What is WinSpyControl?
- Type: Spyware
- Category: Rogue Programs
- Discovered: 12 October 2007
- Removal tools: Malwarebytes' Anti-Malware, Spyware Doctor
1. Introduction
It is fake computer security software, which should be escaped. It has a feature of scaring PC owner with fictitious spyware alerts and warnings, thus pulling the victim into worthless purchase.
Fake alert notice: "If your computer is infected, you could suffer data loss, erratic PC behavior, PC freezes and crashes. Detect and remove viruses before they activate themselves on your PC to prevent all these problems. Do you want to install WinSpyControl to scan your PC for malware now? (Recommended)."
WinSpyControl fake security alerts:
Fake alert notice: "If your computer is infected, you could suffer data loss, erratic PC behavior, PC freezes and crashes. Detect and remove viruses before they activate themselves on your PC to prevent all these problems. Do you want to install WinSpyControl to scan your PC for malware now? (Recommended)."
WinSpyControl fake security alerts:
2. WinSpyControl removal tools:
- Malwarebytes' Anti-Malware (for the installation guide click here)
- Spyware Doctor (for the installation guide click here)
3. Screenshot:
4. WinSpyControl files:
IEFWBHO.dll, pg.dllbm.exe, install_en.exe (setup file), pgs.exe, ugcw.exe
5. Hijackthis entries:
O2 Entries:
O2 - BHO: CIEIntegrator Object - {7A7F202E-AF91-4889-9DD5-2FE241085CC1} - C:\Program Files\WinSpyControl\Tools\pg.dll
O2 - BHO: IEFW Object - {FAAD2038-C371-473D-86F1-5B11D39C3775} - C:\Program Files\WinSpyControl\Tools\IEFWBHO.dll
O4 Entries:
O4 - HKLM\..\Run: [WinSpyControl] C:\Program Files\WinSpyControl\pgs.exe
O4 - HKLM\..\Run: [ugcw] "C:\PROGRA~1\COMMON~1\WINSPY~1\ugcw.exe" -start
O4 - HKLM\..\Run: [Salestart] "C:\Program Files\Common Files\WinSpyControl\bm.exe" dm=http://winspycontrol.com; ad=http://winspycontrol.com
O4 - HKLM\..\RunOnce: [freinst] "C:\Program Files\WinSpyControl\pgs.exe" /empty
O2 - BHO: CIEIntegrator Object - {7A7F202E-AF91-4889-9DD5-2FE241085CC1} - C:\Program Files\WinSpyControl\Tools\pg.dll
O2 - BHO: IEFW Object - {FAAD2038-C371-473D-86F1-5B11D39C3775} - C:\Program Files\WinSpyControl\Tools\IEFWBHO.dll
O4 Entries:
O4 - HKLM\..\Run: [WinSpyControl] C:\Program Files\WinSpyControl\pgs.exe
O4 - HKLM\..\Run: [ugcw] "C:\PROGRA~1\COMMON~1\WINSPY~1\ugcw.exe" -start
O4 - HKLM\..\Run: [Salestart] "C:\Program Files\Common Files\WinSpyControl\bm.exe" dm=http://winspycontrol.com; ad=http://winspycontrol.com
O4 - HKLM\..\RunOnce: [freinst] "C:\Program Files\WinSpyControl\pgs.exe" /empty