Trojan spreads in two ways: through rogue online anti-malware scanners and through sites that utilize exploits to automatically install the trojan onto your computer without user‘s knowledge or permission. Trojan displays various security alerts:

System Restore
Critical System Notification
Remote administrator Adam1 has changed some system files of Windows OS.
Checking will take several minutes.
Please do not turn off the computer – it can lead to system crash.

Remote login request
Don’t allow access unless you clearly understand what you are doing.
Your computer received a remote login request by user: “Adam1″ from the IP <ip address>.
Deny or Allow

Remote query of terminating application
Don’t allow access unless you clearly understand what you are doing.
Your computer has received a remote query from IP <ip address> of terminating application.
Allow access or Deny Access

Remote software installation
Don’t allow access unless you clearly understand what you are doing.
Your computer has received a request from the IP <ip address> to install Zeus software.
Block Installation or Allow installation

Unable to find installed software
System was unable to find installed firewall software.

This is a fraud and none of the information should be trusted. You have to ignore all fake warning messages. Do not click on any links trojan displays on pop-ups because it is a scam and not worth spending your money. Choose decent security software and remove NetworkControl as soon as possible.

Once active, trojan makes a copy of itself in %ALLUSERSPROFILE% and then displays fake pop-up in Russian. Trojan tends to trick user into sending an SMS to receive a registration key for full installation of Adobe Flash Player application. This is a fraud. Do not believe any information this trojan displays. It only gains to get money from unwary users. You better choose decent security software and terminate the trojan that will help to get rid of annoying pop-ups.

The Fake Microsoft Windows Activation screen reads:

Microsoft Windows Activation
Microsoft Piracy Control

Your copy of Windows was activated by another user. To help reduce software piracy, please re-activate your copy of Windows now. We will ask for your billing details, but your credit card will NOT be charged. You must activate Windows before you can continue to use it. Microsoft is committed to your privacy. For more information, www.microsoft.com/privacy.

Do you want to activate Windows now?

Fake Windows Activation trojan locks up your computer, disables Task Manager and provides only two options “activate windows” or “do it later”. If you click on “do it later” your computer will simply be rebooted. For terminating this ransomware choose decent security tool or follow a removal tutorial.

Trojan-Dropper.Nemqe behaviour:

• Sets the drive to autoplay by creating autorun.inf file in its root directory. If the drive is shared across the network then other remote computers can be infected any time they try to access this share.
• Hosts file modification that may block access to the security web sites.
• Produces outbound traffic.
• Downloads/requests other files from Internet.
• Registers a Browser Helper Object.
• Contains characteristics of an identified security risk.

The fake antivirus program may be known by several names: SystemCop, QuickHealCleaner, TrustWarrior, SaveArmor, SecureVeteran, SecuritySoldier, SafeFighter, TrustSoldier, TrustFighter, SoftCop, TRE AntiVirus, SoftBarrier, BlockKeeper, BlockScanner, BlockProtector, SystemFighter, SystemVeteran, SystemWarrior, AntiAID, WinBlueSoft, WiniBlueSoft, Winishield, SaveKeep, WiniFighter, TrustNinja, SaveDefense, BlockDefense, SaveSoldier, WiniShield, SafetyKeeper, SoftSafeness, SafeDefender, Trustcop, SecureWarrior, SecureFighter, SoftSoldier, SoftVeteran, SoftStronghold, ShieldSafeness, Antiadd, AntiKeep, AntiTroy, SiteAdware, IguardPC, GuardPCs, TheDefend, SysDefence, ProtectPCs, APCProtect, GreatDefender, PCsProtector, PCProtectar, InSysSecure, SysDefenders.

Aliases: Trojan.Win32.FakeSmoke [Ikarus], Trojan:Win32/FakeSmoke [Microsoft], FakeAlert-IT [McAfee], Win32/WinBlueSoft.A [CA], Trojan-Downloader.Win32.FraudLoad.vtgpk [Kaspersky]

Aliases:Trojan.Zbot [Ikarus], Infostealer.Banker.C [Symantec], PWS:Win32/Zbot.gen [Microsoft]

Aliases:Trojan-PSW.Gampass [PCTools], Infostealer.Gampass [Symantec], Backdoor.Win32.Inject.bus [Kaspersky Lab], Trojan-PSW.Win32.Dytka.ax [Kaspersky Lab

WINDOWS SECURITY ALERT!
Lsas.Trojan-Spy.DOS.Keycopy is suspected to have infected your PC.
This type of virus intercepts entered data and transmits it to a remote server.
Windows Internet Explorer 8
“C:\WINDOWS\ie8\spuninst
Data interception was detected while visiting a website: http://

This is a fake security warning that should be taken only as a sign that your computer is infected with Malware Destructor 2009 which is an actual system virus. In order to remove Malware Destructor 2009 from your computer please follow the instructions bellow.

Don’t trust SystemSecurity and don’t pay for deleting a trojan which doesn’t even exist.

Click here to remove System Security scam.

SystemSecurity is a fake anti-spyware; it reports fake infections in order to make people interested in buying a license of the program. If you see pop-ups about Zserv.Transponder.Trojan on your screen, it’s a sign of malware infection. Remove System security to get rid of the pop-ups.

Follow this link to remove System Security scam.

Run antispyware scan if you notice new applications installed without your permission.