Debugger = svchost.exe HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AAWTray.exe\ Debugger = svchost.exe HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\About.exe\ Debugger = svchost.exe HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ackwin32.exe\ Debugger = svchost.exe HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\Ad-Aware.exe\ Debugger = svchost.exe HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\adaware.exe\ Debugger = svchost.exe HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\advxdwin.exe\ Debugger = svchost.exe HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AdwarePrj.exe\ Debugger = svchost.exe HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\agent.exe\ Debugger = svchost.exe HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\agentsvr.exe\ Debugger = svchost.exe HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\agentw.exe\ Debugger = svchost.exe HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\alertsvc.exe\ Debugger = svchost.exe HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\alevir.exe\ Debugger = svchost.exe HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\alogserv.exe\ Debugger = svchost.exe HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AlphaAV\ Debugger = svchost.exe HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AlphaAV.exe\ Debugger = svchost.exe many similar entries… Screenshots: To register this rogue application you can try the following serial number: 0W000-000B0-00T00-E0020 How to remove the infection of Windows Web Combat (Rogue.Win32.WindowsWebCombat)? To delete this malware infection, please download and install Emsisoft Anti-Malware. Run a full scan on all drives and move all detected items to the quarantine. Quote Share this post Link to post Share on other sites