WinBlueSoft is rogue antispyware program, new version of WiniBlueSoft scareware. WinBlueSoft uses fake alerts and false positives to trick you into buying the software and distributed through the use trojans that display a lot of security alerts stating your computer is infected and that you should download and install WinBlueSoft in order to clean your PC.
During installation, WinBlueSoft configures itself to run automatically every time, when you start your computer. In addition, the rogue configures Windows to run blocker.dll (WinBlueSoft component) every time when you start any program. blocker.dll blocks all programs except a few standart windows applications like iexplorer.exe, explorer.exe and of course winbluesoft.exe.
Once running, WinBlueSoft will scan your computer and reports false or exaggerated system security threats on the computer that cannot be removed unless you first purchase the software. All of these threats are fake, so you can safely ignore them.
WinBlueSoft and blocker.dll can be safely removed from your computer along with any other malware if the proper steps are taken. If you are a non-techie computer user then this method of removing the rogue is for you.
Symptoms in a HijackThis Log
O4 – HKLM\..\Run: [WinBlueSoft] C:\Program Files\WinBlueSoft Software\WinBlueSoft\WinBlueSoft.exe -min
Use the following instructions to remove WinBlueSoft (Uninstall instructions)
Download MalwareBytes Anti-malware (MBAM). Close all programs and Windows on your computer.
Double Click mbam-setup.exe to install the application. When the installation begins, keep following the prompts in order to continue with the installation process. Do not make any changes to default settings and when the program has finished installing, make sure a checkmark is placed next to Update Malwarebytes’ Anti-Malware and Launch Malwarebytes’ Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded you will see window similar to the one below.
Malwarebytes Anti-Malware Window
Select “Perform Quick Scan”, then click Scan. The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results. You will see a list of infected items similar as shown below. Note: list of infected items may be different than what is shown in the image below.
Malwarebytes Anti-malware, list of infected items
Make sure that everything is checked, and click Remove Selected. When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.
Note: if you need help with the instructions, then post your questions in our Spyware Removal forum.
WinBlueSoft creates the following files and folders
C:\Program Files\WinBlueSoft Software\WinBlueSoft\WinBlueSoft.exe
c:\documents and settings\all users\start menu\Programs\winbluesoft\1 WinBlueSoft.lnk
c:\documents and settings\all users\start menu\Programs\winbluesoft\2 Homepage.lnk
c:\documents and settings\all users\start menu\Programs\winbluesoft\3 Uninstall.lnk
c:\program files\winbluesoft software\winbluesoft\data.bin
c:\program files\winbluesoft software\winbluesoft\license.txt
c:\program files\winbluesoft software\winbluesoft\uninstall.exe
c:\documents and settings\all users\Desktop\WinBlueSoft.lnk
if this works, heh, was trying to get the gta multiplayer rars, well after downloading a good 80 rars, this program shuts down the computer, oh noes, warning, computer fucked up, thanks for this guide
this seems pretty good but the problem i have is i can’t even log on to the computer. will these steps work the same in safe mode. or is there some other approach i have to take using that mode.