0scan.us
0scan.us is a malicious site that's used for distributing members of the WinWebSec family of fraudulent anti-malware scanners, including such members as System Security, Personal Shield Pro and the (fake) MS Removal Tool. Contact with 0scan.us usually results in a virtual 'system scan' that actually is just a simulation designed to make you download and install a member of the Winwebsec family of scamware, although SpywareRemove.com malware experts warn that 0scan.us also may automatically install its payload through a browser exploit. Software and system scans related to 0scan.us always should be assumed to be both intentionally deceptive and outright malicious, and legitimate anti-malware software should be engaged to clean up after any infection related to your browser loading 0scan.us.
0scan.us: How a Zero for Your PC's Safety Can Equal Positive Numbers in a Criminal Bank Account
Any visit to 0scan.us will result in your browser loading a window that's reminiscent of the 'My Computer' window, albeit with the unusual addition of what looks like (but, in fact, is not) an ongoing system scan. 0scan.us's simulated scan will 'detect' various PC threats, including some high-level ones like backdoor Trojans, and proceed to ask you to remove them... but trying to do so only will cause you to download the scamware that 0scan.us is peddling.
This attack is a typical strategy used to distribute rogue security software, and may be implemented through malicious redirects on hostile sites, the presence of a browser hijacker that alters your browser's behavior, redirects from innocent but hacked sites, and lastly, even some forms of online advertisements. SpywareRemove.com malware experts have confirmed 0scan.us's payload as one of many possible variants of a member of the Winwebsec family, a large family of fake anti-malware and security products.
Symptoms related to any 0scan.us infection usually include:
- Pop-up warnings and related system information presentations that alert you to real-looking but fake infections, as well as some related system damage.
- Being unable to access most other programs on your computer, which are blocked by the scamware security product under the claim that it's protecting your PC (such as by claiming that the blocked program has been compromised by a virus).
The goal of any fake anti-malware product, including those installed through 0scan.us, is to steal your money by asking you to go through a fake 'registration' service. Since even a successful attempt at registering these programs will not help your computer, SpywareRemove.com malware researchers warn that you never should transfer money or personal information to companies affiliated with confirmed scamware products.
Scanning Your Way Out of the Fake Scanner Blues
While the Winwebsec group of fake anti-malware products continues to undergo regular development, SpywareRemove.com malware analysts warn that you should be particularly cautious around confirmed members of its group, such as Essential Cleaner, Security Shield, Winweb Security, System Progressive Protection and Personal Shield Pro. Ordinarily, 0scan.us will attempt to convince you to install these programs intentionally, but 0scan.us also may host a browser exploit to force the installation regardless – which many other scamware-affiliated sites have been prone to abusing.
If your browser loads 0scan.us at all, SpywareRemove.com malware experts recommend that you use a real anti-malware product to scan your PC and remove all detected PC threats. You can use commonly-accessible security techniques to disable any malicious software beforehand in the event of malware related to 0scan.us blocking any needed programs. Rebooting into Safe Mode or booting from any peripheral hard drive are two of the most popular methods.
Technical Details
File System Modifications
%\Documents and Settings%\All Users\Application Data\00308937\00308937.exe
File name: %\Documents and Settings%\All Users\Application Data\00308937\00308937.exeFile type: Executable File
Mime Type: unknown/exe
%\Documents and Settings%\All Users\Application Data\00308937\config.udb
File name: %\Documents and Settings%\All Users\Application Data\00308937\config.udbMime Type: unknown/udb
%\Documents and Settings%\All Users\Application Data\00308937\pc00308937ins
File name: %\Documents and Settings%\All Users\Application Data\00308937\pc00308937ins%UserProfile%\Desktop\System Security 2009.lnk
File name: %UserProfile%\Desktop\System Security 2009.lnkFile type: Shortcut
Mime Type: unknown/lnk
%UserProfile%\Start Menu\Programs\System Security\System Security 2009 Support.lnk
File name: %UserProfile%\Start Menu\Programs\System Security\System Security 2009 Support.lnkFile type: Shortcut
Mime Type: unknown/lnk
%UserProfile%\Start Menu\Programs\System Security\System Security 2009.lnk
File name: %UserProfile%\Start Menu\Programs\System Security\System Security 2009.lnkFile type: Shortcut
Mime Type: unknown/lnk
Registry Modifications
HKEY..\..\..\..{Subkeys}HKEY_LOCAL_MACHINE\Software\00308937HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\..{RunKeys}HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run "00308937"HKEY_LOCAL_MACHINE\Software\[APPLICATION]\Microsoft\Windows\CurrentVersion\Uninstall..{Uninstaller}SystemSecurity2009
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.