Browsers, E-mail, & Web Apps forum

General discussion

TROJAN:Win32/Winwebsec-Looks like official Windows Security

by Susie Senior / June 23, 2009 2:13 AM PDT

I accidently became a sucker and reacted to a pop up "Security Warning"that looked like an official Windows security warning. I've tried downloading Microsoft Malaware yesterday, though it identified the virus it could not remove it. The suggestion was to try and find another virus detection program. I already have Zone Labs, Zone Alarm Security Suite, and it has not been able to detect it. It is very invasive and keeps popping up with a Security warning window about every 3 minutes. How can I get rid of this thing?

Discussion is locked
You are posting a reply to: TROJAN:Win32/Winwebsec-Looks like official Windows Security
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: TROJAN:Win32/Winwebsec-Looks like official Windows Security
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
I'll advise you to try the following programns
by xxmuppetxx / June 25, 2009 10:15 PM PDT

Firstly there's Malwarebytes' Anti-Malware which tends to be one of the best programns for this sort of it off the following link:
The second one is super anti-spyware...ideally you should have both programns on your computer because they do work well together....a plus side is there both free and don't take too much space can download it off the following link:
scan you local disk with both programns and they should be able to get rid of it...I'll like to hear back from you if unsuccessful because there are a few other things to do...

Collapse -
Resolution to Trojan Rogue Virus
by Susie Senior / June 28, 2009 7:18 AM PDT

Well--Zone Alarm finally found it! I reset my preferances to a deep, complete system scan(8.5 hrs) and sure enough there it was. Thanks for any of you who responded.

Collapse -
Feedback on the steps to remove trojan in on my XP computer
by tkipperman / March 8, 2011 10:53 AM PST

I followed your instructions to download both software programs. I ran them both and the problem is all set. Thank you very much!!!

Collapse -
Win32/Winwebsec removal
by glenda0seven / September 26, 2009 7:26 AM PDT

I got a headsup from defender that this had gotten into computer. I have an antivirus but it had apparently been disabled. Defender said it had been removed....not so. This can appear in your program data file on C/ as a string of numbers.dll eg 2745311199.dll. You will probably find it in the computers start-up directory as a new addition. It will be stared up everytime you start the computer. I just went to program data and deleted it. I am not that computer savvy but I am nosey around my own computer and found that a backdoor virus had been put in too. Which among other things is a keylogger and can take over desktop etc. This was Tr/Crypt.xpack.gen. This was hidden inside something called ctfnon.exe a bogus file in the windows file. I only found this after I had uninstalled and re-installed a new version of my antivirus program. Done with great difficulty I might add because the trojan kept interfering with accessing the download of the new version. I had almost totally lost control of my computer. The scary thing is that on later checking with logs etc. is that microsoft was the only one doing things in my computer then and was downloading and doing updates even though all updates have been switched off and they are able to do this with internet wireless turned off. I have saved some of the logs and printed them out because it looks as if they have done this via defender.

Any thoughts?

Collapse -
by IHATEVIRUSESSOMUCH / February 14, 2011 10:31 AM PST

Hey Susie,

I got this same virus the other day. AND I FIXED IT.

All you need to do is turn the computer off by Holding the Button, and then, on the reboot, when it asks you if you want to start windows normally, DO NOT. open it in safe mode. Also, disconnect the internet. Now, Search SYSTEM RESTORE and a wizard should pop up. it will guide you through the steps to restoring it to an earlier date. Now, this is important. Pick a date BEFORE YOU GOT THE VIRUS. it is better to pick a date a couple days before. now, click through to do the rest. It should take about 15-25 mins. Now, login normal. THen, go to windows security essentials from, and run a FULL SCAN. it should pop up as a severe thing, called WinWebSec (but you already knew that). Click the delete button, and then continue the scan. I am doing this right now, and it seems to be working. all my documents are still there, and the wallpaper is back to normal.

Hope this helped!!! Please tell me how it goes!!!

Collapse -
"Windows security" Virus
by Frustratedoflondon / March 4, 2011 12:23 AM PST
In reply to: READ THIS


I did exactly what you said yesterday and today it was back. You may need to run malwarebytes or spybot and see if it has really gone. It's more persistent than headlice!!!

Collapse -
still has folders
by yardbird.dana / December 12, 2011 3:03 AM PST

I did a system restore and the folders are still there. You cant delete them because they are "running." Im not tech savvy enough to delete them... I changed the file that opens one of them to paint, dont know if that will work or not...

Popular Forums
Computer Help 51,912 discussions
Computer Newbies 10,498 discussions
Laptops 20,411 discussions
Security 30,882 discussions
TVs & Home Theaters 21,253 discussions
Windows 10 1,672 discussions
Phones 16,494 discussions
Windows 7 7,855 discussions
Networking & Wireless 15,504 discussions


The most beautiful phone ever has one wildly annoying issue

The Samsung Galaxy S8's fast speeds and fantastic curved screen make it a top phone for 2017, but the annoying fingerprint reader could sour your experience.