Capture It Plus, or popupalert.exe, is a scareware program from the Rogue.Tech-Support-Scam family that pretends to be screen capture program, but actually is designed to display a fake McAfee security alert that states your computer has a Trojan. This fake alert will state that the Adware.Win32.Look2me.ab Trojan was detected and that you should call the 1-800-245-2579 remote tech support number to receive support. This alert is worded to scare you into thinking your computer has a serious security issue even when you do not. It does this so you will call the listed number, which is for a remote support companies that will try to sell you unnecessary support services or software.
Capture It Plus and Fake McAfee Security Alert Removal Guide
Capture It Plus, or popupalert.exe, is a scareware program from the Rogue.Tech-Support-Scamfamily that pretends to be screen capture program, but actually is designed to display a fake McAfee security alert that states your computer has a Trojan. This fake alert will state that the Adware.Win32.Look2me.ab Trojan was detected and that you should call the 1-800-245-2579 remote tech support number to receive support. This alert is worded to scare you into thinking your computer has a serious security issue even when you do not. It does this so you will call the listed number, which is for a remote support companies that will try to sell you unnecessary support services or software.
When Capture It Plus is installed it will copy itself to a filename from the list below.
Without a doubt, this infection is a computer infection that you do not want on your computer. To remove the Capture It Plus scareware and related programs, please use the removal guide below to remove it and other related programs for free.
Array
View Associated Capture It Plus Files C:\Windows\System32\Tasks\PopupAlertC:\Windows\System32\PopupAlert\C:\Windows\System32\PopupAlert\po pupalert.exeC:\Windows\system32\Express\C:\Windows\system32\Express\explorer.exeC:\Windows\system32\ WindowsPowerShell\C:\Windows\system32\WindowsPowerShell\taskprocess.exeC:\Program Files (x86)\svchost.exeC:\Program Files (x86)\Task Host\taskhost.exeC:\Program Files (x86)\Explore\iexloprer.exeC:\Program Files (x86)\IIS\C:\Program Files (x86)\IIS\iis.exeC:\Program Files (x86)\Internet Explorer\C:\Program Files (x86)\Internet Explorer\internet.exe
View Associated Capture It Plus Registry Information HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\MyApplicationId [id]HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\MyApplicationTime [date_and_time]HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{60CAF78C-F90D-476E-A118-0BCC0A752336}HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\PopupAlertHKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskUserS-1-5-21-4287834998-254447837-4126873412-1000MainHKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskAdminS-1-5-21-4287834998-254447837-4126873412-1010HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskAdminTask-1-5-21-4287834998-254447837-4126873412-1010HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskAdminTask-1-5-21-4287834998-254447837-4126873412-1010MainHKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskAdminTask-1-5-21-4287834998-254447837-4126873412-1010PHKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AdGoogleUpdateTaskAdminTask-1-5-21-4287834998-254447837-4126873412-1010DHKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ZcGoogleUpdateTaskAdminTask-1-5-21-4287834998-254447837-4126873412HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\DfGoogleUpdateTaskAdminTask-1-5-21-4287834998-254447837
Click here to view the article.
Capture It Plus and Fake McAfee Security Alert Removal Guide
- Fri, 04 Mar 2016 15:47:26 EST
- Read 691 times
Capture It Plus, or popupalert.exe, is a scareware program from the Rogue.Tech-Support-Scamfamily that pretends to be screen capture program, but actually is designed to display a fake McAfee security alert that states your computer has a Trojan. This fake alert will state that the Adware.Win32.Look2me.ab Trojan was detected and that you should call the 1-800-245-2579 remote tech support number to receive support. This alert is worded to scare you into thinking your computer has a serious security issue even when you do not. It does this so you will call the listed number, which is for a remote support companies that will try to sell you unnecessary support services or software.
When Capture It Plus is installed it will copy itself to a filename from the list below.
