Monday, April 21, 2008



WinSpywareProtect is a rogue security application.

Site Name:
IP Address:

Screenshot of site

The scammers also use Fake/Scare scan tactics to lure/scare users into downloading/purchasing this application.

Screenshot of Fake/Scare scan pages:

The application does a fake scan on the system and reports fake threats, Also the application doesn’t show the exact path of the malicious files detected on the system and asks users to purchase the full version to remove the detected threats.

Screenshot of WinSpywareProtect application

The application comes up with the fake alert message even after the application is closed/shutdown.

Screenshot of Fake alerts displayed by WinSpywareProtect

The site also uses for payment processing which is used by many rogue applications.

The installer from the site was scanned and here are the scan results

VirusTotal Scan Result: 12/31 (38.71%)

AntiVir 2008.04.20 TR/Dldr.Delphi.Gen
AVG 2008.04.20 Generic10.IVQ
BitDefender 7.2 2008.04.20 Adware.WinSpywareProtect.A
eSafe 2008.04.17 suspicious Trojan/Worm
Ikarus T3.1.1.26 2008.04.20 not-a-virus:.FraudTool.Win32.MalWarrior.g
Kaspersky 2008.04.20 Heur.Downloader
NOD32v2 3041 2008.04.19 probably unknown NewHeur_PE virus
Norman 5.80.02 2008.04.18 W32/DLoader.GNDH
Panda 2008.04.20 Adware/WinSpywareProtect
Prevx1 V2 2008.04.20 Heuristic: Suspicious File With Persistence
Sophos 4.28.0 2008.04.20 Mal/Behav-053
Webwasher-Gateway 6.6.2 2008.04.20 Trojan.Dldr.Delphi.Gen

Stay away from this site.

Bharath M N

blog comments powered by Disqus