Spyware, Viruses, & Security

General discussion

WinWeb Security

by Robyn / December 10, 2008 4:32 AM PST

Hi,
I am using Windows XP service pack 3. Somehow got this WinWeb Security on the computer. It redirects web pages, cannot download or use any anti-spyware programs. My AVG anti virus is not picking anything up, might not be working correctly because of the WinWeb. How do I get rid of this thing. I have tried safe mode, tried looking for it in Registry, program files cannot find anything that looks like it. Must have a different name. Since I cannot download anything how do I get rid of it, other then reinstalling Windows. Tried System Restore and all the restore points are gone and cannot go back past December.

Post a reply
Discussion is locked
You are posting a reply to: WinWeb Security
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: WinWeb Security
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
How to remove Winweb Security (Uninstall Instructions)
by Marianna Schmudlach / December 10, 2008 5:12 AM PST
In reply to: WinWeb Security

Winweb Security is a rogue anti-spyware program that uses deceptive scan results as a tactic to scare you into purchasing the software. When Winweb Security is installed it will be configured to run automatically when your computer starts. Once running, the program will perform a scan and then list a variety of malware that cannot be removed until you first purchase a license of the software. The problem is, that the malware files that Winweb Security says exists on your computer, actually do not exist or are legitimate programs. This practice of showing false results is very common among rogue anti-spyware programs, and like many others, Winweb Security is using it to scare you into thinking you are infected.

Removal instructions:

http://www.bleepingcomputer.com/malware-removal/remove-winweb-security

Collapse -
WinWeb
by Robyn / December 10, 2008 5:35 AM PST

Hi. When I click on the link you gave me I get Internet Explorer cannot open. I cannot access web sites, it won't let me. Can I download the fix to another computer and then copy to a disk?

Collapse -
YES......
by Marianna Schmudlach / December 10, 2008 5:38 AM PST
In reply to: WinWeb
Can I download the fix to another computer and then copy to a disk?

Yes..... download from a different computer and rename the mbam-setup.exe installer.
Collapse -
Winweb
by Robyn / December 10, 2008 9:53 AM PST
In reply to: YES......

Hi, Thanks for all the help, but finally got it to download but it will not open.

Collapse -
rename the mbam-setup.exe installer........
by Marianna Schmudlach / December 10, 2008 10:22 AM PST
In reply to: Winweb

into someting else like f.i. your name.exe Keep the exe. in tact!

Go to the MBAM folder ( C:\Program Files\Malwarebytes' Anti-Malware) and rename the "mbam.exe" file into f.i.your name.exewithin the folder. Now doubleclick your name.exe and it should start.

Collapse -
Winweb/System Security Spyware/Virus UPDATE
by TK_N_SF / December 22, 2008 2:09 PM PST

Robyn/Marianna:

I encountered this problem on 12/22/2008 with one important difference. The purported 'product' was not named WinWeb, it was named System Security. Everything else (look, feel, list of alleged problem files, etc.) was the same.

When I booted the computer and System Security began its scan, I opened the Task Manager and noticed a file called 83314392.exe using a bunch of CPU resources. I searched for this file on my computer's hard drive and found a folder called 1372029626 containing the executable along with a few other files. The executable's icon matched System Security's logo and the folder's creation date was 12/22/2008. The search turned up another file as well located in file called 'PREFETCH.' I deleted both the folder (1372029626) and the other random file in PREFETCH and then rebooted. This solved the problem.

The interesting thing here is that the hacker has changed the name of the product from WinWeb to System Security and has buried the executable in an inconspicuous folder. The hacker will probably continue to change the name of the product so searching on the latest name will likely prove unhelpful. I am not sure how Spyware programs like the one referenced on bleepingcomputer.com will handle this. The key here is to run Task Manager whenever the rogue program is running to identify the name of the offending executable (by seeing which process is chewing up CPU resources), then search for that executable and delete the appropriate folder(s) and file(s).

Good luck everyone!

TK

Collapse -
Same issue but different numbers
by randyva / December 25, 2008 11:26 PM PST

My user had the System Security in:
Documents and settings\All users\App data\680116347 (this was folder name)

and the exe was 52049404.exe

The icon is a shield with diagonal lines on it

It was easy enough to stop the service and then delete the folder. I also searched for the numbers in registry and deleted those items

Popular Forums
icon
Computer Help 47,885 discussions
icon
Computer Newbies 10,322 discussions
icon
iPhones, iPods, & iPads 3,188 discussions
icon
Security 30,333 discussions
icon
TVs & Home Theaters 20,177 discussions
icon
HDTV Picture Setting 1,932 discussions
icon
Phones 15,713 discussions
icon
Windows 7 6,210 discussions
icon
Networking & Wireless 14,510 discussions

Tech for the holiday

Find recipes for July 4 with these foodie apps

The Fourth of July means fireworks, fun and food. If you're planning on a barbecue this weekend, we've got the apps to help you find holiday-inspired recipes.