Home > Threats > WinSpyControl

What is WinSpyControl

Posted on 12 October 2007 under Rogue Programs

1. What is WinSpyControl?

It is fake computer security software, which should be escaped. It has a feature of scaring PC owner with fictitious spyware alerts and warnings, thus pulling the victim into worthless purchase.
Fake alert notice: "If your computer is infected, you could suffer data loss, erratic PC behavior, PC freezes and crashes. Detect and remove viruses before they activate themselves on your PC to prevent all these problems. Do you want to install WinSpyControl to scan your PC for malware now? (Recommended)."

WinSpyControl fake security alerts:

WinSpyControl alert

WinSpyControl alert

2. WinSpyControl screen shot:


3. How to remove WinSpyControl:

  1. Internet connection might be disabled or Internet browser might be blocked by WinSpyControl, so it won't be possible to download any files to infected computer. In this case please download all files required for WinSpyControl removal to another computer and then transfer them on the infected one using CD/DVD or USB flash drive.
  2. To remove WinSpyControl download Spyware Doctor and install the program (for the installation guide click here). Before installation, make sure all other programs and windows are closed.
  3. After the installation, computer scan should be started automatically. If so, please move to the next step. If not, click "Status" on the left side menu and press "Scan Now" button to run computer scanner as shown in the picture below:

  4. After the scan has been completed and scan results have been generated, press "Fix Checked" button to remove WinSpyControl.

  5. Restart the computer to complete WinSpyControl removal procedure.

4. WinSpyControl files:

IEFWBHO.dll, pg.dll
bm.exe, install_en.exe (setup file), pgs.exe, ugcw.exe

5. Hijackthis entries:

O2 Entries:
O2 - BHO: CIEIntegrator Object - {7A7F202E-AF91-4889-9DD5-2FE241085CC1} - C:\Program Files\WinSpyControl\Tools\pg.dll
O2 - BHO: IEFW Object - {FAAD2038-C371-473D-86F1-5B11D39C3775} - C:\Program Files\WinSpyControl\Tools\IEFWBHO.dll
O4 Entries:
O4 - HKLM\..\Run: [WinSpyControl] C:\Program Files\WinSpyControl\pgs.exe
O4 - HKLM\..\Run: [ugcw] "C:\PROGRA~1\COMMON~1\WINSPY~1\ugcw.exe" -start
O4 - HKLM\..\Run: [Salestart] "C:\Program Files\Common Files\WinSpyControl\bm.exe" dm=http://winspycontrol.com; ad=http://winspycontrol.com
O4 - HKLM\..\RunOnce: [freinst] "C:\Program Files\WinSpyControl\pgs.exe" /empty