C:\Windows\System32\PopupAlert\popupalert.exe
C:\Windows\system32\Express\explorer.exe
C:\Windows\system32\WindowsPowerShell\taskprocess.exe
C:\Program Files (x86)\svchost.exe
C:\Program Files (x86)\Task Host\taskhost.exe
C:\Program Files (x86)\Explore\iexloprer.exe
C:\Program Files (x86)\IIS\iis.exe
C:\Program Files (x86)\Internet Explorer\internet.exe
It will then create a scheduled task that will launch the executable every minute. This list of scheduled tasks that may be created are:C:\Windows\system32\Express\explorer.exe
C:\Windows\system32\WindowsPowerShell\taskprocess.exe
C:\Program Files (x86)\svchost.exe
C:\Program Files (x86)\Task Host\taskhost.exe
C:\Program Files (x86)\Explore\iexloprer.exe
C:\Program Files (x86)\IIS\iis.exe
C:\Program Files (x86)\Internet Explorer\internet.exe
PopupAlert
GoogleUpdateTaskUserS-1-5-21-4287834998-254447837-4126873412-1000Main
GoogleUpdateTaskAdminS-1-5-21-4287834998-254447837-4126873412-1010
GoogleUpdateTaskAdminTask-1-5-21-4287834998-254447837-4126873412-1010
GoogleUpdateTaskAdminTask-1-5-21-4287834998-254447837-4126873412-1010Main
GoogleUpdateTaskAdminTask-1-5-21-4287834998-254447837-4126873412-1010P
AdGoogleUpdateTaskAdminTask-1-5-21-4287834998-254447837-4126873412-1010D
ZcGoogleUpdateTaskAdminTask-1-5-21-4287834998-254447837-4126873412
DfGoogleUpdateTaskAdminTask-1-5-21-4287834998-254447837
When the executable is started, it will display an alert that displays a fake security warning from McAfee that states a Trojan has been detected. The text of this alert is:GoogleUpdateTaskUserS-1-5-21-4287834998-254447837-4126873412-1000Main
GoogleUpdateTaskAdminS-1-5-21-4287834998-254447837-4126873412-1010
GoogleUpdateTaskAdminTask-1-5-21-4287834998-254447837-4126873412-1010
GoogleUpdateTaskAdminTask-1-5-21-4287834998-254447837-4126873412-1010Main
GoogleUpdateTaskAdminTask-1-5-21-4287834998-254447837-4126873412-1010P
AdGoogleUpdateTaskAdminTask-1-5-21-4287834998-254447837-4126873412-1010D
ZcGoogleUpdateTaskAdminTask-1-5-21-4287834998-254447837-4126873412
DfGoogleUpdateTaskAdminTask-1-5-21-4287834998-254447837
McAfee | Trojan Detected
Your computer is at high risk
Virus and Spyware Protection - Not Found
Adware.Win32.Look2me.ab - Critical
Web Protection - Not Found
Threats Detected - High
System critically infected! Contact Support Immediately!
Call Support Toll Free: 1-800-245-2579
It is important to note that the Capture It Plus is installed by free programs that you download from the Internet, which did not adequately disclose that other software would be installed along with it. Therefore, it is important that you pay close attention to license agreements and installation screens when installing anything off of the Internet. If an installation screen offers you Custom or Advanced installation options, it is a good idea to select these as they will typically disclose what other 3rd party software will also be installed. Furthermore, If the license agreement or installation screens state that they are going to install a toolbar or other unwanted adware, it is advised that you immediately cancel the install and not use the free software.Your computer is at high risk
Virus and Spyware Protection - Not Found
Adware.Win32.Look2me.ab - Critical
Web Protection - Not Found
Threats Detected - High
System critically infected! Contact Support Immediately!
Call Support Toll Free: 1-800-245-2579
Without a doubt, this infection is a computer infection that you do not want on your computer. To remove the Capture It Plus scareware and related programs, please use the removal guide below to remove it and other related programs for free.
Array
View Associated Capture It Plus Files C:\Windows\System32\Tasks\PopupAlertC:\Windows\System32\PopupAlert\C:\Windows\System32\PopupAlert\po pupalert.exeC:\Windows\system32\Express\C:\Windows\system32\Express\explorer.exeC:\Windows\system32\ WindowsPowerShell\C:\Windows\system32\WindowsPowerShell\taskprocess.exeC:\Program Files (x86)\svchost.exeC:\Program Files (x86)\Task Host\taskhost.exeC:\Program Files (x86)\Explore\iexloprer.exeC:\Program Files (x86)\IIS\C:\Program Files (x86)\IIS\iis.exeC:\Program Files (x86)\Internet Explorer\C:\Program Files (x86)\Internet Explorer\internet.exe
View Associated Capture It Plus Registry Information HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\MyApplicationId [id]HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\MyApplicationTime [date_and_time]HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{60CAF78C-F90D-476E-A118-0BCC0A752336}HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\PopupAlertHKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskUserS-1-5-21-4287834998-254447837-4126873412-1000MainHKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskAdminS-1-5-21-4287834998-254447837-4126873412-1010HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskAdminTask-1-5-21-4287834998-254447837-4126873412-1010HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskAdminTask-1-5-21-4287834998-254447837-4126873412-1010MainHKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskAdminTask-1-5-21-4287834998-254447837-4126873412-1010PHKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AdGoogleUpdateTaskAdminTask-1-5-21-4287834998-254447837-4126873412-1010DHKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ZcGoogleUpdateTaskAdminTask-1-5-21-4287834998-254447837-4126873412HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\DfGoogleUpdateTaskAdminTask-1-5-21-4287834998-254447837
Click here to view the article.