WinBlueSoft

4 June 2009 2 Comments

WinBlueSoft is an application that belongs to a family of rogue programs. It has similar characteristics of other in its variants which produces fake warning alerts and false scan results. WinBlueSoft, commonly obtained by visiting a malicious websites or when computer got infected with Trojan Zlob and Trojan downloader. These Trojans can install rogue program without any noticeable remarks.

WinBlueSoft utilizes a “ransomware” technique that keeps itself intact inside compromised system and force victims to purchase the paid version to fix whatever troubles it provoke. Similar to other software from the same group, WinBlueSoft will display a barrage of fake security alerts in an attempt to influence user even further.

Simply ignore the rogue application. WinBlueSoft is a must-removed application. Thoroughly scan the computer using only legitimate and trusted anti-malware program that is capable of removing WinBlueSoft and all of its hidden components.

Screen Shot Image:

winbluesoft1

Technical Details and Additional Information:

Damage Level: Medium

Systems Affected: Windows 9x, 2000, XP, Vista

Malware Behavior
WinBlueSoft is so harmful that it can replace compromised computer’s desktop wallpaper background. It displays a fake warning that computer is infected and warns user of possible stolen information if the virus continues to reside on the system.

WARNING!
YOU‘RE IN DANGER!
YOUR COMPUTER IS INFECTED WITH SPYWARE!
All you do with your computer is stored forever in your hard disk. When you visit sites, send emails… All your actions are logged. And it is impossible to remove them with standard tools. Your data is still available for forensics.

Added Registry Entries:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "WinBlueSoft"
HKEY_CURRENT_USER\Software\WinBlueSoft
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WinBlueSoft
HKEY_LOCAL_MACHINE\SOFTWARE\WinBlueSoft
Associated Files and Folders:
c:\Documents and Settings\All Users\Desktop\WinBlueSoft.lnk
c:\Documents and Settings\All Users\Start Menu\Programs\WinBlueSoft
c:\Documents and Settings\All Users\Start Menu\Programs\WinBlueSoft\1 WinBlueSoft.lnk
c:\Documents and Settings\All Users\Start Menu\Programs\WinBlueSoft\2 Homepage.lnk
c:\Documents and Settings\All Users\Start Menu\Programs\WinBlueSoft\3 Uninstall.lnk
c:\Program Files\WinBlueSoft Software\WinBlueSoft\data.bin
c:\Program Files\WinBlueSoft Software\WinBlueSoft\license.txt
c:\Program Files\WinBlueSoft Software\WinBlueSoft\uninstall.exe
c:\Program Files\WinBlueSoft Software\WinBlueSoft\WinBlueSoft.exe
C:\Windows\System32\blocker.dll

How to Remove WinBlueSoft

Manual Removal Procedure

1. Kill any running process that belongs to WinBlueSoft.
- Press Ctrl+Alt+Del on your keyboard.
- When Windows Task Manager appears, look for the following files and click End Task.
WinBlueSoft.exe

2. Delete all registry entries that belong to this malware.
- Press [Windows Key]+R on your keyboard.
- In the 'Open' dialog box, type regedit. This will open registry editor.
- Find and delete the following:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "WinBlueSoft"
- Close registry editor. Changes made will be save automatically.

3. Scan the computer with antivirus program.
- Connect to Internet and open your antivirus software. Please Update to obtain the latest database and necessary files.
- Restart the computer in Safe Mode.
- Just before Windows logo begins to load press F8 on your keyboard.
- On Windows Advanced Boot Options, select Safe Mode and press Enter.

4. Delete all files dropped by WinBlueSoft.
- While still in Safe Mode, search and delete malicious files. Please refer to 'Associated Files and Folders.'

Automatic Removal of WinBlueSoft

In order to completely remove the threat, it is best to download and run Malwarebytes Anti-Malware. Sometimes, Trojans will block the downloading and installation of MBAM. If this happens, download it from a clean computer and rename the executable file before executing on the infected machine.