Windows Security Tutorials - Herong's Tutorial Examples

∟Malware Manual Removal Experience

∟WinAntiVirusPRO 2006 Faked Security Popup

This section describes the security popup caused by the IE WinAntiVirus addon. The popup gives faked security warning messages that your computer has a spyware sending out private data to a remote site and you should download the specified software for protection.

Symptom: Once a while in January of 2006, while visiting a website with IE (Internet Explorer), an IE popup window showed up with http://202.67.220.233 in the address field. This pop up window contains a false warning message and advertisements for "WinAntiVirusPro 2006, WinAntiSpyware 2006, and WinFixer 2006". The warning message said:

Attention! Security Center has detected spyware on your PC sending
private information and documents to remote computer. One of processes
(Win32res.exe) has just sent this information: 

   IP address: 66.19.202.184 
   Browser: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1;
   Computer OS: Windows XP 
   Full PC control: Gained 
   Sent Information: approximately 17 Megabytes 

Your current security software is unable to stop this kind of spyware.
To clean up your computer and prevent further possibilities to be
infected, you need to download one of these security software:

   WinAntiVirusPRO 2006 - Download
   WinAntiSpyware 2006 - Download
   WinFixer 2006 - Download

Here is an example of this popup window:

Apparently, this IE addon is trying to invite you to download and install some software products. See sections below on what I did to remove it.

Table of Contents

 About This Windows Security Book

 Windows 8: System Security Review

 Windows 8: System Security Protection

 Windows 8 System Recovery

 Windows 8 Defender for Real-Time Protection

 Windows 7: System Security Review

 Windows 7: System Security Protection

 Windows 7 System Recovery

 Windows 7 Forefront Client Security

 Norton Power Eraser - Anti-Virus Scan Tool

 McAfee Virus and Malware Protection Tools

 Spybot - Spyware Blocker, Detection and Removal

 Keeping Firefox Secure

 Keeping IE (Internet Explorer) Secure

 Malware (Adware, Spyware, Trojan, Worm, and Virus)

 HijackThis - Browser Hijacker Diagnosis Tool

 IE Add-on Program Listing and Removal

 "Conduit Search" - Malware Detection and Removal

 "Tube Dimmer", "Scorpion Saver" or "Adpeak" Malware

►Malware Manual Removal Experience

 Removing Malware "Social Privacy DNS"

 Removing "WebBar" - htwtb.bin and bar.dll

 Removing "SurfBuddy" - sbuddy.dll

 Removing "WebSpecials" - webspec.dll

 Removing "DSSAgent" - DSSAgent.exe

 Removing "Best Offer" - farmmext.exe

 Removing "dinst.exe" - dsr.dll

 Removing "deSrcAs.dll" - MyWay Search Assistant

►WinAntiVirusPRO 2006 Faked Security Popup

 WinFixer 2006 Faked Security Popup

 Removing "WinFixer" - Rogue Security Popups

 Vundo (VirtuMonde/VirtuMundo) - vtsts.dll Removal

 Trojan and Malware "Puper" Description and Removal

 VSToolbar (VSAdd-in.dll) - Description and Removal

 PWS (Password Stealer) Trojan Infection Removal

 MS08-001 Vulnerability on Windows Systems

 Antivirus System PRO

 References

 Full Version in PDF/ePUB

WinAntiVirusPRO 2006 Faked Security Popup - Updated in 2021, by Dr. Herong Yang